net/sfc: fix double free on encap. transfer flow rule path
Checks
Commit Message
Don't free the outer match spec by its pointer in the parsing context
if it has already been tracked by an entry in the outer rule registry.
Fixes: dadff137931c ("net/sfc: support encap flow items in transfer rules")
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
---
drivers/net/sfc/sfc_mae.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Comments
On 11/16/20 10:23 PM, Ivan Malov wrote:
> Don't free the outer match spec by its pointer in the parsing context
> if it has already been tracked by an entry in the outer rule registry.
>
> Fixes: dadff137931c ("net/sfc: support encap flow items in transfer rules")
>
> Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
On 11/17/2020 7:39 AM, Andrew Rybchenko wrote:
> On 11/16/20 10:23 PM, Ivan Malov wrote:
>> Don't free the outer match spec by its pointer in the parsing context
>> if it has already been tracked by an entry in the outer rule registry.
>>
>> Fixes: dadff137931c ("net/sfc: support encap flow items in transfer rules")
>>
>> Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
>
> Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
>
Applied to dpdk-next-net/main, thanks.
@@ -1607,6 +1607,9 @@ sfc_mae_rule_process_outer(struct sfc_adapter *sa,
}
}
+ /* The spec has now been tracked by the outer rule entry. */
+ ctx->match_spec_outer = NULL;
+
/*
* Depending on whether we reuse an existing outer rule or create a
* new one (see above), outer rule ID is either a valid value or
@@ -1717,7 +1720,8 @@ sfc_mae_rule_encap_parse_fini(struct sfc_adapter *sa,
if (ctx->encap_type == EFX_TUNNEL_PROTOCOL_NONE)
return;
- efx_mae_match_spec_fini(sa->nic, ctx->match_spec_outer);
+ if (ctx->match_spec_outer != NULL)
+ efx_mae_match_spec_fini(sa->nic, ctx->match_spec_outer);
}
int