lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <a756f384-33c2-4c21-a23a-9223823f296b@redhat.com>
Date: Thu, 9 Oct 2025 10:47:06 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Pavel Zhigulin <Pavel.Zhigulin@...persky.com>,
 Zhu Yanjun <yanjun.zhu@...ux.dev>
Cc: Andrew Lunn <andrew+netdev@...n.ch>, "David S. Miller"
 <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
 Jakub Kicinski <kuba@...nel.org>, Leon Romanovsky <leon@...nel.org>,
 Steffen Klassert <steffen.klassert@...unet.com>,
 Cosmin Ratiu <cratiu@...dia.com>, Ayush Sawal <ayush.sawal@...lsio.com>,
 Harsh Jain <harsh@...lsio.com>, Atul Gupta <atul.gupta@...lsio.com>,
 Herbert Xu <herbert@...dor.apana.org.au>,
 Ganesh Goudar <ganeshgr@...lsio.com>, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH net v2] net: cxgb4/ch_ipsec: fix potential use-after-free
 in ch_ipsec_xfrm_add_state() callback

On 10/6/25 3:47 PM, Pavel Zhigulin wrote:
> diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
> index ecd9a0bd5e18..29dbc3b6e9e2 100644
> --- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
> +++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
> @@ -301,7 +301,8 @@ static int ch_ipsec_xfrm_add_state(struct net_device *dev,
>  		sa_entry->esn = 1;
>  	ch_ipsec_setkey(x, sa_entry);
>  	x->xso.offload_handle = (unsigned long)sa_entry;
> -	try_module_get(THIS_MODULE);
> +	if (unlikely(!try_module_get(THIS_MODULE)))
> +		res = -ENODEV;

Here ch_ipsec_xfrm_add_state() had just successfully added a new entry,
but still return failures, which looks inconsistent and possibly cause
more serious negative side effect. I think you should move the module
check before the sa_entry creation.

Thanks,

Paolo


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ