| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <46C0B6FD.7020701@goop.org> Date: Mon, 13 Aug 2007 12:54:37 -0700 From: Jeremy Fitzhardinge <jeremy@...p.org> To: Jeff Garzik <jeff@...zik.org> CC: NetDev <netdev@...r.kernel.org>, Keir Fraser <keir@...source.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: [PATCH] xen-netfront: Avoid deref'ing skbafter it is potentially freed. xennet_tx_bug_gc can free the skb before we use it, so make sure we don't. Jeff, this is -rc material. Signed-off-by: Keir Fraser <keir@...source.com> Signed-off-by: Jeremy Fitzhardinge <jeremy@...source.com> Cc: Jeff Garzik <jeff@...zik.org> diff -r 8bfc43f6d1b0 drivers/net/xen-netfront.c --- a/drivers/net/xen-netfront.c Tue Aug 07 14:26:30 2007 -0700 +++ b/drivers/net/xen-netfront.c Mon Aug 13 09:39:15 2007 -0700 @@ -566,15 +566,16 @@ static int xennet_start_xmit(struct sk_b if (notify) notify_remote_via_irq(np->netdev->irq); + np->stats.tx_bytes += skb->len; + np->stats.tx_packets++; + + /* Note: It is not safe to access skb after xennet_tx_buf_gc()! */ xennet_tx_buf_gc(dev); if (!netfront_tx_slot_available(np)) netif_stop_queue(dev); spin_unlock_irq(&np->tx_lock); - - np->stats.tx_bytes += skb->len; - np->stats.tx_packets++; return 0; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists