From 5a0f969f9478f91a0019034828f937609d87cde3 Mon Sep 17 00:00:00 2001
From: zhongxuan <zhongxuan2@huawei.com>
Date: Wed, 30 Mar 2022 14:48:34 +0800
Subject: [PATCH] fix use-after-free in i40e_sync_filter_subtask()

Conflict:NA
Reference:https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/log/?id=32845aa6020347fcae8d5e2554
8ecaef1f0c3e8a
---
 ...ter-free-in-i40e_sync_filter_subtask.patch | 70 +++++++++++++++++++
 i40e.spec                                     |  9 ++-
 2 files changed, 78 insertions(+), 1 deletion(-)
 create mode 100644 backport-fix-use-after-free-in-i40e_sync_filter_subtask.patch

diff --git a/backport-fix-use-after-free-in-i40e_sync_filter_subtask.patch b/backport-fix-use-after-free-in-i40e_sync_filter_subtask.patch
new file mode 100644
index 0000000..038f187
--- /dev/null
+++ b/backport-fix-use-after-free-in-i40e_sync_filter_subtask.patch
@@ -0,0 +1,70 @@
+From 9840eef9eb615a5f0043fe3a7693f02a734b260a Mon Sep 17 00:00:00 2001
+From: zhongxuan <zhongxuan2@huawei.com>
+Date: Wed, 30 Mar 2022 14:40:32 +0800
+Subject: [PATCH] fix use-after-free in i40e_sync_filter_subtask()
+
+Conflict:NA
+Reference:https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/log/?id=32845aa6020347fcae8d5e2554
+8ecaef1f0c3e8a
+---
+ src/i40e_main.c | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/src/i40e_main.c b/src/i40e_main.c
+index 9aea7ca..d4fe90f 100644
+--- a/src/i40e_main.c
++++ b/src/i40e_main.c
+@@ -145,6 +145,21 @@ MODULE_VERSION(DRV_VERSION);
+ 
+ static struct workqueue_struct *i40e_wq;
+ 
++static void netdev_hw_addr_refcnt(struct i40e_mac_filter *f, struct net_device *netdev, int delta)
++{
++        struct netdev_hw_addr *ha;
++        if (!f || !netdev)
++                return;
++        netdev_for_each_mc_addr(ha, netdev){
++                if (ether_addr_equal(ha->addr, f->macaddr)){
++                        ha->refcount += delta;
++                        if (ha->refcount <= 0)
++                                ha->refcount = 1;
++                        break;
++                }
++        }
++}
++
+ bool i40e_is_l4mode_enabled(void)
+ {
+ 	return l4mode > L4_MODE_DISABLED;
+@@ -2177,6 +2192,7 @@ static void i40e_undo_add_filter_entries(struct i40e_vsi *vsi,
+ 	hlist_for_each_entry_safe(new, h, from, hlist) {
+ 		/* We can simply free the wrapper structure */
+ 		hlist_del(&new->hlist);
++                netdev_hw_addr_refcnt(new->f, vsi->netdev, -1);
+ 		kfree(new);
+ 	}
+ }
+@@ -2578,6 +2594,10 @@ int i40e_sync_vsi_filters(struct i40e_vsi *vsi)
+ 			retval = i40e_correct_vf_mac_vlan_filters
+ 				(vsi, &tmp_add_list, &tmp_del_list,
+ 				 vlan_filters, pf->vf[vsi->vf_id].trusted);
++                
++                hlist_for_each_entry(new, &tmp_add_list, hlist)
++                        netdev_hw_addr_refcnt(new->f, vsi->netdev, 1);
++
+ 		if (retval)
+ 			goto err_no_memory_locked;
+ 
+@@ -2710,6 +2730,9 @@ int i40e_sync_vsi_filters(struct i40e_vsi *vsi)
+ 			if (new->f->state == I40E_FILTER_NEW)
+ 				new->f->state = new->state;
+ 			hlist_del(&new->hlist);
++
++                        netdev_hw_addr_refcnt(new->f, vsi->netdev, -1);
++
+ 			kfree(new);
+ 		}
+ 		spin_unlock_bh(&vsi->mac_filter_hash_lock);
+-- 
+2.23.0
+
diff --git a/i40e.spec b/i40e.spec
index d22b823..3528f4a 100644
--- a/i40e.spec
+++ b/i40e.spec
@@ -9,13 +9,14 @@
 Name: i40e
 Summary: Intel(R) 40-10 Gigabit Ethernet Connection Network Driver
 Version: 2.14.13
-Release: 7
+Release: 8
 Vendor: Intel Corporation
 License: GPL-2.0
 URL: http://support.intel.com
 Source0: https://downloadcenter.intel.com/download/24411/Intel-Network-Adapter-Driver-for-PCIe-40-Gigabit-Ethernet-Network-Connections-Under-Linux-/%{name}-%{version}.tar.gz
 
 Patch0001: fix-gcc9-new-warning.patch
+Patch6000: backport-fix-use-after-free-in-i40e_sync_filter_subtask.patch
 
 Requires: kernel, findutils, gawk, bash, hwdata
 
@@ -383,6 +384,12 @@ else
 fi
 
 %changelog
+* Wed Mar 30 2022 zhongxuan <zhongxuan2@huawei.com> - 2.14.13-8
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix use after free in i40e_sync_filter_subtask
+
 * Sat Oct 30 2021 Aichun Li <liaichun@huawei.com> - 2.14.13-7
 - Type:bugfix
 - ID:NA
-- 
Gitee