From patchwork Mon May 26 10:53:39 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Bj=C3=B8rn_Mork?= X-Patchwork-Id: 352487 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 724FF140083 for ; Mon, 26 May 2014 20:55:12 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752121AbaEZKzG (ORCPT ); Mon, 26 May 2014 06:55:06 -0400 Received: from canardo.mork.no ([148.122.252.1]:43641 "EHLO canardo.mork.no" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751803AbaEZKzE (ORCPT ); Mon, 26 May 2014 06:55:04 -0400 Received: from nemi.mork.no (ip6-localhost [IPv6:::1]) by canardo.mork.no (8.14.4/8.14.4) with ESMTP id s4QAs3MZ020435 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 26 May 2014 12:54:03 +0200 Received: from bjorn by nemi.mork.no with local (Exim 4.80) (envelope-from ) id 1WosXZ-0003Dm-QU; Mon, 26 May 2014 12:54:01 +0200 From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= To: netdev@vger.kernel.org Cc: , Alexey Orishko , Oliver Neukum , Enrico Mioso , David Laight , Lars Melin , Peter Stuge , Greg Suarez , =?UTF-8?q?Bj=C3=B8rn=20Mork?= Subject: [PATCH net-next 2/8] net: cdc_ncm: always reallocate tx_curr_skb when tx_max increases Date: Mon, 26 May 2014 12:53:39 +0200 Message-Id: <1401101625-12342-3-git-send-email-bjorn@mork.no> X-Mailer: git-send-email 2.0.0.rc4 In-Reply-To: <1401101625-12342-1-git-send-email-bjorn@mork.no> References: <1401101625-12342-1-git-send-email-bjorn@mork.no> MIME-Version: 1.0 X-Spam-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on canardo.mork.no X-Virus-Scanned: clamav-milter 0.98.1 at canardo X-Virus-Status: Clean Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org We are calling usbnet_start_xmit() to flush any remaining data, depending on the side effect that tx_curr_skb is set to NULL, ensuring a new allocation using the updated tx_max. But this side effect will only happen if there were any cached data ready to transmit. If not, then an empty tx_curr_skb is still allocated using the old tx_max size. Free it to avoid a buffer overrun. Fixes: 68864abf08f0 ("net: cdc_ncm: support rx_max/tx_max updates when running") Signed-off-by: Bjørn Mork --- drivers/net/usb/cdc_ncm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c index 2bbbd65591c7..ff5b3a854898 100644 --- a/drivers/net/usb/cdc_ncm.c +++ b/drivers/net/usb/cdc_ncm.c @@ -268,6 +268,11 @@ static void cdc_ncm_update_rxtx_max(struct usbnet *dev, u32 new_rx, u32 new_tx) if (netif_running(dev->net) && val > ctx->tx_max) { netif_tx_lock_bh(dev->net); usbnet_start_xmit(NULL, dev->net); + /* make sure tx_curr_skb is reallocated if it was empty */ + if (ctx->tx_curr_skb) { + dev_kfree_skb_any(ctx->tx_curr_skb); + ctx->tx_curr_skb = NULL; + } ctx->tx_max = val; netif_tx_unlock_bh(dev->net); } else {