mkiss: ax_bump() locking fix

According to one of OOPSes reported by Jann softirq can break
while skb is prepared for netif_rx. The report isn't complete,
so the real reason of the later bug could be different, but
IMHO this locking break in ax_bump is unsafe and unnecessary.

Reported-and-tested-by: Jann Traschewski <jann@gmx.de>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>

diff --git a/drivers/net/hamradio/mkiss.c b/drivers/net/hamradio/mkiss.c
index cfcd15a..30c9b3b 100644 (file)
--- a/drivers/net/hamradio/mkiss.c
+++ b/drivers/net/hamradio/mkiss.c
@@ -289,7 +289,6 @@ static void ax_bump(struct mkiss *ax)
                        *ax->rbuff &= ~0x20;
                }
        }
-       spin_unlock_bh(&ax->buflock);
 
        count = ax->rcount;
 
@@ -297,17 +296,17 @@ static void ax_bump(struct mkiss *ax)
                printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
                       ax->dev->name);
                ax->stats.rx_dropped++;
+               spin_unlock_bh(&ax->buflock);
                return;
        }
 
-       spin_lock_bh(&ax->buflock);
        memcpy(skb_put(skb,count), ax->rbuff, count);
-       spin_unlock_bh(&ax->buflock);
        skb->protocol = ax25_type_trans(skb, ax->dev);
        netif_rx(skb);
        ax->dev->last_rx = jiffies;
        ax->stats.rx_packets++;
        ax->stats.rx_bytes += count;
+       spin_unlock_bh(&ax->buflock);
 }
 
 static void kiss_unesc(struct mkiss *ax, unsigned char s)