From c2c0e8b2b88cac379b2a2167b448000dedd2596a Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Wed, 27 Aug 2014 17:05:53 -0700 Subject: [PATCH] f_ncm: Don't use netdev_start_xmit(). Unfortunately, the USB gadget layer has this weird things where NULL skbs are passed into ops->ndo_start_xmit() in order to trigger the dev->wrap() calls to build packets. This is completely outside of the allowable range of sane arguments for the ndo_start_xmit method. All invocations of ndo_start_xmit() should be with non-NULL SKB arguments. Put back the direct call, but with a comment explaining how this is not acceptable in the long term. Reported-by: Dan Carpenter Signed-off-by: David S. Miller --- drivers/usb/gadget/function/f_ncm.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c index cb5d646db6a..146f48cc65d 100644 --- a/drivers/usb/gadget/function/f_ncm.c +++ b/drivers/usb/gadget/function/f_ncm.c @@ -1101,7 +1101,15 @@ static void ncm_tx_tasklet(unsigned long data) /* Only send if data is available. */ if (ncm->skb_tx_data) { ncm->timer_force_tx = true; - netdev_start_xmit(NULL, ncm->netdev); + + /* XXX This allowance of a NULL skb argument to ndo_start_xmit + * XXX is not sane. The gadget layer should be redesigned so + * XXX that the dev->wrap() invocations to build SKBs is transparent + * XXX and performed in some way outside of the ndo_start_xmit + * XXX interface. + */ + ncm->netdev->netdev_ops->ndo_start_xmit(NULL, ncm->netdev); + ncm->timer_force_tx = false; } } -- 2.46.0