On 17.02.2021 13:42, Vladimir Oltean wrote:
> On Wed, Feb 17, 2021 at 08:38:30PM +0800, DENG Qingfang wrote:
>> On Wed, Feb 17, 2021 at 7:55 AM Linus Walleij <linus.wall...@linaro.org>
>> wrote:
>>> +
>>> + /* Pad out to at least 60 bytes */
>>> + if (unlikely(eth_skb_pad(skb)))
>>> + return NULL;
>>
>> I just found that this will cause double free (eth_skb_pad will free
>> the skb if allocation fails, and dsa_slave_xmit will still try to free
>> it because it returns NULL.
>> Replace eth_skb_pad(skb) with __skb_put_padto(skb, ETH_ZLEN, false) to
>> avoid that.
>
That's really a pitfall. I had to do the same in r8169:
cc6528bc9a0c ("r8169: fix potential skb double free in an error path")
> Good catch, Qingfang.
>
