[PATCH 3.16 377/410] can: cc770: Fix use after free in cc770_tx_interrupt()
From: Ben Hutchings
Date: Thu Jun 07 2018 - 10:10:33 EST
3.16.57-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Andri Yngvason <andri.yngvason@xxxxxxxxx>
commit 9ffd7503944ec7c0ef41c3245d1306c221aef2be upstream.
This fixes use after free introduced by the last cc770 patch.
Signed-off-by: Andri Yngvason <andri.yngvason@xxxxxxxxx>
Fixes: 746201235b3f ("can: cc770: Fix queue stall & dropped RTR reply")
Signed-off-by: Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
drivers/net/can/cc770/cc770.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/drivers/net/can/cc770/cc770.c
+++ b/drivers/net/can/cc770/cc770.c
@@ -705,13 +705,12 @@ static void cc770_tx_interrupt(struct ne
return;
}
- can_put_echo_skb(priv->tx_skb, dev, 0);
- can_get_echo_skb(dev, 0);
-
cf = (struct can_frame *)priv->tx_skb->data;
stats->tx_bytes += cf->can_dlc;
stats->tx_packets++;
+ can_put_echo_skb(priv->tx_skb, dev, 0);
+ can_get_echo_skb(dev, 0);
priv->tx_skb = NULL;
netif_wake_queue(dev);