[NET] back: Initialise first fragment properly

The first fragment is used to store the pending_idx of the leading
txreq if it doesn't fit in the head area.  When it does fit into
the head we need to ensure that the first fragment contains a value
that is not equal to pending_idx as that's what we use to distinguish
between the two cases in a a number of places.

This patch sets the first fragment to ~0 which is not equal to any
valid pending_idx.  Without this initialisation, we may double-free
a pending_idx if the first fragment happened to contain a value
equal to it (this usually happened with pending_idx 0).

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/linux-2.6-xen-sparse/drivers/xen/netback/netback.c b/linux-2.6-xen-sparse/drivers/xen/netback/netback.c
index 865188fecdc74b91a20bf7e673cdb4cd7427ec86..ad8236c82fc7e4ef72df8906f3faf2dbb2d5bd26 100644 (file)
--- a/linux-2.6-xen-sparse/drivers/xen/netback/netback.c
+++ b/linux-2.6-xen-sparse/drivers/xen/netback/netback.c
@@ -1218,6 +1218,9 @@ static void net_tx_action(unsigned long unused)
                        skb_shinfo(skb)->nr_frags++;
                        skb_shinfo(skb)->frags[0].page =
                                (void *)(unsigned long)pending_idx;
+               } else {
+                       /* Discriminate from any valid pending_idx value. */
+                       skb_shinfo(skb)->frags[0].page = (void *)~0UL;
                }
 
                __skb_queue_tail(&tx_queue, skb);