Home » Mailing list archives » linux-kernel » 2007 » December » 9

[PATCH 1/3] Fix use of skb after netif_rx

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Julia Lawall <julia@...>
To: <jdike@...>, <wangchen@...>, <linux-kernel@...>, <kernel-janitors@...>
Subject: [PATCH 1/3] Fix use of skb after netif_rx
Date: Sunday, December 9, 2007 - 4:02 pm

From: Julia Lawall <julia@diku.dk>

Recently, Wang Chen submitted a patch
(d30f53aeb31d453a5230f526bea592af07944564) to move a call to netif_rx(skb)
after a subsequent reference to skb, because netif_rx may call kfree_skb on
its argument.  The same problem occurs in some other drivers as well.

This was found using the following semantic match.
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@@
expression skb, e,e1;
@@

(
 netif_rx(skb);
|
 netif_rx_ni(skb);
)
  ... when != skb = e
(
  skb = e1
|
* skb
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
---

diff a/arch/um/drivers/net_kern.c b/arch/um/drivers/net_kern.c
--- a/arch/um/drivers/net_kern.c	2007-11-15 15:09:36.000000000 +0100
+++ b/arch/um/drivers/net_kern.c	2007-12-05 19:01:14.000000000 +0100
@@ -98,10 +98,10 @@ static int uml_net_rx(struct net_device 
 	if (pkt_len > 0) {
 		skb_trim(skb, pkt_len);
 		skb->protocol = (*lp->protocol)(skb);
-		netif_rx(skb);
 
 		lp->stats.rx_bytes += skb->len;
 		lp->stats.rx_packets++;
+		netif_rx(skb);
 		return pkt_len;
 	}
 
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH 1/3] Fix use of skb after netif_rx, Julia Lawall, (Sun Dec 9, 4:02 pm)
Re: [PATCH 1/3] Fix use of skb after netif_rx, David Miller, (Mon Dec 10, 9:15 pm)
Re: [PATCH 1/3] Fix use of skb after netif_rx, Jeff Dike, (Mon Dec 10, 2:03 pm)