switchdev: pass pointer to fib_info instead of copy

The problem is that fib_info->nh is [0] so the struct fib_info
allocation size depends on number of nexthops. If we just copy fib_info,
we do not copy the nexthops info and driver accesses memory which is not
ours.

Given the fact that fib4 does not defer operations and therefore it does
not need copy, just pass the pointer down to drivers as it was done
before.

Fixes: 850d0cbc91 ("switchdev: remove pointers from switchdev objects")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/rocker/rocker_ofdpa.c b/drivers/net/ethernet/rocker/rocker_ofdpa.c
index 0e758bcb26b01546ad90ac5111e2a40d09a373ef..1ca796316173349ad17232cbc793be5ef94032d6 100644 (file)
--- a/drivers/net/ethernet/rocker/rocker_ofdpa.c
+++ b/drivers/net/ethernet/rocker/rocker_ofdpa.c
@@ -2727,7 +2727,7 @@ static int ofdpa_port_obj_fib4_add(struct rocker_port *rocker_port,
 
        return ofdpa_port_fib_ipv4(ofdpa_port, trans,
                                   htonl(fib4->dst), fib4->dst_len,
-                                  &fib4->fi, fib4->tb_id, 0);
+                                  fib4->fi, fib4->tb_id, 0);
 }
 
 static int ofdpa_port_obj_fib4_del(struct rocker_port *rocker_port,
@@ -2737,7 +2737,7 @@ static int ofdpa_port_obj_fib4_del(struct rocker_port *rocker_port,
 
        return ofdpa_port_fib_ipv4(ofdpa_port, NULL,
                                   htonl(fib4->dst), fib4->dst_len,
-                                  &fib4->fi, fib4->tb_id,
+                                  fib4->fi, fib4->tb_id,
                                   OFDPA_OP_FLAG_REMOVE);
 }
 

diff --git a/include/net/switchdev.h b/include/net/switchdev.h
index 51d77b2ce2b291d6ffa3c3f467ddf8c564892e48..985619a593230a6532017e4f61dfaa945b04a08f 100644 (file)
--- a/include/net/switchdev.h
+++ b/include/net/switchdev.h
@@ -97,7 +97,7 @@ struct switchdev_obj_ipv4_fib {
        struct switchdev_obj obj;
        u32 dst;
        int dst_len;
-       struct fib_info fi;
+       struct fib_info *fi;
        u8 tos;
        u8 type;
        u32 nlflags;

diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c
index b7e01d88bdc5f74c85813b3fb9fa1bbf358abaaf..59658b2e9cdf7e5bf4240d1572b265976053f1a6 100644 (file)
--- a/net/switchdev/switchdev.c
+++ b/net/switchdev/switchdev.c
@@ -1188,6 +1188,7 @@ int switchdev_fib_ipv4_add(u32 dst, int dst_len, struct fib_info *fi,
                .obj.id = SWITCHDEV_OBJ_ID_IPV4_FIB,
                .dst = dst,
                .dst_len = dst_len,
+               .fi = fi,
                .tos = tos,
                .type = type,
                .nlflags = nlflags,
@@ -1196,8 +1197,6 @@ int switchdev_fib_ipv4_add(u32 dst, int dst_len, struct fib_info *fi,
        struct net_device *dev;
        int err = 0;
 
-       memcpy(&ipv4_fib.fi, fi, sizeof(ipv4_fib.fi));
-
        /* Don't offload route if using custom ip rules or if
         * IPv4 FIB offloading has been disabled completely.
         */
@@ -1242,6 +1241,7 @@ int switchdev_fib_ipv4_del(u32 dst, int dst_len, struct fib_info *fi,
                .obj.id = SWITCHDEV_OBJ_ID_IPV4_FIB,
                .dst = dst,
                .dst_len = dst_len,
+               .fi = fi,
                .tos = tos,
                .type = type,
                .nlflags = 0,
@@ -1250,8 +1250,6 @@ int switchdev_fib_ipv4_del(u32 dst, int dst_len, struct fib_info *fi,
        struct net_device *dev;
        int err = 0;
 
-       memcpy(&ipv4_fib.fi, fi, sizeof(ipv4_fib.fi));
-
        if (!(fi->fib_flags & RTNH_F_OFFLOAD))
                return 0;