[lvc-project] [PATCH net v2] net: cxgb4/ch_ipsec: fix potential use-after-free in ch_ipsec_xfrm_add_state() callback
Paolo Abeni
pabeni at redhat.com
Thu Oct 9 11:47:06 MSK 2025
On 10/6/25 3:47 PM, Pavel Zhigulin wrote:
> diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
> index ecd9a0bd5e18..29dbc3b6e9e2 100644
> --- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
> +++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
> @@ -301,7 +301,8 @@ static int ch_ipsec_xfrm_add_state(struct net_device *dev,
> sa_entry->esn = 1;
> ch_ipsec_setkey(x, sa_entry);
> x->xso.offload_handle = (unsigned long)sa_entry;
> - try_module_get(THIS_MODULE);
> + if (unlikely(!try_module_get(THIS_MODULE)))
> + res = -ENODEV;
Here ch_ipsec_xfrm_add_state() had just successfully added a new entry,
but still return failures, which looks inconsistent and possibly cause
more serious negative side effect. I think you should move the module
check before the sa_entry creation.
Thanks,
Paolo
More information about the lvc-project
mailing list