diff mbox series

nfp: flower: Fix a potential theorical leak in nfp_tunnel_add_shared_mac()

Message ID 49e30a009f6fc56cfb76eb2c922740ac64c7767d.1644433109.git.christophe.jaillet@wanadoo.fr (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series nfp: flower: Fix a potential theorical leak in nfp_tunnel_add_shared_mac() | expand

Checks

Context Check Description
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers warning 1 maintainers not CCed: louis.peens@corigine.com
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 45 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/tree_selection success Guessing tree name failed - patch did not apply

Commit Message

Christophe JAILLET Feb. 9, 2022, 6:58 p.m. UTC 
ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX)
inclusive.
So NFP_MAX_MAC_INDEX (0xff) is a valid id

In order for the error handling path to work correctly, the 'invalid'
value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range,
inclusive.

So set it to -1.

While at it, use ida_alloc_xxx()/ida_free() instead to
ida_simple_get()/ida_simple_remove().
The latter is deprecated and more verbose.

Fixes: 20cce8865098 ("nfp: flower: enable MAC address sharing for offloadable devs")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
 .../ethernet/netronome/nfp/flower/tunnel_conf.c    | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

Comments

Simon Horman Feb. 10, 2022, 1:04 p.m. UTC | #1 
Hi Christophe,

On Wed, Feb 09, 2022 at 07:58:47PM +0100, Christophe JAILLET wrote:
> ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX)
> inclusive.
> So NFP_MAX_MAC_INDEX (0xff) is a valid id
> 
> In order for the error handling path to work correctly, the 'invalid'
> value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range,
> inclusive.
> 
> So set it to -1.
> 
> While at it, use ida_alloc_xxx()/ida_free() instead to
> ida_simple_get()/ida_simple_remove().
> The latter is deprecated and more verbose.
> 
> Fixes: 20cce8865098 ("nfp: flower: enable MAC address sharing for offloadable devs")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>

Thanks for your patch.

I agree that it is indeed a problem and your fix looks good.
I would, however, prefer if the patch was split into two:

1. Bug fix
2. ida_alloc_xxx()/ida_free() cleanup

Thanks again,
Simon

...
Christophe JAILLET Feb. 10, 2022, 6:39 p.m. UTC | #2 
Le 10/02/2022 à 14:04, Simon Horman a écrit :
> Hi Christophe,
> 
> On Wed, Feb 09, 2022 at 07:58:47PM +0100, Christophe JAILLET wrote:
>> ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX)
>> inclusive.
>> So NFP_MAX_MAC_INDEX (0xff) is a valid id
>>
>> In order for the error handling path to work correctly, the 'invalid'
>> value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range,
>> inclusive.
>>
>> So set it to -1.
>>
>> While at it, use ida_alloc_xxx()/ida_free() instead to
>> ida_simple_get()/ida_simple_remove().
>> The latter is deprecated and more verbose.
>>
>> Fixes: 20cce8865098 ("nfp: flower: enable MAC address sharing for offloadable devs")
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> 
> Thanks for your patch.
> 
> I agree that it is indeed a problem and your fix looks good.
> I would, however, prefer if the patch was split into two:
> 
> 1. Bug fix
> 2. ida_alloc_xxx()/ida_free() cleanup

I'll send a v2.

I added it because some other maintainers have asked for it in other 
similar patches. Everyone's taste is different :).

CJ



> 
> Thanks again,
> Simon
> 
> ...
>
Simon Horman Feb. 10, 2022, 6:47 p.m. UTC | #3 
On Thu, Feb 10, 2022 at 07:39:29PM +0100, Christophe JAILLET wrote:
> Le 10/02/2022 à 14:04, Simon Horman a écrit :
> > Hi Christophe,
> > 
> > On Wed, Feb 09, 2022 at 07:58:47PM +0100, Christophe JAILLET wrote:
> > > ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX)
> > > inclusive.
> > > So NFP_MAX_MAC_INDEX (0xff) is a valid id
> > > 
> > > In order for the error handling path to work correctly, the 'invalid'
> > > value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range,
> > > inclusive.
> > > 
> > > So set it to -1.
> > > 
> > > While at it, use ida_alloc_xxx()/ida_free() instead to
> > > ida_simple_get()/ida_simple_remove().
> > > The latter is deprecated and more verbose.
> > > 
> > > Fixes: 20cce8865098 ("nfp: flower: enable MAC address sharing for offloadable devs")
> > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> > 
> > Thanks for your patch.
> > 
> > I agree that it is indeed a problem and your fix looks good.
> > I would, however, prefer if the patch was split into two:
> > 
> > 1. Bug fix
> > 2. ida_alloc_xxx()/ida_free() cleanup
> 
> I'll send a v2.
> 
> I added it because some other maintainers have asked for it in other similar
> patches. Everyone's taste is different :).

Thanks, much appreciated.
diff mbox series

Patch

diff --git a/drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c b/drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c
index ce865e619568..b60c2b78ba04 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c
@@ -922,8 +922,8 @@  nfp_tunnel_add_shared_mac(struct nfp_app *app, struct net_device *netdev,
 			  int port, bool mod)
 {
 	struct nfp_flower_priv *priv = app->priv;
-	int ida_idx = NFP_MAX_MAC_INDEX, err;
 	struct nfp_tun_offloaded_mac *entry;
+	int ida_idx = -1, err;
 	u16 nfp_mac_idx = 0;
 
 	entry = nfp_tunnel_lookup_offloaded_macs(app, netdev->dev_addr);
@@ -942,8 +942,8 @@  nfp_tunnel_add_shared_mac(struct nfp_app *app, struct net_device *netdev,
 	if (!nfp_mac_idx) {
 		/* Assign a global index if non-repr or MAC is now shared. */
 		if (entry || !port) {
-			ida_idx = ida_simple_get(&priv->tun.mac_off_ids, 0,
-						 NFP_MAX_MAC_INDEX, GFP_KERNEL);
+			ida_idx = ida_alloc_max(&priv->tun.mac_off_ids,
+						NFP_MAX_MAC_INDEX, GFP_KERNEL);
 			if (ida_idx < 0)
 				return ida_idx;
 
@@ -997,8 +997,8 @@  nfp_tunnel_add_shared_mac(struct nfp_app *app, struct net_device *netdev,
 err_free_entry:
 	kfree(entry);
 err_free_ida:
-	if (ida_idx != NFP_MAX_MAC_INDEX)
-		ida_simple_remove(&priv->tun.mac_off_ids, ida_idx);
+	if (ida_idx != -1)
+		ida_free(&priv->tun.mac_off_ids, ida_idx);
 
 	return err;
 }
@@ -1063,7 +1063,7 @@  nfp_tunnel_del_shared_mac(struct nfp_app *app, struct net_device *netdev,
 		}
 
 		ida_idx = nfp_tunnel_get_ida_from_global_mac_idx(entry->index);
-		ida_simple_remove(&priv->tun.mac_off_ids, ida_idx);
+		ida_free(&priv->tun.mac_off_ids, ida_idx);
 		entry->index = nfp_mac_idx;
 		return 0;
 	}
@@ -1077,7 +1077,7 @@  nfp_tunnel_del_shared_mac(struct nfp_app *app, struct net_device *netdev,
 	/* If MAC has global ID then extract and free the ida entry. */
 	if (nfp_tunnel_is_mac_idx_global(entry->index)) {
 		ida_idx = nfp_tunnel_get_ida_from_global_mac_idx(entry->index);
-		ida_simple_remove(&priv->tun.mac_off_ids, ida_idx);
+		ida_free(&priv->tun.mac_off_ids, ida_idx);
 	}
 
 	kfree(entry);