]> git.baikalelectronics.ru Git - kernel.git/commit
ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
authorLv Yunlong <lyl2019@mail.ustc.edu.cn>
Sun, 2 May 2021 11:58:18 +0000 (04:58 -0700)
committerDavid S. Miller <davem@davemloft.net>
Mon, 3 May 2021 20:23:00 +0000 (13:23 -0700)
commit8dc402ba431c2ca6d36e56c794a8194fe972953b
tree662d13f0b28ed1a4641fd7efd0e984f55dce6b82
parentcd6ebf4c4997bbe682c13e36ad00a7eb677d891f
ethernet:enic: Fix a use after free bug in enic_hard_start_xmit

In enic_hard_start_xmit, it calls enic_queue_wq_skb(). Inside
enic_queue_wq_skb, if some error happens, the skb will be freed
by dev_kfree_skb(skb). But the freed skb is still used in
skb_tx_timestamp(skb).

My patch makes enic_queue_wq_skb() return error and goto spin_unlock()
incase of error. The solution is provided by Govind.
See https://lkml.org/lkml/2021/4/30/961.

Fixes: 4547f94d01d11 ("enic: add sw timestamp support")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Acked-by: Govindarajulu Varadarajan <gvaradar@cisco.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/cisco/enic/enic_main.c