From: Jian Shen shenjian15@huawei.com
When new rule state is TO_ADD or ACTIVE, and there is already a rule with same location in the fd_rule_list, the new rule will be freed after modifying the old rule. It may cause user-after-free issue when access rule again in hclge_add_fd_entry_common().
Fixes: fc4243b8de8b ("net: hns3: refactor flow director configuration") Signed-off-by: Jian Shen shenjian15@huawei.com Signed-off-by: Huazhong Tan tanhuazhong@huawei.com --- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c index 08da3e2..042dfd8 100644 --- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c +++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c @@ -6440,8 +6440,8 @@ static int hclge_add_fd_entry_common(struct hclge_dev *hdev, goto out;
rule->state = HCLGE_FD_ACTIVE; - hclge_update_fd_list(hdev, rule->state, rule->location, rule); hdev->fd_active_type = rule->rule_type; + hclge_update_fd_list(hdev, rule->state, rule->location, rule);
out: spin_unlock_bh(&hdev->fd_rule_lock);