| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1591956510-15051-2-git-send-email-wenxu@ucloud.cn>
Date: Fri, 12 Jun 2020 18:08:30 +0800
From: wenxu@...oud.cn
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, pablo@...filter.org, vladbu@...lanox.com
Subject: [PATCH net 2/2] flow_offload: fix the list_del corruption in the driver list
From: wenxu <wenxu@...oud.cn>
When a indr device add in offload success. After the representor
go away. All the flow_block_cb cleanup but miss del form driver
list.
Fixes: 0fdcf78d5973 ("net: use flow_indr_dev_setup_offload()")
Signed-off-by: wenxu <wenxu@...oud.cn>
---
drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 1 -
drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c | 1 -
drivers/net/ethernet/netronome/nfp/flower/offload.c | 1 -
net/netfilter/nf_flow_table_offload.c | 1 +
net/netfilter/nf_tables_offload.c | 1 +
net/sched/cls_api.c | 1 +
6 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
index 042c285..536c381 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
@@ -1932,7 +1932,6 @@ static int bnxt_tc_setup_indr_block(struct net_device *netdev, struct bnxt *bp,
return -ENOENT;
flow_block_cb_remove(block_cb, f);
- list_del(&block_cb->driver_list);
break;
default:
return -EOPNOTSUPP;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c
index 187f84c..cf53c21 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c
@@ -459,7 +459,6 @@ static void mlx5e_rep_indr_block_unbind(void *cb_priv)
return -ENOENT;
flow_block_cb_remove(block_cb, f);
- list_del(&block_cb->driver_list);
return 0;
default:
return -EOPNOTSUPP;
diff --git a/drivers/net/ethernet/netronome/nfp/flower/offload.c b/drivers/net/ethernet/netronome/nfp/flower/offload.c
index ca2f01a..c3965af 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/offload.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/offload.c
@@ -1701,7 +1701,6 @@ void nfp_flower_setup_indr_tc_release(void *cb_priv)
return -ENOENT;
flow_block_cb_remove(block_cb, f);
- list_del(&block_cb->driver_list);
return 0;
default:
return -EOPNOTSUPP;
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index 62651e6..5fff1e0 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -950,6 +950,7 @@ static void nf_flow_table_indr_cleanup(struct flow_block_cb *block_cb)
nf_flow_table_gc_cleanup(flowtable, dev);
down_write(&flowtable->flow_block_lock);
list_del(&block_cb->list);
+ list_del(&block_cb->driver_list);
flow_block_cb_free(block_cb);
up_write(&flowtable->flow_block_lock);
}
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index 185fc82..e2f54d8 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -226,6 +226,7 @@ static int nft_flow_offload_unbind(struct flow_block_offload *bo,
list_for_each_entry_safe(block_cb, next, &bo->cb_list, list) {
list_del(&block_cb->list);
+ list_del(&block_cb->driver_list);
flow_block_cb_free(block_cb);
}
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index a00a203..f00fcaf 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -1487,6 +1487,7 @@ static void tcf_block_unbind(struct tcf_block *block,
tcf_block_offload_in_use(block),
NULL);
list_del(&block_cb->list);
+ list_del(&block_cb->driver_list);
flow_block_cb_free(block_cb);
if (!bo->unlocked_driver_cb)
block->lockeddevcnt--;
--
1.8.3.1
Powered by blists - more mailing lists