[PATCH net] virtio-net: don't free skb immediately on kick failure

[Jason Wang]

We free the skb immediately on kick failure during xmit without detaching it
from the virtqueue. This may lead double free for the skb during
free_unused_bufs(). This patch fixes this by not freeing it on kick failure and
let it to be freed through free_unused_bufs().

Fixes 67975901183799af8e93ec60e322f9e2a1940b9b
("virtio_net: verify if virtqueue_kick() succeeded").

Cc: Rusty Russell <ru...@rustcorp.com.au>
Cc: Michael S. Tsirkin <m...@redhat.com>
Cc: Heinz Graalfs <graa...@linux.vnet.ibm.com>
Signed-off-by: Jason Wang <jasow...@redhat.com>
---
 drivers/net/virtio_net.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 5632a99..d833d38 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -882,8 +882,10 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct 
net_device *dev)
                if (net_ratelimit())
                        dev_warn(&dev->dev,
                                 "Unexpected TXQ (%d) queue failure: %d\n", 
qnum, err);
-               dev->stats.tx_dropped++;
-               kfree_skb(skb);
+               if (err) {
+                       dev->stats.tx_dropped++;
+                       kfree_skb(skb);
+               }
                return NETDEV_TX_OK;
        }
 
-- 
1.8.3.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/