1 From foo@baz Sat Apr 20 16:43:09 CEST 2019
2 From: Saeed Mahameed <saeedm@mellanox.com>
3 Date: Tue, 19 Mar 2019 22:09:05 -0700
4 Subject: net/mlx5: FPGA, tls, hold rcu read lock a bit longer
6 From: Saeed Mahameed <saeedm@mellanox.com>
8 [ Upstream commit 31634bf5dcc418b5b2cacd954394c0c4620db6a2 ]
10 To avoid use-after-free, hold the rcu read lock until we are done copying
11 flow data into the command buffer.
13 Fixes: ab412e1dd7db ("net/mlx5: Accel, add TLS rx offload routines")
14 Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
15 Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
16 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
18 drivers/net/ethernet/mellanox/mlx5/core/fpga/tls.c | 18 +++++++++---------
19 1 file changed, 9 insertions(+), 9 deletions(-)
21 --- a/drivers/net/ethernet/mellanox/mlx5/core/fpga/tls.c
22 +++ b/drivers/net/ethernet/mellanox/mlx5/core/fpga/tls.c
23 @@ -217,22 +217,22 @@ int mlx5_fpga_tls_resync_rx(struct mlx5_
28 - flow = idr_find(&mdev->fpga->tls->rx_idr, ntohl(handle));
32 - WARN_ONCE(1, "Received NULL pointer for handle\n");
36 buf = kzalloc(size, GFP_ATOMIC);
43 + flow = idr_find(&mdev->fpga->tls->rx_idr, ntohl(handle));
44 + if (unlikely(!flow)) {
46 + WARN_ONCE(1, "Received NULL pointer for handle\n");
50 mlx5_fpga_tls_flow_to_cmd(flow, cmd);
53 MLX5_SET(tls_cmd, cmd, swid, ntohl(handle));
54 MLX5_SET64(tls_cmd, cmd, tls_rcd_sn, be64_to_cpu(rcd_sn));