lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 May 2020 19:51:01 -0700 From: Jeff Kirsher <jeffrey.t.kirsher@...el.com> To: davem@...emloft.net Cc: Andre Guedes <andre.guedes@...el.com>, netdev@...r.kernel.org, nhorman@...hat.com, sassmann@...hat.com, Aaron Brown <aaron.f.brown@...el.com>, Jeff Kirsher <jeffrey.t.kirsher@...el.com> Subject: [net-next 09/17] igc: Fix NFC rule validation From: Andre Guedes <andre.guedes@...el.com> If we try to overwrite an existing rule with the same filter but different action, we get EEXIST error as shown below. $ ethtool -N eth0 flow-type ether dst <MACADDR> action 1 loc 10 $ ethtool -N eth0 flow-type ether dst <MACADDR> action 2 loc 10 rmgr: Cannot insert RX class rule: File exists The second command is expected to overwrite the previous rule in location 10 and succeed. This patch fixes igc_ethtool_check_nfc_rule() so it also checks the rules location. In case they match, the rule under evaluation should not be considered invalid. Signed-off-by: Andre Guedes <andre.guedes@...el.com> Tested-by: Aaron Brown <aaron.f.brown@...el.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@...el.com> --- drivers/net/ethernet/intel/igc/igc_ethtool.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/intel/igc/igc_ethtool.c b/drivers/net/ethernet/intel/igc/igc_ethtool.c index 43dff09a8f86..d14c46dce053 100644 --- a/drivers/net/ethernet/intel/igc/igc_ethtool.c +++ b/drivers/net/ethernet/intel/igc/igc_ethtool.c @@ -1225,8 +1225,8 @@ static void igc_ethtool_init_nfc_rule(struct igc_nfc_rule *rule, * Rules with both destination and source MAC addresses are considered invalid * since the driver doesn't support them. * - * Also, if there is already another rule with the same filter, @rule is - * considered invalid. + * Also, if there is already another rule with the same filter in a different + * location, @rule is considered invalid. * * Context: Expects adapter->nfc_rule_lock to be held by caller. * @@ -1252,7 +1252,8 @@ static int igc_ethtool_check_nfc_rule(struct igc_adapter *adapter, list_for_each_entry(tmp, &adapter->nfc_rule_list, list) { if (!memcmp(&rule->filter, &tmp->filter, - sizeof(rule->filter))) { + sizeof(rule->filter)) && + tmp->location != rule->location) { netdev_dbg(dev, "Rule already exists\n"); return -EEXIST; } -- 2.26.2
Powered by blists - more mailing lists