We free the skb immediately on kick failure during xmit without detaching it
from the virtqueue. This may lead double free for the skb during
free_unused_bufs(). This patch fixes this by not freeing it on kick failure and
let it to be freed through free_unused_bufs().
Fixes 67975901183799af8e93ec60e322f9e2a1940b9b
("virtio_net: verify if virtqueue_kick() succeeded").
Cc: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
Cc: Michael S. Tsirkin <mst@xxxxxxxxxx>
Cc: Heinz Graalfs <graalfs@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
---
drivers/net/virtio_net.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 5632a99..d833d38 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -882,8 +882,10 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev)
if (net_ratelimit())
dev_warn(&dev->dev,
"Unexpected TXQ (%d) queue failure: %d\n", qnum, err);
- dev->stats.tx_dropped++;
- kfree_skb(skb);
+ if (err) {
+ dev->stats.tx_dropped++;
+ kfree_skb(skb);
+ }
return NETDEV_TX_OK;
}
--
1.8.3.2
_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
