| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a756f384-33c2-4c21-a23a-9223823f296b@redhat.com> Date: Thu, 9 Oct 2025 10:47:06 +0200 From: Paolo Abeni <pabeni@...hat.com> To: Pavel Zhigulin <Pavel.Zhigulin@...persky.com>, Zhu Yanjun <yanjun.zhu@...ux.dev> Cc: Andrew Lunn <andrew+netdev@...n.ch>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Leon Romanovsky <leon@...nel.org>, Steffen Klassert <steffen.klassert@...unet.com>, Cosmin Ratiu <cratiu@...dia.com>, Ayush Sawal <ayush.sawal@...lsio.com>, Harsh Jain <harsh@...lsio.com>, Atul Gupta <atul.gupta@...lsio.com>, Herbert Xu <herbert@...dor.apana.org.au>, Ganesh Goudar <ganeshgr@...lsio.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org Subject: Re: [PATCH net v2] net: cxgb4/ch_ipsec: fix potential use-after-free in ch_ipsec_xfrm_add_state() callback On 10/6/25 3:47 PM, Pavel Zhigulin wrote: > diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c > index ecd9a0bd5e18..29dbc3b6e9e2 100644 > --- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c > +++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c > @@ -301,7 +301,8 @@ static int ch_ipsec_xfrm_add_state(struct net_device *dev, > sa_entry->esn = 1; > ch_ipsec_setkey(x, sa_entry); > x->xso.offload_handle = (unsigned long)sa_entry; > - try_module_get(THIS_MODULE); > + if (unlikely(!try_module_get(THIS_MODULE))) > + res = -ENODEV; Here ch_ipsec_xfrm_add_state() had just successfully added a new entry, but still return failures, which looks inconsistent and possibly cause more serious negative side effect. I think you should move the module check before the sa_entry creation. Thanks, Paolo
Powered by blists - more mailing lists