lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260106123302.166220-1-islituo@gmail.com>
Date: Tue,  6 Jan 2026 20:33:02 +0800
From: Tuo Li <islituo@...il.com>
To: ayush.sawal@...lsio.com,
	andrew+netdev@...n.ch,
	davem@...emloft.net,
	edumazet@...gle.com,
	kuba@...nel.org,
	pabeni@...hat.com,
	kernelxing@...cent.com
Cc: netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Tuo Li <islituo@...il.com>
Subject: [PATCH] chcr_ktls: add a defensive NULL check to prevent a possible null-pointer dereference in chcr_ktls_dev_del()

In this function, u_ctx is guarded by an if statement, which indicates that
it may be NULL:

  u_ctx = tx_info->adap->uld[CXGB4_ULD_KTLS].handle;
  if (u_ctx && u_ctx->detach)
    return;

Consequently, a potential null-pointer dereference may occur when
tx_info->tid != -1, as shown below:

  if (tx_info->tid != -1) {
    ...
    xa_erase(&u_ctx->tid_list, tx_info->tid);
  }

Therefore, add a defensive NULL check to prevent this issue.

Fixes: 65e302a9bd57 ("cxgb4/ch_ktls: Clear resources when pf4 device is removed")
Signed-off-by: Tuo Li <islituo@...il.com>
---
 drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
index 4e2096e49684..79292314a012 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
@@ -389,7 +389,8 @@ static void chcr_ktls_dev_del(struct net_device *netdev,
 		cxgb4_remove_tid(&tx_info->adap->tids, tx_info->tx_chan,
 				 tx_info->tid, tx_info->ip_family);
 
-		xa_erase(&u_ctx->tid_list, tx_info->tid);
+		if (u_ctx)
+			xa_erase(&u_ctx->tid_list, tx_info->tid);
 	}
 
 	port_stats = &tx_info->adap->ch_ktls_stats.ktls_port[tx_info->port_id];
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ