From: Marc Kleine-Budde Date: Sat, 11 Jul 2015 19:16:08 +0000 (+0200) Subject: can: slcan: don't touch skb after netif_rx_ni() X-Git-Tag: firefly_0821_release~176^2~1383^2~33^2~7 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=a2e78cf7a3f562edca4230b188c8832b6214eccd;p=firefly-linux-kernel-4.4.55.git can: slcan: don't touch skb after netif_rx_ni() There is no guarantee that the skb is in the same state after calling net_receive_skb() or netif_rx(). It might be freed or reused. Not really harmful as its a read access, except you turn on the proper debugging options which catch a use after free. Cc: Oliver Hartkopp Signed-off-by: Marc Kleine-Budde --- diff --git a/drivers/net/can/slcan.c b/drivers/net/can/slcan.c index a23a7af8eb9a..9a3f15cb7ef4 100644 --- a/drivers/net/can/slcan.c +++ b/drivers/net/can/slcan.c @@ -218,10 +218,10 @@ static void slc_bump(struct slcan *sl) memcpy(skb_put(skb, sizeof(struct can_frame)), &cf, sizeof(struct can_frame)); - netif_rx_ni(skb); sl->dev->stats.rx_packets++; sl->dev->stats.rx_bytes += cf.can_dlc; + netif_rx_ni(skb); } /* parse tty input stream */