projects / wrapfs-3.14.y.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 85099be)
liquidio: read sc->iq_no before release sc
authorPan Bian <bianpan2016@163.com>
Wed, 28 Nov 2018 23:54:22 +0000 (07:54 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 21 Dec 2018 13:15:17 +0000 (14:15 +0100)
[ Upstream commit c0f53771ba45745e5870daf880127925c93f232f ]

The function lio_vf_rep_packet_sent_callback releases the occupation of
sc via octeon_free_soft_command. sc should not be used after that.
Unfortunately, sc->iq_no is read. To fix this, the patch stores sc->iq_no
into a local variable before releasing sc and then uses the local variable
instead of sc->iq_no.

Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c patch | blob | history

diff --git a/drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c b/drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c
index ddd7431579f4e6d51a335d9336074268f62fce8f..c99b59fe4c8fb0f1555d166048d2a0dfc1329b76 100644 (file)
--- a/drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c
@@ -367,13 +367,15 @@ lio_vf_rep_packet_sent_callback(struct octeon_device *oct,
        struct octeon_soft_command *sc = (struct octeon_soft_command *)buf;
        struct sk_buff *skb = sc->ctxptr;
        struct net_device *ndev = skb->dev;
+       u32 iq_no;
 
        dma_unmap_single(&oct->pci_dev->dev, sc->dmadptr,
                         sc->datasize, DMA_TO_DEVICE);
        dev_kfree_skb_any(skb);
+       iq_no = sc->iq_no;
        octeon_free_soft_command(oct, sc);
 
-       if (octnet_iq_is_full(oct, sc->iq_no))
+       if (octnet_iq_is_full(oct, iq_no))
                return;
 
        if (netif_queue_stopped(ndev))
wrapfs-3.14.y