xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sfc: protect filter table against use-after-free

Browse Source 
If MCDI timeouts are encountered during efx_ef10_filter_table_remove(),
an FLR will be queued, but efx->filter_state will still be kfree()d.
The queued FLR will then call efx_ef10_filter_table_restore(), which
will try to use efx->filter_state. This previously caused a panic.
This patch adds an rwsem to protect the existence of efx->filter_state,
separately from the spinlock protecting its contents.  Users which can
race against efx_ef10_filter_table_remove() should down_read this rwsem.

Signed-off-by: Shradha Shah <sshah@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Edward Cree
2015-05-20 11:10:03 +01:00
committed by David S. Miller
parent f1122a345b
commit 0d322413d6
5 changed files with 55 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/net/ethernet/sfc/efx.h
View File

@@ -74,6 +74,8 @@ void efx_schedule_slow_fill(struct efx_rx_queue *rx_queue);
/* Filters */
void efx_mac_reconfigure(struct efx_nic *efx);
/**
* efx_filter_insert_filter - add or replace a filter
* @efx: NIC in which to insert the filter