Commit 1d1997db authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Revert "nfp: abm: fix memory leak in nfp_abm_u32_knode_replace" 



This reverts commit 78beef62 ("nfp: abm: fix memory leak in
nfp_abm_u32_knode_replace").

The quoted commit does not fix anything and resulted in a bogus
CVE-2019-19076.

If match is NULL then it is known there is no matching entry in
list, hence, calling nfp_abm_u32_knode_delete() is pointless.

Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: default avatarJohn Hurley <john.hurley@netronome.com>
parent 1f4782ae

drivers/net/ethernet/netronome/nfp/abm/cls.c

+4 −10
Original line number Diff line number Diff line
@@ -176,10 +176,8 @@ nfp_abm_u32_knode_replace(struct nfp_abm_link *alink, 
	u8 mask, val;

	int err;



	if (!nfp_abm_u32_check_knode(alink->abm, knode, proto, extack)) {

		err = -EOPNOTSUPP;

	if (!nfp_abm_u32_check_knode(alink->abm, knode, proto, extack))

		goto err_delete;

	}



	tos_off = proto == htons(ETH_P_IP) ? 16 : 20;
@@ -200,18 +198,14 @@ nfp_abm_u32_knode_replace(struct nfp_abm_link *alink, 
		if ((iter->val & cmask) == (val & cmask) &&

		    iter->band != knode->res->classid) {

			NL_SET_ERR_MSG_MOD(extack, "conflict with already offloaded filter");

			err = -EOPNOTSUPP;

			goto err_delete;

		}

	}



	if (!match) {

		match = kzalloc(sizeof(*match), GFP_KERNEL);

		if (!match) {

			err = -ENOMEM;

			goto err_delete;

		}



		if (!match)

			return -ENOMEM;

		list_add(&match->list, &alink->dscp_map);

	}

	match->handle = knode->handle;
@@ -227,7 +221,7 @@ nfp_abm_u32_knode_replace(struct nfp_abm_link *alink, 


err_delete:

	nfp_abm_u32_knode_delete(alink, knode);

	return err;

	return -EOPNOTSUPP;

}



static int nfp_abm_setup_tc_block_cb(enum tc_setup_type type,

CRA Git | Maintained and supported by SUSTech CRA and CCSE