| Message ID | 20161220023812.5999-1-Larry.Finger@lwfinger.net (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 22b68b93ae2506bd56ee3bf232a51bc8ab955b56 |
| Delegated to: | Kalle Valo |
| Headers | show |
Larry Finger <Larry.Finger@lwfinger.net> writes: > With commit e49656147359 {"rtlwifi: Use dev_kfree_skb_irq instead of > kfree_skb"), the method used to free an skb was changed because the > kfree_skb() was inside a spinlock. What was forgotten is that kfree_skb() > guards against a NULL value for the argument. Routine dev_kfree_skb_irq() > does not, and a test is needed to prevent kernel panics. > > Fixes: commit e49656147359 {"rtlwifi: Use dev_kfree_skb_irq instead of kfree_skb") This should be: Fixes: e49656147359 ("rtlwifi: Use dev_kfree_skb_irq instead of kfree_skb") > Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> > Cc: Stable <stable@vger.kernel.org> (4.9+) And this: Cc: Stable <stable@vger.kernel.org> # 4.9+ I can fix both of them. > Cc: Wei Yongjun <weiyongjun1@huawei.com> > --- > Kalle, > > This change should be sent to mainline during the 4.10 merge period, > or as soon as possible. Ok, I'll queue this to 4.10. Most likely I'll send a pull request to Dave later this week or so.
On 12/20/2016 05:21 AM, Kalle Valo wrote: > Larry Finger <Larry.Finger@lwfinger.net> writes: > >> With commit e49656147359 {"rtlwifi: Use dev_kfree_skb_irq instead of >> kfree_skb"), the method used to free an skb was changed because the >> kfree_skb() was inside a spinlock. What was forgotten is that kfree_skb() >> guards against a NULL value for the argument. Routine dev_kfree_skb_irq() >> does not, and a test is needed to prevent kernel panics. >> >> Fixes: commit e49656147359 {"rtlwifi: Use dev_kfree_skb_irq instead of kfree_skb") > > This should be: > > Fixes: e49656147359 ("rtlwifi: Use dev_kfree_skb_irq instead of kfree_skb") > >> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> >> Cc: Stable <stable@vger.kernel.org> (4.9+) > > And this: > > Cc: Stable <stable@vger.kernel.org> # 4.9+ > > I can fix both of them. > >> Cc: Wei Yongjun <weiyongjun1@huawei.com> >> --- >> Kalle, >> >> This change should be sent to mainline during the 4.10 merge period, >> or as soon as possible. > > Ok, I'll queue this to 4.10. Most likely I'll send a pull request to > Dave later this week or so. Thanks for the suggested changes, and for the quick action. Larry
Larry Finger <Larry.Finger@lwfinger.net> wrote: > With commit e49656147359 {"rtlwifi: Use dev_kfree_skb_irq instead of > kfree_skb"), the method used to free an skb was changed because the > kfree_skb() was inside a spinlock. What was forgotten is that kfree_skb() > guards against a NULL value for the argument. Routine dev_kfree_skb_irq() > does not, and a test is needed to prevent kernel panics. > > Fixes: e49656147359 ("rtlwifi: Use dev_kfree_skb_irq instead of kfree_skb") > Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> > Cc: Stable <stable@vger.kernel.org> # 4.9+ > Cc: Wei Yongjun <weiyongjun1@huawei.com> Patch applied to wireless-drivers.git, thanks. 22b68b93ae25 rtlwifi: Fix kernel oops introduced with commit e49656147359
diff --git a/drivers/net/wireless/realtek/rtlwifi/core.c b/drivers/net/wireless/realtek/rtlwifi/core.c index 955055b..df8b977 100644 --- a/drivers/net/wireless/realtek/rtlwifi/core.c +++ b/drivers/net/wireless/realtek/rtlwifi/core.c @@ -1823,7 +1823,8 @@ bool rtl_cmd_send_packet(struct ieee80211_hw *hw, struct sk_buff *skb) spin_lock_irqsave(&rtlpriv->locks.irq_th_lock, flags); pskb = __skb_dequeue(&ring->queue); - dev_kfree_skb_irq(pskb); + if (pskb) + dev_kfree_skb_irq(pskb); /*this is wrong, fill_tx_cmddesc needs update*/ pdesc = &ring->desc[0];
With commit e49656147359 {"rtlwifi: Use dev_kfree_skb_irq instead of kfree_skb"), the method used to free an skb was changed because the kfree_skb() was inside a spinlock. What was forgotten is that kfree_skb() guards against a NULL value for the argument. Routine dev_kfree_skb_irq() does not, and a test is needed to prevent kernel panics. Fixes: commit e49656147359 {"rtlwifi: Use dev_kfree_skb_irq instead of kfree_skb") Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> (4.9+) Cc: Wei Yongjun <weiyongjun1@huawei.com> --- Kalle, This change should be sent to mainline during the 4.10 merge period, or as soon as possible. Thanks, Larry --- drivers/net/wireless/realtek/rtlwifi/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)