xen/netback: only non-freed SKB is queued into tx_queue After SKB is queued into tx_queue, it will be freed if request_gop is NULL. However, no dequeue action is called in this situation, it is likely that tx_queue constains freed SKB. This patch should fix this issue, and it is based on 3.5.0-rc4+. This issue is found through code inspection, no bug is seen with it currently. I run netperf test for several hours, and no network regression was found. Signed-off-by: Annie Li <[email protected]> Acked-by: Ian Campbell <[email protected]> Signed-off-by: David S. Miller <[email protected]>

commit: 1e0b6eac6a150a35b45d019681b0021896354ae5 [log] [tgz]
author: Annie Li <[email protected]> Wed Jun 27 00:46:58 2012 +0000
committer: David S. Miller <[email protected]> Fri Jun 29 00:50:20 2012 -0700
tree: 97b778fcefabf41c3cefce8eea3b476d26ee7ad4
parent: 7fa8ad6df71f4778b23e17b0106aaef02b518684 [diff] [blame]
diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c
index f4a6fca..682633bf 100644
--- a/drivers/net/xen-netback/netback.c
+++ b/drivers/net/xen-netback/netback.c

@@ -1363,8 +1363,6 @@
 					     INVALID_PENDING_IDX);
 		}
 
-		__skb_queue_tail(&netbk->tx_queue, skb);
-
 		netbk->pending_cons++;
 
 		request_gop = xen_netbk_get_requests(netbk, vif,
@@ -1376,6 +1374,8 @@
 		}
 		gop = request_gop;
 
+		__skb_queue_tail(&netbk->tx_queue, skb);
+
 		vif->tx.req_cons = idx;
 		xen_netbk_check_rx_xenvif(vif);
commit	1e0b6eac6a150a35b45d019681b0021896354ae5	[log] [tgz]
author	Annie Li <[email protected]>	Wed Jun 27 00:46:58 2012 +0000
committer	David S. Miller <[email protected]>	Fri Jun 29 00:50:20 2012 -0700
tree	97b778fcefabf41c3cefce8eea3b476d26ee7ad4
parent	7fa8ad6df71f4778b23e17b0106aaef02b518684 [diff] [blame]