From: Marc Kleine-Budde <mkl@pengutronix.de>
To: netdev@vger.kernel.org
Cc: davem@davemloft.net, linux-can@vger.kernel.org,
kernel@pengutronix.de, Marc Kleine-Budde <mkl@pengutronix.de>,
Oliver Hartkopp <socketcan@hartkopp.net>
Subject: [PATCH 05/12] can: slcan: don't touch skb after netif_rx_ni()
Date: Wed, 15 Jul 2015 09:09:42 +0200 [thread overview]
Message-ID: <1436944189-26618-6-git-send-email-mkl@pengutronix.de> (raw)
In-Reply-To: <1436944189-26618-1-git-send-email-mkl@pengutronix.de>
There is no guarantee that the skb is in the same state after calling
net_receive_skb() or netif_rx(). It might be freed or reused. Not really
harmful as its a read access, except you turn on the proper debugging options
which catch a use after free.
Cc: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
---
drivers/net/can/slcan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/can/slcan.c b/drivers/net/can/slcan.c
index a23a7af8eb9a..9a3f15cb7ef4 100644
--- a/drivers/net/can/slcan.c
+++ b/drivers/net/can/slcan.c
@@ -218,10 +218,10 @@ static void slc_bump(struct slcan *sl)
memcpy(skb_put(skb, sizeof(struct can_frame)),
&cf, sizeof(struct can_frame));
- netif_rx_ni(skb);
sl->dev->stats.rx_packets++;
sl->dev->stats.rx_bytes += cf.can_dlc;
+ netif_rx_ni(skb);
}
/* parse tty input stream */
--
2.1.4
next prev parent reply other threads:[~2015-07-15 7:09 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-15 7:09 pull-request: can 2015-07-15 Marc Kleine-Budde
2015-07-15 7:09 ` [PATCH 01/12] can: at91_can: don't touch skb after netif_receive_skb()/netif_rx() Marc Kleine-Budde
2015-07-15 7:09 ` [PATCH 02/12] can: flexcan: don't touch skb after netif_receive_skb() Marc Kleine-Budde
2015-07-15 7:09 ` [PATCH 03/12] can: bfin_can: don't touch skb after netif_rx() Marc Kleine-Budde
2015-07-15 7:09 ` [PATCH 04/12] can: grcan: " Marc Kleine-Budde
2015-07-15 7:09 ` Marc Kleine-Budde [this message]
2015-07-15 7:09 ` [PATCH 06/12] can: ti_heccn: " Marc Kleine-Budde
2015-07-15 7:09 ` [PATCH 07/12] can: cc770: " Marc Kleine-Budde
2015-07-15 7:09 ` [PATCH 08/12] can: sja1000: " Marc Kleine-Budde
2015-07-15 7:09 ` [PATCH 09/12] can: esd_usb2: " Marc Kleine-Budde
2015-07-15 7:09 ` [PATCH 10/12] can: ems_usb: " Marc Kleine-Budde
2015-07-15 7:09 ` [PATCH 11/12] can: usb_8dev: " Marc Kleine-Budde
2015-07-15 7:09 ` [PATCH 12/12] can: pcan_usb: " Marc Kleine-Budde
2015-07-16 0:27 ` pull-request: can 2015-07-15 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1436944189-26618-6-git-send-email-mkl@pengutronix.de \
--to=mkl@pengutronix.de \
--cc=davem@davemloft.net \
--cc=kernel@pengutronix.de \
--cc=linux-can@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=socketcan@hartkopp.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).