projects / cascardo / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f1122a3) | patch
sfc: protect filter table against use-after-free
authorEdward Cree <ecree@solarflare.com>
Wed, 20 May 2015 10:10:03 +0000 (11:10 +0100)
committerDavid S. Miller <davem@davemloft.net>
Thu, 21 May 2015 22:43:53 +0000 (18:43 -0400)
commit0d322413d6cff0bd2ccafc03ab9314dc55417e9d
treed988fe63fd837ce5127c25f6a517aae0e33d9494tree | snapshot
parentf1122a345b96713eb6e059121c592b3c0612f5becommit | diff
sfc: protect filter table against use-after-free

If MCDI timeouts are encountered during efx_ef10_filter_table_remove(),
an FLR will be queued, but efx->filter_state will still be kfree()d.
The queued FLR will then call efx_ef10_filter_table_restore(), which
will try to use efx->filter_state. This previously caused a panic.
This patch adds an rwsem to protect the existence of efx->filter_state,
separately from the spinlock protecting its contents.  Users which can
race against efx_ef10_filter_table_remove() should down_read this rwsem.

Signed-off-by: Shradha Shah <sshah@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/sfc/ef10.c diff | blob | history
drivers/net/ethernet/sfc/efx.c diff | blob | history
drivers/net/ethernet/sfc/efx.h diff | blob | history
drivers/net/ethernet/sfc/ethtool.c diff | blob | history
drivers/net/ethernet/sfc/net_driver.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.