net: hns3: fix use-after-free issue for hclge_add_fd_entry_common()

When new rule state is TO_ADD or ACTIVE, and there is already a
rule with same location in the fd_rule_list, the new rule will
be freed after modifying the old rule. It may cause user-after-free
issue when access rule again in hclge_add_fd_entry_common().

Fixes: fc4243b8de8b ("net: hns3: refactor flow director configuration")
Signed-off-by: Jian Shen <shenjian15@huawei.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
index 57cee12329a42610597f55736cc0a9f9567c67a1..cf99feef987bda5d7bae45a434686d423d5c1b55 100644 (file)
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -6440,8 +6440,8 @@ static int hclge_add_fd_entry_common(struct hclge_dev *hdev,
                goto out;
 
        rule->state = HCLGE_FD_ACTIVE;
-       hclge_update_fd_list(hdev, rule->state, rule->location, rule);
        hdev->fd_active_type = rule->rule_type;
+       hclge_update_fd_list(hdev, rule->state, rule->location, rule);
 
 out:
        spin_unlock_bh(&hdev->fd_rule_lock);