diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2018-10-26 07:44:34 -0700 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2018-10-26 07:44:34 -0700 |
| commit | 7f2f2979f9eb7edf0affa7aa2c04c15ef6d43b56 (patch) | |
| tree | d207b03b950a5592d352621b77cd7ace815f7cff | |
| parent | 5eee6c6d86bc8490ba8dc89ed781a50757812915 (diff) | |
| parent | 9ff2be3d72b707fcedbe0350a68937e753ea4c74 (diff) | |
Merge "msm:ipa:Prevent rt rule deletion if rt rule id is invalid"
| -rw-r--r-- | drivers/platform/msm/ipa/ipa_v2/ipa_rt.c | 23 | ||||
| -rw-r--r-- | drivers/platform/msm/ipa/ipa_v3/ipa_rt.c | 27 |
2 files changed, 49 insertions, 1 deletions
diff --git a/drivers/platform/msm/ipa/ipa_v2/ipa_rt.c b/drivers/platform/msm/ipa/ipa_v2/ipa_rt.c index 5bab6d0c626a..4fea1255b360 100644 --- a/drivers/platform/msm/ipa/ipa_v2/ipa_rt.c +++ b/drivers/platform/msm/ipa/ipa_v2/ipa_rt.c @@ -1342,6 +1342,8 @@ int ipa2_reset_rt(enum ipa_ip_type ip, bool user_only) struct ipa_rt_entry *rule_next; struct ipa_rt_tbl_set *rset; u32 apps_start_idx; + struct ipa_hdr_entry *hdr_entry; + struct ipa_hdr_proc_ctx_entry *hdr_proc_entry; int id; bool tbl_user = false; @@ -1395,6 +1397,27 @@ int ipa2_reset_rt(enum ipa_ip_type ip, bool user_only) if (!user_only || rule->ipacm_installed) { list_del(&rule->link); + if (rule->hdr) { + hdr_entry = ipa_id_find( + rule->rule.hdr_hdl); + if (!hdr_entry || + hdr_entry->cookie != IPA_HDR_COOKIE) { + IPAERR_RL( + "Header already deleted\n"); + return -EINVAL; + } + } else if (rule->proc_ctx) { + hdr_proc_entry = + ipa_id_find( + rule->rule.hdr_proc_ctx_hdl); + if (!hdr_proc_entry || + hdr_proc_entry->cookie != + IPA_PROC_HDR_COOKIE) { + IPAERR_RL( + "Proc entry already deleted\n"); + return -EINVAL; + } + } tbl->rule_cnt--; if (rule->hdr) __ipa_release_hdr(rule->hdr->id); diff --git a/drivers/platform/msm/ipa/ipa_v3/ipa_rt.c b/drivers/platform/msm/ipa/ipa_v3/ipa_rt.c index 8f6024c51e1d..256843022dfe 100644 --- a/drivers/platform/msm/ipa/ipa_v3/ipa_rt.c +++ b/drivers/platform/msm/ipa/ipa_v3/ipa_rt.c @@ -1486,6 +1486,8 @@ int ipa3_reset_rt(enum ipa_ip_type ip, bool user_only) struct ipa3_rt_entry *rule; struct ipa3_rt_entry *rule_next; struct ipa3_rt_tbl_set *rset; + struct ipa3_hdr_entry *hdr_entry; + struct ipa3_hdr_proc_ctx_entry *hdr_proc_entry; u32 apps_start_idx; int id; bool tbl_user = false; @@ -1539,6 +1541,27 @@ int ipa3_reset_rt(enum ipa_ip_type ip, bool user_only) if (!user_only || rule->ipacm_installed) { list_del(&rule->link); + if (rule->hdr) { + hdr_entry = ipa3_id_find( + rule->rule.hdr_hdl); + if (!hdr_entry || + hdr_entry->cookie != IPA_HDR_COOKIE) { + IPAERR_RL( + "Header already deleted\n"); + return -EINVAL; + } + } else if (rule->proc_ctx) { + hdr_proc_entry = + ipa3_id_find( + rule->rule.hdr_proc_ctx_hdl); + if (!hdr_proc_entry || + hdr_proc_entry->cookie != + IPA_PROC_HDR_COOKIE) { + IPAERR_RL( + "Proc entry already deleted\n"); + return -EINVAL; + } + } tbl->rule_cnt--; if (rule->hdr) __ipa3_release_hdr(rule->hdr->id); @@ -1546,7 +1569,9 @@ int ipa3_reset_rt(enum ipa_ip_type ip, bool user_only) __ipa3_release_hdr_proc_ctx( rule->proc_ctx->id); rule->cookie = 0; - idr_remove(&tbl->rule_ids, rule->rule_id); + if (!rule->rule_id_valid) + idr_remove(&tbl->rule_ids, + rule->rule_id); id = rule->id; kmem_cache_free(ipa3_ctx->rt_rule_cache, rule); |