sfc: Allow filter removal only with exactly matching priority
authorBen Hutchings <bhutchings@solarflare.com>
Thu, 21 Nov 2013 19:11:47 +0000 (19:11 +0000)
committerBen Hutchings <bhutchings@solarflare.com>
Thu, 12 Dec 2013 22:07:24 +0000 (22:07 +0000)
Currently a higher priority client can remove a lower priority
client's filter with equal match-expression.  This might happen if (a)
the higher priority client has a double-free bug, or (b) another
client with sufficient priority replaced and then removed an equal
filter, allowing the low priority client to insert an equal filter.

In neither case does it actually make sense to carry out the removal;
we should say the filter doesn't exist, as the filter currently
present is not the one that the high-priority client is referring to.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
drivers/net/ethernet/sfc/ef10.c
drivers/net/ethernet/sfc/farch.c

index 2adc8e45461bb051fce4cb075c1776247d130cf4..155602c500d522b0a6d54c70b916fd22420cf1e6 100644 (file)
@@ -2563,7 +2563,7 @@ static int efx_ef10_filter_remove_internal(struct efx_nic *efx,
                goto out_unlock;
        }
 
-       if (spec->priority > priority) {
+       if (spec->priority != priority) {
                rc = -ENOENT;
                goto out_unlock;
        }
index 378d6b968c4c7b20855e180ae41f1f928c446451..eed0741c2497014faaa720051873ec72135f753e 100644 (file)
@@ -2543,7 +2543,7 @@ static int efx_farch_filter_remove(struct efx_nic *efx,
        struct efx_farch_filter_spec *spec = &table->spec[filter_idx];
 
        if (!test_bit(filter_idx, table->used_bitmap) ||
-           spec->priority > priority)
+           spec->priority != priority)
                return -ENOENT;
 
        if (spec->flags & EFX_FILTER_FLAG_RX_OVER_AUTO) {