enic: handle error condition properly in enic_rq_indicate_buf
In case of error in rx path, we free the buf->os_buf but we do not make it NULL.
In next iteration we use the skb which is already freed. This causes the
following crash.
[ 886.154772] general protection fault: 0000 [#1] PREEMPT SMP
[ 886.154851] Modules linked in: rpcsec_gss_krb5 auth_rpcgss oid_registry nfsv4 microcode evdev cirrus ttm drm_kms_helper drm enic syscopyarea sysfillrect sysimgblt psmouse i2c_piix4 serio_raw pcspkr i2c_core nfs lockd grace sunrpc fscache ext4 crc16 mbcache jbd2 sd_mod crc_t10dif crct10dif_common ata_generic ata_piix virtio_balloon libata scsi_mod uhci_hcd usbcore virtio_pci virtio_ring virtio usb_common
[ 886.155199] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.17.0-netnext-05668-g876bc7f #272
[ 886.155263] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 886.155304] task:
ffffffff81a1d580 ti:
ffffffff81a00000 task.ti:
ffffffff81a00000
[ 886.155356] RIP: 0010:[<
ffffffff81384030>] [<
ffffffff81384030>] kfree_skb_list+0x10/0x30
[ 886.155418] RSP: 0018:
ffff880210603d48 EFLAGS:
00010206
[ 886.155456] RAX:
0000000000000020 RBX:
0000000000000000 RCX:
0000000000000000
[ 886.155504] RDX:
0000000000000000 RSI:
0000000000000001 RDI:
004500084e000017
[ 886.155553] RBP:
ffff880210603d50 R08:
00000000fe13d1b6 R09:
0000000000000001
[ 886.155601] R10:
0000000000000000 R11:
0000000000000000 R12:
ffff880209ff2f00
[ 886.155650] R13:
ffff88020ac0fe40 R14:
ffff880209ff2f00 R15:
ffff8800da8e3a80
[ 886.155699] FS:
0000000000000000(0000) GS:
ffff880210600000(0000) knlGS:
0000000000000000
[ 886.155774] CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
[ 886.155814] CR2:
00007f0e0c925000 CR3:
0000000035e8b000 CR4:
00000000000006f0
[ 886.155865] Stack:
[ 886.155882]
0000000000000000 ffff880210603d78 ffffffff81383f79 ffff880209ff2f00
[ 886.155942]
ffff88020b0c0b40 000000000000c000 ffff880210603d90 ffffffff81383faf
[ 886.156001]
ffff880209ff2f00 ffff880210603da8 ffffffff8138406d ffff88020b1b08c0
[ 886.156061] Call Trace:
[ 886.156080] <IRQ>
[ 886.156095]
[ 886.156112] [<
ffffffff81383f79>] skb_release_data+0xa9/0xc0
[ 886.157656] [<
ffffffff81383faf>] skb_release_all+0x1f/0x30
[ 886.159195] [<
ffffffff8138406d>] consume_skb+0x1d/0x40
[ 886.160719] [<
ffffffff813942e5>] __dev_kfree_skb_any+0x35/0x40
[ 886.162224] [<
ffffffffa02dc1d5>] enic_rq_service.constprop.47+0xe5/0x5a0 [enic]
[ 886.163756] [<
ffffffffa02dc829>] enic_poll_msix_rq+0x199/0x370 [enic]
[ 886.164730] [<
ffffffff81397e29>] net_rx_action+0x139/0x210
[ 886.164730] [<
ffffffff8105fb2e>] __do_softirq+0x14e/0x280
[ 886.164730] [<
ffffffff8105ff2e>] irq_exit+0x8e/0xb0
[ 886.164730] [<
ffffffff8100fc1d>] do_IRQ+0x5d/0x100
[ 886.164730] [<
ffffffff81496832>] common_interrupt+0x72/0x72
fixes:
a03bb56e67c357980dae886683733dab5583dc14 ("enic: implement rx_copybreak")
Signed-off-by: Govindarajulu Varadarajan <_govind@gmx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>