[openEuler-21.09 059/141] net: hns3: fix use-after-free issue for hclge_add_fd_entry_common()

24 Jul 2021

From: Jian Shen shenjian15@huawei.com
mainline inclusion
from mainline-v5.13-rc1
commit 64ff58fa3bfcf26bc893ea425a0553b561ca5298
category: bugfix
bugzilla: 173966
CVE: NA
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
----------------------------------------------------------------------
When new rule state is TO_ADD or ACTIVE, and there is already a
rule with same location in the fd_rule_list, the new rule will
be freed after modifying the old rule. It may cause user-after-free
issue when access rule again in hclge_add_fd_entry_common().
Fixes: fc4243b8de8b ("net: hns3: refactor flow director configuration")
Signed-off-by: Jian Shen shenjian15@huawei.com
Signed-off-by: Huazhong Tan tanhuazhong@huawei.com
Signed-off-by: David S. Miller davem@davemloft.net
Reviewed-by: Yongxin Li liyongxin1@huawei.com
Signed-off-by: Junxin Chen chenjunxin1@huawei.com
Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com
---
 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
index bee674cafeba..a814fab9d54d 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -6440,8 +6440,8 @@ static int hclge_add_fd_entry_common(struct hclge_dev *hdev,
    	goto out;
rule->state = HCLGE_FD_ACTIVE;
-	hclge_update_fd_list(hdev, rule->state, rule->location, rule);
    hdev->fd_active_type = rule->rule_type;
+	hclge_update_fd_list(hdev, rule->state, rule->location, rule);
out:
    spin_unlock_bh(&hdev->fd_rule_lock);
-- 
2.20.1

    

2024

2023

2022

2021

2020

2019

[openEuler-21.09 059/141] net: hns3: fix use-after-free issue for hclge_add_fd_entry_common()