From 450b53f3f289f88c61186794490a0d51924b67de Mon Sep 17 00:00:00 2001
From: Ivan Malov <ivan.malov@oktetlabs.ru>
Date: Mon, 16 Nov 2020 22:23:03 +0300
Subject: [PATCH] net/sfc: fix double free on encap transfer flow rule path

Don't free the outer match spec by its pointer in the parsing context
if it has already been tracked by an entry in the outer rule registry.

Fixes: dadff137931c ("net/sfc: support encap flow items in transfer rules")

Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
---
 drivers/net/sfc/sfc_mae.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/net/sfc/sfc_mae.c b/drivers/net/sfc/sfc_mae.c
index c78a376a88..4ddfef5563 100644
--- a/drivers/net/sfc/sfc_mae.c
+++ b/drivers/net/sfc/sfc_mae.c
@@ -1607,6 +1607,9 @@ sfc_mae_rule_process_outer(struct sfc_adapter *sa,
 		}
 	}
 
+	/* The spec has now been tracked by the outer rule entry. */
+	ctx->match_spec_outer = NULL;
+
 	/*
 	 * Depending on whether we reuse an existing outer rule or create a
 	 * new one (see above), outer rule ID is either a valid value or
@@ -1717,7 +1720,8 @@ sfc_mae_rule_encap_parse_fini(struct sfc_adapter *sa,
 	if (ctx->encap_type == EFX_TUNNEL_PROTOCOL_NONE)
 		return;
 
-	efx_mae_match_spec_fini(sa->nic, ctx->match_spec_outer);
+	if (ctx->match_spec_outer != NULL)
+		efx_mae_match_spec_fini(sa->nic, ctx->match_spec_outer);
 }
 
 int
-- 
2.20.1