net/sched: cls_flower: Reject duplicated rules also under skip_sw

Currently, duplicated rules are rejected only for skip_hw or "none", hence allowing users to push duplicates into HW for no reason. Use the flower tables to protect for that. Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: Paul Blakey <paulb@mellanox.com> Reported-by: Chris Mi <chrism@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Or Gerlitz <ogerlitz@mellanox.com> 2018-12-09 11:10:24 -0500
committer: David S. Miller <davem@davemloft.net> 2018-12-09 14:55:08 -0500
commit: 35cc3cefc4de90001c9137e2d01dd9d06b11acfb (patch)
tree: b7937759d6c916ac896be9f1ed97d65be6812c03 /net
parent: d4b60e94e9bbe8c3b57e9cd126bed4a411ac5f6e (diff)
1 files changed, 10 insertions, 13 deletions
diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index c6c327874abc..71312d7bd8f4 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -1238,18 +1238,16 @@ static int fl_change(struct net *net, struct sk_buff *in_skb,
        if (err)
                goto errout_idr;
-        if (!tc_skip_sw(fnew->flags)) {
+        if (!fold && fl_lookup(fnew->mask, &fnew->mkey)) {
-                if (!fold && fl_lookup(fnew->mask, &fnew->mkey)) {
+                err = -EEXIST;
-                        err = -EEXIST;
+                goto errout_mask;
-                        goto errout_mask;
-                }
-                err = rhashtable_insert_fast(&fnew->mask->ht, &fnew->ht_node,
-                                             fnew->mask->filter_ht_params);
-                if (err)
-                        goto errout_mask;
        }
+        err = rhashtable_insert_fast(&fnew->mask->ht, &fnew->ht_node,
+                                     fnew->mask->filter_ht_params);
+        if (err)
+                goto errout_mask;
        if (!tc_skip_hw(fnew->flags)) {
                err = fl_hw_replace_filter(tp, fnew, extack);
                if (err)
@@ -1303,9 +1301,8 @@ static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
        struct cls_fl_head *head = rtnl_dereference(tp->root);
        struct cls_fl_filter *f = arg;
-        if (!tc_skip_sw(f->flags))
+        rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
-                rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
+                               f->mask->filter_ht_params);
-                                       f->mask->filter_ht_params);
        __fl_delete(tp, f, extack);
        *last = list_empty(&head->masks);
        return 0;
author	Or Gerlitz <ogerlitz@mellanox.com>	2018-12-09 11:10:24 -0500
committer	David S. Miller <davem@davemloft.net>	2018-12-09 14:55:08 -0500
commit	35cc3cefc4de90001c9137e2d01dd9d06b11acfb (patch)
tree	b7937759d6c916ac896be9f1ed97d65be6812c03 /net
parent	d4b60e94e9bbe8c3b57e9cd126bed4a411ac5f6e (diff)