sfc: fix use-after-free in efx_tc_flower_record_encap_match()

When writing error messages to extack for pseudo collisions, we can't
 use encap->type as encap has already been freed.  Fortunately the
 same value is stored in local variable em_type, so use that instead.

Fixes: 3c9561c0a5b9 ("sfc: support TC decap rules matching on enc_ip_tos")
Reported-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Edward Cree <ecree.xilinx@gmail.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/sfc/tc.c b/drivers/net/ethernet/sfc/tc.c
index da684b4..6dfbdb3 100644 (file)
--- a/drivers/net/ethernet/sfc/tc.c
+++ b/drivers/net/ethernet/sfc/tc.c
@@ -504,7 +504,7 @@ static int efx_tc_flower_record_encap_match(struct efx_nic *efx,
                        if (em_type != EFX_TC_EM_PSEUDO_MASK) {
                                NL_SET_ERR_MSG_FMT_MOD(extack,
                                                       "%s encap match conflicts with existing pseudo(MASK) entry",
-                                                      encap->type ? "Pseudo" : "Direct");
+                                                      em_type ? "Pseudo" : "Direct");
                                return -EEXIST;
                        }
                        if (child_ip_tos_mask != old->child_ip_tos_mask) {
@@ -525,7 +525,7 @@ static int efx_tc_flower_record_encap_match(struct efx_nic *efx,
                default: /* Unrecognised pseudo-type.  Just say no */
                        NL_SET_ERR_MSG_FMT_MOD(extack,
                                               "%s encap match conflicts with existing pseudo(%d) entry",
-                                              encap->type ? "Pseudo" : "Direct",
+                                              em_type ? "Pseudo" : "Direct",
                                               old->type);
                        return -EEXIST;
                }