Message ID | 4DA47247.20700@trash.net |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
On Tue, 12 Apr 2011, Patrick McHardy wrote: > On 12.04.2011 14:49, Patrick McHardy wrote: > > On 12.04.2011 00:06, Evgeniy Polyakov wrote: > >> Hi. > >> > >> On Mon, Apr 11, 2011 at 05:07:47PM -0400, Eric B Munson (emunson@mgebm.net) wrote: > >>>> I can't figure this out, the only thing that should have changed is the > >>>> time the initial PROC_CN_MCAST_LISTEN message is received. Apparently > >>>> at that point connector is not fully initialized yet. Please post your > >>>> config and the full boot log. Thanks. > >>>> > >>> > >>> I am still seeing this on Linus' tree, is there anything more I can do to help > >>> track the problem? > > > > Sorry, I had a hardware failure, I'm back working on this now. > > > >> Patrick, do you need my assist on this bug? > > > > Thanks, but I can meanwhile reproduce the problem, so I think I > > should have a fix soon. > > I think this patch should fix the problem. Eric, could you please > give it a try? This has me up and running again, thanks! Tested-by: Eric B Munson <emunson@mgebm.net> > > > > commit ad676e0dbbe8658ce46e192f449689bf3011bdf5 > Author: Patrick McHardy <kaber@trash.net> > Date: Tue Apr 12 17:37:04 2011 +0200 > > connector: fix skb double free in cn_rx_skb() > > When a skb is delivered to a registered callback, cn_call_callback() > incorrectly returns -ENODEV after freeing the skb, causing cn_rx_skb() > to free the skb a second time. > > Reported-by: Eric B Munson <emunson@mgebm.net> > Signed-off-by: Patrick McHardy <kaber@trash.net> > > diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c > index d770058..219d88a 100644 > --- a/drivers/connector/connector.c > +++ b/drivers/connector/connector.c > @@ -142,6 +142,7 @@ static int cn_call_callback(struct sk_buff *skb) > cbq->callback(msg, nsp); > kfree_skb(skb); > cn_queue_release_callback(cbq); > + err = 0; > } > > return err;
From: Patrick McHardy <kaber@trash.net> Date: Tue, 12 Apr 2011 17:39:51 +0200 > I think this patch should fix the problem. Eric, could you please > give it a try? Applied, thanks everyone. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
commit ad676e0dbbe8658ce46e192f449689bf3011bdf5 Author: Patrick McHardy <kaber@trash.net> Date: Tue Apr 12 17:37:04 2011 +0200 connector: fix skb double free in cn_rx_skb() When a skb is delivered to a registered callback, cn_call_callback() incorrectly returns -ENODEV after freeing the skb, causing cn_rx_skb() to free the skb a second time. Reported-by: Eric B Munson <emunson@mgebm.net> Signed-off-by: Patrick McHardy <kaber@trash.net> diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c index d770058..219d88a 100644 --- a/drivers/connector/connector.c +++ b/drivers/connector/connector.c @@ -142,6 +142,7 @@ static int cn_call_callback(struct sk_buff *skb) cbq->callback(msg, nsp); kfree_skb(skb); cn_queue_release_callback(cbq); + err = 0; } return err;