2.6.39-stable review patch. If anyone has any objections, please let us know.
------------------ From: "K. Y. Srinivasan" <[email protected]> commit 663dd6dcaf7e95526e469e91f41972a9c0cca30c upstream. The recent changes to the connector code introduced this bug where even when a callback was invoked, we would return an error resulting in double freeing of the skb. This patch fixes this bug. Signed-off-by: K. Y. Srinivasan <[email protected]> Acked-by: Evgeniy Polyakov <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- drivers/connector/connector.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/connector/connector.c +++ b/drivers/connector/connector.c @@ -139,6 +139,7 @@ static int cn_call_callback(struct sk_bu spin_unlock_bh(&dev->cbdev->queue_lock); if (cbq != NULL) { + err = 0; cbq->callback(msg, nsp); kfree_skb(skb); cn_queue_release_callback(cbq); _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
