immortalwrt-mt798x/target/linux/layerscape/patches-5.4/701-net-0065-sdk_dpaa-ceetm-avoid-use-after-free-scenarios.patch
Yangbo Lu cddd459140 layerscape: add patches-5.4
Add patches for linux-5.4. The patches are from NXP LSDK-20.04 release
which was tagged LSDK-20.04-V5.4.
https://source.codeaurora.org/external/qoriq/qoriq-components/linux/

For boards LS1021A-IOT, and Traverse-LS1043 which are not involved in
LSDK, port the dts patches from 4.14.

The patches are sorted into the following categories:
  301-arch-xxxx
  302-dts-xxxx
  303-core-xxxx
  701-net-xxxx
  801-audio-xxxx
  802-can-xxxx
  803-clock-xxxx
  804-crypto-xxxx
  805-display-xxxx
  806-dma-xxxx
  807-gpio-xxxx
  808-i2c-xxxx
  809-jailhouse-xxxx
  810-keys-xxxx
  811-kvm-xxxx
  812-pcie-xxxx
  813-pm-xxxx
  814-qe-xxxx
  815-sata-xxxx
  816-sdhc-xxxx
  817-spi-xxxx
  818-thermal-xxxx
  819-uart-xxxx
  820-usb-xxxx
  821-vfio-xxxx

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00

68 lines
2.4 KiB
Diff

From fad6f73dc4367adb852ce6953f93f12cbb97b894 Mon Sep 17 00:00:00 2001
From: Camelia Groza <camelia.groza@nxp.com>
Date: Fri, 18 May 2018 10:33:37 +0300
Subject: [PATCH] sdk_dpaa: ceetm: avoid use-after-free scenarios
Once the pfiofo qdiscs are grafted to the netdev queues, they are destroyed
by the kernel when required. Remove references to the pfifo qdiscs after
grafting, in order to avoid double free scenarios.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
---
.../ethernet/freescale/sdk_dpaa/dpaa_eth_ceetm.c | 23 +++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
--- a/drivers/net/ethernet/freescale/sdk_dpaa/dpaa_eth_ceetm.c
+++ b/drivers/net/ethernet/freescale/sdk_dpaa/dpaa_eth_ceetm.c
@@ -477,7 +477,9 @@ static void ceetm_destroy(struct Qdisc *
if (!priv->root.qdiscs)
break;
- /* Remove the pfifo qdiscs */
+ /* Destroy the pfifo qdiscs in case they haven't been attached
+ * to the netdev queues yet.
+ */
for (ntx = 0; ntx < dev->num_tx_queues; ntx++)
if (priv->root.qdiscs[ntx])
qdisc_destroy(priv->root.qdiscs[ntx]);
@@ -608,7 +610,16 @@ static int ceetm_init_root(struct Qdisc
goto err_init_root;
}
- /* pre-allocate underlying pfifo qdiscs */
+ /* Pre-allocate underlying pfifo qdiscs.
+ *
+ * We want to offload shaping and scheduling decisions to the hardware.
+ * The pfifo qdiscs will be attached to the netdev queues and will
+ * guide the traffic from the IP stack down to the driver with minimum
+ * interference.
+ *
+ * The CEETM qdiscs and classes will be crossed when the traffic
+ * reaches the driver.
+ */
priv->root.qdiscs = kcalloc(dev->num_tx_queues,
sizeof(priv->root.qdiscs[0]),
GFP_KERNEL);
@@ -1280,7 +1291,10 @@ static int ceetm_change(struct Qdisc *sc
return ret;
}
-/* Attach the underlying pfifo qdiscs */
+/* Graft the underlying pfifo qdiscs to the netdev queues.
+ * It's safe to remove our references at this point, since the kernel will
+ * destroy the qdiscs on its own and no cleanup from our part is required.
+ */
static void ceetm_attach(struct Qdisc *sch)
{
struct net_device *dev = qdisc_dev(sch);
@@ -1296,6 +1310,9 @@ static void ceetm_attach(struct Qdisc *s
if (old_qdisc)
qdisc_destroy(old_qdisc);
}
+
+ kfree(priv->root.qdiscs);
+ priv->root.qdiscs = NULL;
}
static unsigned long ceetm_cls_search(struct Qdisc *sch, u32 handle)