Commit 9adbb49e authored by Ivan Safonov's avatar Ivan Safonov Committed by Greg Kroah-Hartman
Browse files

staging:rtl8723bs: eliminate usage of skb_clone after skb allocation fail 



The skb allocated when out of memory
is likely to be discarded during subsequent processing.

Signed-off-by: default avatarIvan Safonov <insafonov@gmail.com>
Link: https://lore.kernel.org/r/20200502151905.43663-1-insafonov@gmail.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 70458c20

drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c

+13 −31
Original line number Diff line number Diff line
@@ -311,8 +311,12 @@ static void rtl8723bs_recv_tasklet(unsigned long priv) 
				}



				pkt_copy = rtw_skb_alloc(alloc_sz);

				if (!pkt_copy) {

					DBG_8192C("%s: alloc_skb fail, drop frame\n", __func__);

					rtw_free_recvframe(precvframe, &precvpriv->free_recv_queue);

					break;

				}



				if (pkt_copy) {

				pkt_copy->dev = padapter->pnetdev;

				precvframe->u.hdr.pkt = pkt_copy;

				skb_reserve(pkt_copy, 8 - ((SIZE_PTR)(pkt_copy->data) & 7));/* force pkt_copy->data at 8-byte alignment address */
@@ -321,28 +325,6 @@ static void rtl8723bs_recv_tasklet(unsigned long priv) 
				precvframe->u.hdr.rx_head = pkt_copy->head;

				precvframe->u.hdr.rx_data = precvframe->u.hdr.rx_tail = pkt_copy->data;

				precvframe->u.hdr.rx_end = skb_end_pointer(pkt_copy);

				} else {

					if ((pattrib->mfrag == 1) && (pattrib->frag_num == 0)) {

						DBG_8192C("%s: alloc_skb fail, drop frag frame\n", __func__);

						rtw_free_recvframe(precvframe, &precvpriv->free_recv_queue);

						break;

					}



					precvframe->u.hdr.pkt = rtw_skb_clone(precvbuf->pskb);

					if (precvframe->u.hdr.pkt) {

						_pkt *pkt_clone = precvframe->u.hdr.pkt;



						pkt_clone->data = ptr + rx_report_sz + pattrib->shift_sz;

						skb_reset_tail_pointer(pkt_clone);

						precvframe->u.hdr.rx_head = precvframe->u.hdr.rx_data = precvframe->u.hdr.rx_tail

							= pkt_clone->data;

						precvframe->u.hdr.rx_end = pkt_clone->data + skb_len;

					} else {

						DBG_8192C("%s: rtw_skb_clone fail\n", __func__);

						rtw_free_recvframe(precvframe, &precvpriv->free_recv_queue);

						break;

					}

				}



				recvframe_put(precvframe, skb_len);

				/* recvframe_pull(precvframe, drvinfo_sz + RXDESC_SIZE); */

drivers/staging/rtl8723bs/os_dep/recv_linux.c

+6 −13
Original line number Diff line number Diff line
@@ -60,20 +60,13 @@ _pkt *rtw_os_alloc_msdu_pkt(union recv_frame *prframe, u16 nSubframe_Length, u8 
	pattrib = &prframe->u.hdr.attrib;



	sub_skb = rtw_skb_alloc(nSubframe_Length + 12);

	if (sub_skb) {

		skb_reserve(sub_skb, 12);

		skb_put_data(sub_skb, (pdata + ETH_HLEN), nSubframe_Length);

	} else {

		sub_skb = rtw_skb_clone(prframe->u.hdr.pkt);

		if (sub_skb) {

			sub_skb->data = pdata + ETH_HLEN;

			sub_skb->len = nSubframe_Length;

			skb_set_tail_pointer(sub_skb, nSubframe_Length);

		} else {

			DBG_871X("%s(): rtw_skb_clone() Fail!!!\n", __func__);

	if (!sub_skb) {

		DBG_871X("%s(): rtw_skb_alloc() Fail!!!\n", __func__);

		return NULL;

	}

	}



	skb_reserve(sub_skb, 12);

	skb_put_data(sub_skb, (pdata + ETH_HLEN), nSubframe_Length);



	eth_type = RTW_GET_BE16(&sub_skb->data[6]);