xen/netback: only non-freed SKB is queued into tx_queue

After SKB is queued into tx_queue, it will be freed if request_gop is NULL.
However, no dequeue action is called in this situation, it is likely that
tx_queue constains freed SKB. This patch should fix this issue, and it is
based on 3.5.0-rc4+.

This issue is found through code inspection, no bug is seen with it currently.
I run netperf test for several hours, and no network regression was found.

Signed-off-by: Annie Li <annie.li@oracle.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c
index f4a6fcaeffb1db381ef9fd007a72578d984a3b4c..682633bfe00ff7fc35c7be97c427a6cf5d9dde45 100644 (file)
--- a/drivers/net/xen-netback/netback.c
+++ b/drivers/net/xen-netback/netback.c
@@ -1363,8 +1363,6 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk)
                                             INVALID_PENDING_IDX);
                }
 
-               __skb_queue_tail(&netbk->tx_queue, skb);
-
                netbk->pending_cons++;
 
                request_gop = xen_netbk_get_requests(netbk, vif,
@@ -1376,6 +1374,8 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk)
                }
                gop = request_gop;
 
+               __skb_queue_tail(&netbk->tx_queue, skb);
+
                vif->tx.req_cons = idx;
                xen_netbk_check_rx_xenvif(vif);