From fb837a6f8e5b39cfa008aaf4fc437c0387ef306e Mon Sep 17 00:00:00 2001 From: "kfraser@localhost.localdomain" Date: Thu, 17 Aug 2006 11:32:39 +0100 Subject: [PATCH] [NET] back: Initialise first fragment properly The first fragment is used to store the pending_idx of the leading txreq if it doesn't fit in the head area. When it does fit into the head we need to ensure that the first fragment contains a value that is not equal to pending_idx as that's what we use to distinguish between the two cases in a a number of places. This patch sets the first fragment to ~0 which is not equal to any valid pending_idx. Without this initialisation, we may double-free a pending_idx if the first fragment happened to contain a value equal to it (this usually happened with pending_idx 0). Signed-off-by: Herbert Xu --- linux-2.6-xen-sparse/drivers/xen/netback/netback.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/linux-2.6-xen-sparse/drivers/xen/netback/netback.c b/linux-2.6-xen-sparse/drivers/xen/netback/netback.c index 865188fecd..ad8236c82f 100644 --- a/linux-2.6-xen-sparse/drivers/xen/netback/netback.c +++ b/linux-2.6-xen-sparse/drivers/xen/netback/netback.c @@ -1218,6 +1218,9 @@ static void net_tx_action(unsigned long unused) skb_shinfo(skb)->nr_frags++; skb_shinfo(skb)->frags[0].page = (void *)(unsigned long)pending_idx; + } else { + /* Discriminate from any valid pending_idx value. */ + skb_shinfo(skb)->frags[0].page = (void *)~0UL; } __skb_queue_tail(&tx_queue, skb); -- 2.30.2