tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
ehea: fix invalid pointer access
This patch fixes an invalid pointer access in case the receive queue
holds no pointer to the next skb when the queue is empty.
Signed-off-by: Hannes Hering <hering2@de.ibm.com>
Signed-off-by: Jan-Bernd Themann <themann@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by
Hannes Hering
and committed by
David S. Miller
0b2febf3
379b026e
+18
-13
+1
-1
drivers/net/ehea/ehea.h
+1
-1
drivers/net/ehea/ehea.h
+17
-12
drivers/net/ehea/ehea_main.c
+17
-12
drivers/net/ehea/ehea_main.c
···
545
545
x &= (arr_len - 1);
546
546
547
547
pref = skb_array[x];
548
-
prefetchw(pref);
549
-
prefetchw(pref + EHEA_CACHE_LINE);
548
+
if (pref) {
549
+
prefetchw(pref);
550
+
prefetchw(pref + EHEA_CACHE_LINE);
550
551
551
-
pref = (skb_array[x]->data);
552
-
prefetch(pref);
553
-
prefetch(pref + EHEA_CACHE_LINE);
554
-
prefetch(pref + EHEA_CACHE_LINE * 2);
555
-
prefetch(pref + EHEA_CACHE_LINE * 3);
552
+
pref = (skb_array[x]->data);
553
+
prefetch(pref);
554
+
prefetch(pref + EHEA_CACHE_LINE);
555
+
prefetch(pref + EHEA_CACHE_LINE * 2);
556
+
prefetch(pref + EHEA_CACHE_LINE * 3);
557
+
}
558
+
556
559
skb = skb_array[skb_index];
557
560
skb_array[skb_index] = NULL;
558
561
return skb;
···
572
569
x &= (arr_len - 1);
573
570
574
571
pref = skb_array[x];
575
-
prefetchw(pref);
576
-
prefetchw(pref + EHEA_CACHE_LINE);
572
+
if (pref) {
573
+
prefetchw(pref);
574
+
prefetchw(pref + EHEA_CACHE_LINE);
577
575
578
-
pref = (skb_array[x]->data);
579
-
prefetchw(pref);
580
-
prefetchw(pref + EHEA_CACHE_LINE);
576
+
pref = (skb_array[x]->data);
577
+
prefetchw(pref);
578
+
prefetchw(pref + EHEA_CACHE_LINE);
579
+
}
581
580
582
581
skb = skb_array[wqe_index];
583
582
skb_array[wqe_index] = NULL;