Message-ID: <1467102608.6850.196.camel@edumazet-glaptop3.roam.corp.google.com>
Date:	Tue, 28 Jun 2016 10:30:08 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	David Miller <davem@...emloft.net>
Cc:	netdev <netdev@...r.kernel.org>,
	Dan Carpenter <dan.carpenter@...cle.com>
Subject: [PATCH net-next] net_sched: netem: do not call qdisc_drop() with a
 NULL skb

From: Eric Dumazet <edumazet@...gle.com>

If skb_unshare() fails, we call qdisc_drop() with a NULL skb, which
is no longer supported.

Fixes: 520ac30f4551 ("net_sched: drop packets after root qdisc lock is released")
Signed-off-by: Eric Dumazet <edumazet@...gle.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
---
 net/sched/sch_netem.c |   12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c
index ccca8ca4c722c603e8b8e6052eead51243e590b5..6eac3d8800480a4c463ae8d3b78a4fcfeec8165b 100644
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -487,10 +487,14 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch,
 		skb = segs;
 		segs = segs->next;
 
-		if (!(skb = skb_unshare(skb, GFP_ATOMIC)) ||
-		    (skb->ip_summed == CHECKSUM_PARTIAL &&
-		     skb_checksum_help(skb))) {
-			rc = qdisc_drop(skb, sch, to_free);
+		skb = skb_unshare(skb, GFP_ATOMIC);
+		if (unlikely(!skb)) {
+			qdisc_qstats_drop(sch);
+			goto finish_segs;
+		}
+		if (skb->ip_summed == CHECKSUM_PARTIAL &&
+		    skb_checksum_help(skb)) {
+			qdisc_drop(skb, sch, to_free);
 			goto finish_segs;
 		}
 

Powered by blists - more mailing lists