sfc: protect filter table against use-after-free

If MCDI timeouts are encountered during efx_ef10_filter_table_remove(), an FLR will be queued, but efx->filter_state will still be kfree()d. The queued FLR will then call efx_ef10_filter_table_restore(), which will try to use efx->filter_state. This previously caused a panic. This patch adds an rwsem to protect the existence of efx->filter_state, separately from the spinlock protecting its contents. Users which can race against efx_ef10_filter_table_remove() should down_read this rwsem. Signed-off-by: Shradha Shah <sshah@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Edward Cree <ecree@solarflare.com> 2015-05-20 13:10:03 +0300
committer: David S. Miller <davem@davemloft.net> 2015-05-22 01:43:53 +0300
commit: 0d322413d6cff0bd2ccafc03ab9314dc55417e9d (patch)
tree: d988fe63fd837ce5127c25f6a517aae0e33d9494 /drivers/net/ethernet/sfc/efx.h
parent: f1122a345b96713eb6e059121c592b3c0612f5be (diff)
download: linux-0d322413d6cff0bd2ccafc03ab9314dc55417e9d.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/net/ethernet/sfc/efx.h b/drivers/net/ethernet/sfc/efx.h
index 9097906ecfb4..46aee41a7c27 100644
--- a/drivers/net/ethernet/sfc/efx.h
+++ b/drivers/net/ethernet/sfc/efx.h
@@ -74,6 +74,8 @@ void efx_schedule_slow_fill(struct efx_rx_queue *rx_queue);
 
 /* Filters */
 
+void efx_mac_reconfigure(struct efx_nic *efx);
+
 /**
  * efx_filter_insert_filter - add or replace a filter
  * @efx: NIC in which to insert the filter
author	Edward Cree <ecree@solarflare.com>	2015-05-20 13:10:03 +0300
committer	David S. Miller <davem@davemloft.net>	2015-05-22 01:43:53 +0300
commit	0d322413d6cff0bd2ccafc03ab9314dc55417e9d (patch)
tree	d988fe63fd837ce5127c25f6a517aae0e33d9494 /drivers/net/ethernet/sfc/efx.h
parent	f1122a345b96713eb6e059121c592b3c0612f5be (diff)
download	linux-0d322413d6cff0bd2ccafc03ab9314dc55417e9d.tar.xz