diff options
| author | Jacob Keller <jacob.e.keller@intel.com> | 2015-06-03 16:31:01 -0700 |
|---|---|---|
| committer | Jeff Kirsher <jeffrey.t.kirsher@intel.com> | 2015-06-17 14:20:36 -0700 |
| commit | c23544b196e72716244108fb173f2965e9eafd1a (patch) | |
| tree | 2c9bdc11748497f6badee63c8854f77f09f85142 | |
| parent | e075996ebd14dcd3d1a45172316141fe26d891fa (diff) | |
| download | linux-c23544b196e72716244108fb173f2965e9eafd1a.tar.gz | |
fm10k: fix incorrect free on skb in ts_tx_enqueue
This patch resolves a bug in the ts_tx_enqueue code responsible for a NULL pointer dereference and invalid access of the skb list. We incorrectly freed the actual skb we found instead of our copy. Thus the skb queue is essentially invalidated. Resolve this by freeing our clone in the cases where we did not add it to the queue. This also avoids the skb memory leak caused by failure to free the clone. [ 589.719320] BUG: unable to handle kernel NULL pointer dereference at (null) [ 589.722344] IP: [<ffffffffa0310e60>] fm10k_ts_tx_subtask+0xb0/0x160 [fm10k] [ 589.723796] PGD 0 [ 589.725228] Oops: 0000 [#1] SMP Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Tested-by: Krishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
| -rw-r--r-- | drivers/net/ethernet/intel/fm10k/fm10k_ptp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/ethernet/intel/fm10k/fm10k_ptp.c b/drivers/net/ethernet/intel/fm10k/fm10k_ptp.c index 39b832889b75..b4945e8abe03 100644 --- a/drivers/net/ethernet/intel/fm10k/fm10k_ptp.c +++ b/drivers/net/ethernet/intel/fm10k/fm10k_ptp.c @@ -79,7 +79,7 @@ void fm10k_ts_tx_enqueue(struct fm10k_intfc *interface, struct sk_buff *skb) /* if list is already has one then we just free the clone */ if (skb) - kfree_skb(skb); + dev_kfree_skb(clone); } void fm10k_ts_tx_hwtstamp(struct fm10k_intfc *interface, __le16 dglort, |