From: kfraser@localhost.localdomain Date: Thu, 17 Aug 2006 10:32:39 +0000 (+0100) Subject: [NET] back: Initialise first fragment properly X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~15710^2~71 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=fb837a6f8e5b39cfa008aaf4fc437c0387ef306e;p=xen.git [NET] back: Initialise first fragment properly The first fragment is used to store the pending_idx of the leading txreq if it doesn't fit in the head area. When it does fit into the head we need to ensure that the first fragment contains a value that is not equal to pending_idx as that's what we use to distinguish between the two cases in a a number of places. This patch sets the first fragment to ~0 which is not equal to any valid pending_idx. Without this initialisation, we may double-free a pending_idx if the first fragment happened to contain a value equal to it (this usually happened with pending_idx 0). Signed-off-by: Herbert Xu --- diff --git a/linux-2.6-xen-sparse/drivers/xen/netback/netback.c b/linux-2.6-xen-sparse/drivers/xen/netback/netback.c index 865188fecd..ad8236c82f 100644 --- a/linux-2.6-xen-sparse/drivers/xen/netback/netback.c +++ b/linux-2.6-xen-sparse/drivers/xen/netback/netback.c @@ -1218,6 +1218,9 @@ static void net_tx_action(unsigned long unused) skb_shinfo(skb)->nr_frags++; skb_shinfo(skb)->frags[0].page = (void *)(unsigned long)pending_idx; + } else { + /* Discriminate from any valid pending_idx value. */ + skb_shinfo(skb)->frags[0].page = (void *)~0UL; } __skb_queue_tail(&tx_queue, skb);