From ed5672d82c5f0a0d3438cc6752e971dc2775cd4e Mon Sep 17 00:00:00 2001 From: Xiaoliang Yang Date: Wed, 30 Sep 2020 01:27:22 +0300 Subject: net: mscc: ocelot: return error if VCAP filter is not found MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Although it doesn't look like it is possible to hit these conditions from user space, there are 2 separate, but related, issues. First, the ocelot_vcap_block_get_filter_index function, née ocelot_ace_rule_get_index_id prior to the aae4e500e106 ("net: mscc: ocelot: generalize the "ACE/ACL" names") rename, does not do what the author probably intended. If the desired filter entry is not present in the ACL block, this function returns an index equal to the total number of filters, instead of -1, which is maybe what was intended, judging from the curious initialization with -1, and the "++index" idioms. Either way, none of the callers seems to expect this behavior. Second issue, the callers don't actually check the return value at all. So in case the filter is not found in the rule list, propagate the return code. So update the callers and also take the opportunity to get rid of the odd coding idioms that appear to work but don't. Signed-off-by: Xiaoliang Yang Signed-off-by: Vladimir Oltean Signed-off-by: David S. Miller --- drivers/net/ethernet/mscc/ocelot_vcap.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'drivers/net/ethernet/mscc/ocelot_vcap.c') diff --git a/drivers/net/ethernet/mscc/ocelot_vcap.c b/drivers/net/ethernet/mscc/ocelot_vcap.c index 3ef620faf995..51d442ca5cb3 100644 --- a/drivers/net/ethernet/mscc/ocelot_vcap.c +++ b/drivers/net/ethernet/mscc/ocelot_vcap.c @@ -726,14 +726,15 @@ static int ocelot_vcap_block_get_filter_index(struct ocelot_vcap_block *block, struct ocelot_vcap_filter *filter) { struct ocelot_vcap_filter *tmp; - int index = -1; + int index = 0; list_for_each_entry(tmp, &block->rules, list) { - ++index; if (filter->id == tmp->id) - break; + return index; + index++; } - return index; + + return -ENOENT; } static struct ocelot_vcap_filter* @@ -877,6 +878,8 @@ int ocelot_vcap_filter_add(struct ocelot *ocelot, /* Get the index of the inserted filter */ index = ocelot_vcap_block_get_filter_index(block, filter); + if (index < 0) + return index; /* Move down the rules to make place for the new filter */ for (i = block->count - 1; i > index; i--) { @@ -924,6 +927,8 @@ int ocelot_vcap_filter_del(struct ocelot *ocelot, /* Gets index of the filter */ index = ocelot_vcap_block_get_filter_index(block, filter); + if (index < 0) + return index; /* Delete filter */ ocelot_vcap_block_remove_filter(ocelot, block, filter); @@ -950,6 +955,9 @@ int ocelot_vcap_filter_stats_update(struct ocelot *ocelot, int index; index = ocelot_vcap_block_get_filter_index(block, filter); + if (index < 0) + return index; + is2_entry_get(ocelot, filter, index); /* After we get the result we need to clear the counters */ -- cgit