Commit f3b4a00f authored by Emeel Hakim's avatar Emeel Hakim Committed by Jakub Kicinski

net: macsec: fix net device access prior to holding a lock

Currently macsec offload selection update routine accesses
the net device prior to holding the relevant lock.
Fix by holding the lock prior to the device access.

Fixes: dcb780fb ("net: macsec: add nla support for changing the offloading selection")
Reviewed-by: default avatarRaed Salem <raeds@nvidia.com>
Signed-off-by: default avatarEmeel Hakim <ehakim@nvidia.com>
Link: https://lore.kernel.org/r/20221211075532.28099-1-ehakim@nvidia.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 7e68dd7d
...@@ -2593,7 +2593,7 @@ static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info) ...@@ -2593,7 +2593,7 @@ static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info)
const struct macsec_ops *ops; const struct macsec_ops *ops;
struct macsec_context ctx; struct macsec_context ctx;
struct macsec_dev *macsec; struct macsec_dev *macsec;
int ret; int ret = 0;
if (!attrs[MACSEC_ATTR_IFINDEX]) if (!attrs[MACSEC_ATTR_IFINDEX])
return -EINVAL; return -EINVAL;
...@@ -2606,28 +2606,36 @@ static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info) ...@@ -2606,28 +2606,36 @@ static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info)
macsec_genl_offload_policy, NULL)) macsec_genl_offload_policy, NULL))
return -EINVAL; return -EINVAL;
rtnl_lock();
dev = get_dev_from_nl(genl_info_net(info), attrs); dev = get_dev_from_nl(genl_info_net(info), attrs);
if (IS_ERR(dev)) if (IS_ERR(dev)) {
return PTR_ERR(dev); ret = PTR_ERR(dev);
goto out;
}
macsec = macsec_priv(dev); macsec = macsec_priv(dev);
if (!tb_offload[MACSEC_OFFLOAD_ATTR_TYPE]) if (!tb_offload[MACSEC_OFFLOAD_ATTR_TYPE]) {
return -EINVAL; ret = -EINVAL;
goto out;
}
offload = nla_get_u8(tb_offload[MACSEC_OFFLOAD_ATTR_TYPE]); offload = nla_get_u8(tb_offload[MACSEC_OFFLOAD_ATTR_TYPE]);
if (macsec->offload == offload) if (macsec->offload == offload)
return 0; goto out;
/* Check if the offloading mode is supported by the underlying layers */ /* Check if the offloading mode is supported by the underlying layers */
if (offload != MACSEC_OFFLOAD_OFF && if (offload != MACSEC_OFFLOAD_OFF &&
!macsec_check_offload(offload, macsec)) !macsec_check_offload(offload, macsec)) {
return -EOPNOTSUPP; ret = -EOPNOTSUPP;
goto out;
}
/* Check if the net device is busy. */ /* Check if the net device is busy. */
if (netif_running(dev)) if (netif_running(dev)) {
return -EBUSY; ret = -EBUSY;
goto out;
rtnl_lock(); }
prev_offload = macsec->offload; prev_offload = macsec->offload;
macsec->offload = offload; macsec->offload = offload;
...@@ -2662,7 +2670,7 @@ static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info) ...@@ -2662,7 +2670,7 @@ static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info)
rollback: rollback:
macsec->offload = prev_offload; macsec->offload = prev_offload;
out:
rtnl_unlock(); rtnl_unlock();
return ret; return ret;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment