From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Ahmed S. Darwish" Subject: Re: [PATCH v2 1/4] can: kvaser_usb: Don't free packets when tight on URBs Date: Thu, 25 Dec 2014 11:38:58 +0200 Message-ID: <20141225093858.GA26583@vivalin-002> References: <20141223154654.GB6460@vivalin-002> <20141224235644.GA3778@vivalin-002> <20141225025011.GA10491@kroah.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Olivier Sobrie , Oliver Hartkopp , Wolfgang Grandegger , Marc Kleine-Budde , "David S. Miller" , Paul Gortmaker , Linux-CAN , netdev , Linux-stable , LKML To: Greg KH Return-path: Content-Disposition: inline In-Reply-To: <20141225025011.GA10491@kroah.com> Sender: linux-can-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Wed, Dec 24, 2014 at 06:50:11PM -0800, Greg KH wrote: > On Thu, Dec 25, 2014 at 01:56:44AM +0200, Ahmed S. Darwish wrote: > > From: Ahmed S. Darwish > > > > Flooding the Kvaser CAN to USB dongle with multiple reads and > > writes in high frequency caused seemingly-random panics in the > > kernel. > > > > On further inspection, it seems the driver erroneously freed the > > to-be-transmitted packet upon getting tight on URBs and returning > > NETDEV_TX_BUSY, leading to invalid memory writes and double frees > > at a later point in time. > > > > Note: > > > > Finding no more URBs/transmit-contexts and returning NETDEV_TX_BUSY > > is a driver bug in and out of itself: it means that our start/stop > > queue flow control is broken. > > > > This patch only fixes the (buggy) error handling code; the root > > cause shall be fixed in a later commit. > > > > Signed-off-by: Ahmed S. Darwish > > --- > > drivers/net/can/usb/kvaser_usb.c | 12 ++++++------ > > 1 file changed, 6 insertions(+), 6 deletions(-) > > > > (Marc, Greg, I believe this should also be added to -stable?) > > > > > This is not the correct way to submit patches for inclusion in the > stable kernel tree. Please read Documentation/stable_kernel_rules.txt > for how to do this properly. > > Note taken. Sorry about that ;-)