diff options
| author | Bjørn Mork <bjorn@mork.no> | 2014-05-30 07:31:04 (GMT) |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-06-02 23:01:30 (GMT) |
| commit | 1ba5d0ff36f765a571c83b55b13ec44f4050fb5b (patch) | |
| tree | 67aa90e05b8c98166c96890bac664b61fdf876f5 | |
| parent | 1e2c611723420789e6098534fc0c57f12ee041b7 (diff) | |
| download | linux-1ba5d0ff36f765a571c83b55b13ec44f4050fb5b.tar.xz | |
net: cdc_ncm: always reallocate tx_curr_skb when tx_max increases
We are calling usbnet_start_xmit() to flush any remaining data,
depending on the side effect that tx_curr_skb is set to NULL,
ensuring a new allocation using the updated tx_max. But this
side effect will only happen if there were any cached data ready
to transmit. If not, then an empty tx_curr_skb is still allocated
using the old tx_max size. Free it to avoid a buffer overrun.
Fixes: 68864abf08f0 ("net: cdc_ncm: support rx_max/tx_max updates when running")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | drivers/net/usb/cdc_ncm.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c index 2bbbd65..ff5b3a8 100644 --- a/drivers/net/usb/cdc_ncm.c +++ b/drivers/net/usb/cdc_ncm.c @@ -268,6 +268,11 @@ static void cdc_ncm_update_rxtx_max(struct usbnet *dev, u32 new_rx, u32 new_tx) if (netif_running(dev->net) && val > ctx->tx_max) { netif_tx_lock_bh(dev->net); usbnet_start_xmit(NULL, dev->net); + /* make sure tx_curr_skb is reallocated if it was empty */ + if (ctx->tx_curr_skb) { + dev_kfree_skb_any(ctx->tx_curr_skb); + ctx->tx_curr_skb = NULL; + } ctx->tx_max = val; netif_tx_unlock_bh(dev->net); } else { |