| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <49e30a009f6fc56cfb76eb2c922740ac64c7767d.1644433109.git.christophe.jaillet@wanadoo.fr>
Date: Wed, 9 Feb 2022 19:58:47 +0100
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: Simon Horman <simon.horman@...igine.com>,
Jakub Kicinski <kuba@...nel.org>,
"David S. Miller" <davem@...emloft.net>,
John Hurley <john.hurley@...ronome.com>
Cc: linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
Christophe JAILLET <christophe.jaillet@...adoo.fr>,
oss-drivers@...igine.com, netdev@...r.kernel.org
Subject: [PATCH] nfp: flower: Fix a potential theorical leak in nfp_tunnel_add_shared_mac()
ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX)
inclusive.
So NFP_MAX_MAC_INDEX (0xff) is a valid id
In order for the error handling path to work correctly, the 'invalid'
value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range,
inclusive.
So set it to -1.
While at it, use ida_alloc_xxx()/ida_free() instead to
ida_simple_get()/ida_simple_remove().
The latter is deprecated and more verbose.
Fixes: 20cce8865098 ("nfp: flower: enable MAC address sharing for offloadable devs")
Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
---
.../ethernet/netronome/nfp/flower/tunnel_conf.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c b/drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c
index ce865e619568..b60c2b78ba04 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c
@@ -922,8 +922,8 @@ nfp_tunnel_add_shared_mac(struct nfp_app *app, struct net_device *netdev,
int port, bool mod)
{
struct nfp_flower_priv *priv = app->priv;
- int ida_idx = NFP_MAX_MAC_INDEX, err;
struct nfp_tun_offloaded_mac *entry;
+ int ida_idx = -1, err;
u16 nfp_mac_idx = 0;
entry = nfp_tunnel_lookup_offloaded_macs(app, netdev->dev_addr);
@@ -942,8 +942,8 @@ nfp_tunnel_add_shared_mac(struct nfp_app *app, struct net_device *netdev,
if (!nfp_mac_idx) {
/* Assign a global index if non-repr or MAC is now shared. */
if (entry || !port) {
- ida_idx = ida_simple_get(&priv->tun.mac_off_ids, 0,
- NFP_MAX_MAC_INDEX, GFP_KERNEL);
+ ida_idx = ida_alloc_max(&priv->tun.mac_off_ids,
+ NFP_MAX_MAC_INDEX, GFP_KERNEL);
if (ida_idx < 0)
return ida_idx;
@@ -997,8 +997,8 @@ nfp_tunnel_add_shared_mac(struct nfp_app *app, struct net_device *netdev,
err_free_entry:
kfree(entry);
err_free_ida:
- if (ida_idx != NFP_MAX_MAC_INDEX)
- ida_simple_remove(&priv->tun.mac_off_ids, ida_idx);
+ if (ida_idx != -1)
+ ida_free(&priv->tun.mac_off_ids, ida_idx);
return err;
}
@@ -1063,7 +1063,7 @@ nfp_tunnel_del_shared_mac(struct nfp_app *app, struct net_device *netdev,
}
ida_idx = nfp_tunnel_get_ida_from_global_mac_idx(entry->index);
- ida_simple_remove(&priv->tun.mac_off_ids, ida_idx);
+ ida_free(&priv->tun.mac_off_ids, ida_idx);
entry->index = nfp_mac_idx;
return 0;
}
@@ -1077,7 +1077,7 @@ nfp_tunnel_del_shared_mac(struct nfp_app *app, struct net_device *netdev,
/* If MAC has global ID then extract and free the ida entry. */
if (nfp_tunnel_is_mac_idx_global(entry->index)) {
ida_idx = nfp_tunnel_get_ida_from_global_mac_idx(entry->index);
- ida_simple_remove(&priv->tun.mac_off_ids, ida_idx);
+ ida_free(&priv->tun.mac_off_ids, ida_idx);
}
kfree(entry);
--
2.32.0
Powered by blists - more mailing lists