hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()

It is not allowed to call kfree_skb() or consume_skb() from hardware
interrupt context or with hardware interrupts being disabled.

It should use dev_kfree_skb_irq() or dev_consume_skb_irq() instead.
The difference between them is free reason, dev_kfree_skb_irq() means
the SKB is dropped in error and dev_consume_skb_irq() means the SKB
is consumed in normal.

In scc_discard_buffers(), dev_kfree_skb() is called to discard the SKBs,
so replace it with dev_kfree_skb_irq().

In scc_net_tx(), dev_kfree_skb() is called to drop the SKB that exceed
queue length, so replace it with dev_kfree_skb_irq().

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/hamradio/scc.c b/drivers/net/hamradio/scc.c
index f90830d3dfa697fb4d063b983dd02bfb957a3d7a..a9184a78650b094afb37057b7bba8433c6906265 100644 (file)
--- a/drivers/net/hamradio/scc.c
+++ b/drivers/net/hamradio/scc.c
@@ -302,12 +302,12 @@ static inline void scc_discard_buffers(struct scc_channel *scc)
        spin_lock_irqsave(&scc->lock, flags);   
        if (scc->tx_buff != NULL)
        {
-               dev_kfree_skb(scc->tx_buff);
+               dev_kfree_skb_irq(scc->tx_buff);
                scc->tx_buff = NULL;
        }
        
        while (!skb_queue_empty(&scc->tx_queue))
-               dev_kfree_skb(skb_dequeue(&scc->tx_queue));
+               dev_kfree_skb_irq(skb_dequeue(&scc->tx_queue));
 
        spin_unlock_irqrestore(&scc->lock, flags);
 }
@@ -1668,7 +1668,7 @@ static netdev_tx_t scc_net_tx(struct sk_buff *skb, struct net_device *dev)
        if (skb_queue_len(&scc->tx_queue) > scc->dev->tx_queue_len) {
                struct sk_buff *skb_del;
                skb_del = skb_dequeue(&scc->tx_queue);
-               dev_kfree_skb(skb_del);
+               dev_kfree_skb_irq(skb_del);
        }
        skb_queue_tail(&scc->tx_queue, skb);
        netif_trans_update(dev);