| To: | scott.feldman@xxxxxxxxx |
|---|---|
| Subject: | [PATCH] fix use after free in e100 |
| From: | Martin Josefsson <gandalf@xxxxxxxxxxxxxx> |
| Date: | 02 Jun 2003 01:04:58 +0200 |
| Cc: | netdev@xxxxxxxxxxx |
| Organization: | |
| Sender: | netdev-bounce@xxxxxxxxxxx |
Hi Scott.
Here's a fix for a use-after-free in the e100 driver.
You can't touch the skb after a call to netif_rx(), it might have been
free'd. Caught with Manfred's unmap-page-debugging patch in -mm.
Applies to both 2.4 and 2.5
--- linux-2.5.69-mm9/drivers/net/e100/e100_main.c.orig 2003-06-02
00:48:13.000000000 +0200
+++ linux-2.5.69-mm9/drivers/net/e100/e100_main.c 2003-06-02
00:50:09.000000000 +0200
@@ -2052,13 +2052,14 @@
skb->ip_summed = CHECKSUM_NONE;
}
+ bdp->drv_stats.net_stats.rx_bytes += skb->len;
+
if(bdp->vlgrp && (rfd_status & CB_STATUS_VLAN)) {
vlan_hwaccel_rx(skb, bdp->vlgrp,
be16_to_cpu(rfd->vlanid));
} else {
netif_rx(skb);
}
dev->last_rx = jiffies;
- bdp->drv_stats.net_stats.rx_bytes += skb->len;
rfd_cnt++;
} /* end of rfd loop */
--
/Martin
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: ipsec / pppoe, James Morris |
|---|---|
| Next by Date: | Re: Route cache performance under stress, Robert Olsson |
| Previous by Thread: | ipsec / pppoe, Andreas Jellinghaus |
| Next by Thread: | RE: [PATCH] fix use after free in e100, Feldman, Scott |
| Indexes: | [Date] [Thread] [Top] [All Lists] |