| 12345678910111213141516171819202122232425262728293031 |
- From: Sara Sharon <sara.sharon@intel.com>
- Date: Thu, 11 Oct 2018 14:21:21 +0200
- Subject: [PATCH] mac80211: free skb fraglist before freeing the skb
- mac80211 uses the frag list to build AMSDU. When freeing
- the skb, it may not be really freed, since someone is still
- holding a reference to it.
- In that case, when TCP skb is being retransmitted, the
- pointer to the frag list is being reused, while the data
- in there is no longer valid.
- Since we will never get frag list from the network stack,
- as mac80211 doesn't advertise the capability, we can safely
- free and nullify it before releasing the SKB.
- Signed-off-by: Sara Sharon <sara.sharon@intel.com>
- ---
- --- a/net/mac80211/status.c
- +++ b/net/mac80211/status.c
- @@ -558,6 +558,11 @@ static void ieee80211_report_used_skb(st
- }
-
- ieee80211_led_tx(local);
- +
- + if (skb_has_frag_list(skb)) {
- + kfree_skb_list(skb_shinfo(skb)->frag_list);
- + skb_shinfo(skb)->frag_list = NULL;
- + }
- }
-
- /*
|
