diff mbox

[04/15] fm10k: fix incorrect free on skb in ts_tx_enqueue

Message ID 1433372201-12007-4-git-send-email-jacob.e.keller@intel.com
State Superseded
Headers show

Commit Message

Jacob Keller June 3, 2015, 10:56 p.m. UTC
This patch resolves a bug in the ts_tx_enqueue code responsible for a
NULL pointer dereference and invalid access of the skb list. We
incorrectly freed the actual skb we found instead of our copy. Thus the
skb queue is essentially invalidated. Resolve this by freeing our clone
in the cases where we did not add it to the queue. This also avoids the
skb memory leak caused by failure to free the clone.

[  589.719320] BUG: unable to handle kernel NULL pointer dereference at           (null)
[  589.722344] IP: [<ffffffffa0310e60>] fm10k_ts_tx_subtask+0xb0/0x160 [fm10k]
[  589.723796] PGD 0
[  589.725228] Oops: 0000 [#1] SMP

Change-Id: If0ba5033d70f523e624d928bdfc3700ce5e003af
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Change-type: Defect
Complexity: High
Customer-visible: Yes
---
 drivers/net/ethernet/intel/fm10k/fm10k_ptp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox

Patch

diff --git a/drivers/net/ethernet/intel/fm10k/fm10k_ptp.c b/drivers/net/ethernet/intel/fm10k/fm10k_ptp.c
index 448d60ae98ce..f1dcf2e377c7 100644
--- a/drivers/net/ethernet/intel/fm10k/fm10k_ptp.c
+++ b/drivers/net/ethernet/intel/fm10k/fm10k_ptp.c
@@ -79,7 +79,7 @@  void fm10k_ts_tx_enqueue(struct fm10k_intfc *interface, struct sk_buff *skb)
 
 	/* if list is already has one then we just free the clone */
 	if (skb)
-		kfree_skb(skb);
+		dev_kfree_skb(clone);
 }
 
 void fm10k_ts_tx_hwtstamp(struct fm10k_intfc *interface, __le16 dglort,