diff options
| author | Edward Cree <ecree@solarflare.com> | 2015-05-20 12:10:03 +0200 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-05-22 00:43:53 +0200 |
| commit | 0d322413d6cff0bd2ccafc03ab9314dc55417e9d (patch) | |
| tree | d988fe63fd837ce5127c25f6a517aae0e33d9494 /drivers/net/ethernet/sfc/ethtool.c | |
| parent | sfc: Store the efx_nic struct of the current VF in the VF data struct (diff) | |
| download | linux-0d322413d6cff0bd2ccafc03ab9314dc55417e9d.tar.xz linux-0d322413d6cff0bd2ccafc03ab9314dc55417e9d.zip | |
sfc: protect filter table against use-after-free
If MCDI timeouts are encountered during efx_ef10_filter_table_remove(),
an FLR will be queued, but efx->filter_state will still be kfree()d.
The queued FLR will then call efx_ef10_filter_table_restore(), which
will try to use efx->filter_state. This previously caused a panic.
This patch adds an rwsem to protect the existence of efx->filter_state,
separately from the spinlock protecting its contents. Users which can
race against efx_ef10_filter_table_remove() should down_read this rwsem.
Signed-off-by: Shradha Shah <sshah@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/ethernet/sfc/ethtool.c')
| -rw-r--r-- | drivers/net/ethernet/sfc/ethtool.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/ethernet/sfc/ethtool.c b/drivers/net/ethernet/sfc/ethtool.c index 03829b48547a..034797661f96 100644 --- a/drivers/net/ethernet/sfc/ethtool.c +++ b/drivers/net/ethernet/sfc/ethtool.c @@ -734,7 +734,7 @@ static int efx_ethtool_set_pauseparam(struct net_device *net_dev, /* Reconfigure the MAC. The PHY *may* generate a link state change event * if the user just changed the advertised capabilities, but there's no * harm doing this twice */ - efx->type->reconfigure_mac(efx); + efx_mac_reconfigure(efx); out: mutex_unlock(&efx->mac_lock); |