Revision e7820e39b7d19b9fe1928fc19de9361b44150ca6 authored by Eric Dumazet on 21 November 2014, 19:47:16 UTC, committed by David S. Miller on 21 November 2014, 20:26:32 UTC
Not sure what I was thinking, but doing anything after
releasing a refcount is suicidal or/and embarrassing.
By the time we set skb->fclone to SKB_FCLONE_FREE, another cpu
could have released last reference and freed whole skb.
We potentially corrupt memory or trap if CONFIG_DEBUG_PAGEALLOC is set.
Reported-by: Chris Mason <clm@fb.com>
Fixes: ce1a4ea3f1258 ("net: avoid one atomic operation in skb_clone()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 892d6eb
| File | Mode | Size |
|---|---|---|
| devices | ||
| switches | ||
| Kconfig | -rw-r--r-- | 2.2 KB |
| Makefile | -rw-r--r-- | 312 bytes |
| rio-access.c | -rw-r--r-- | 5.5 KB |
| rio-driver.c | -rw-r--r-- | 6.6 KB |
| rio-scan.c | -rw-r--r-- | 32.5 KB |
| rio-sysfs.c | -rw-r--r-- | 8.4 KB |
| rio.c | -rw-r--r-- | 53.6 KB |
| rio.h | -rw-r--r-- | 2.4 KB |
Computing file changes ...
