From patchwork Mon Oct 19 11:50:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinay Kumar Yadav X-Patchwork-Id: 288337 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1BAFC43457 for ; Mon, 19 Oct 2020 11:51:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 59A3722276 for ; Mon, 19 Oct 2020 11:51:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728114AbgJSLvr (ORCPT ); Mon, 19 Oct 2020 07:51:47 -0400 Received: from stargate.chelsio.com ([12.32.117.8]:59303 "EHLO stargate.chelsio.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726631AbgJSLvq (ORCPT ); Mon, 19 Oct 2020 07:51:46 -0400 Received: from localhost.localdomain (vardah.blr.asicdesigners.com [10.193.186.1]) by stargate.chelsio.com (8.13.8/8.13.8) with ESMTP id 09JBoo1j003914; Mon, 19 Oct 2020 04:51:41 -0700 From: Vinay Kumar Yadav To: netdev@vger.kernel.org, davem@davemloft.net, kuba@kernel.org Cc: secdev@chelsio.com, Vinay Kumar Yadav Subject: [PATCH net 6/6] chelsio/chtls: fix writing freed memory Date: Mon, 19 Oct 2020 17:20:25 +0530 Message-Id: <20201019115025.24233-7-vinay.yadav@chelsio.com> X-Mailer: git-send-email 2.18.1 In-Reply-To: <20201019115025.24233-1-vinay.yadav@chelsio.com> References: <20201019115025.24233-1-vinay.yadav@chelsio.com> Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org When chtls_sock *csk is freed, same memory can be allocated to different csk in chtls_sock_create(). csk->cdev = NULL; statement might ends up modifying wrong csk, eventually causing kernel panic. removing (csk->cdev = NULL) statement as it is not required. Fixes: 3a0a97838923 ("crypto/chtls: Fix chtls crash in connection cleanup") Signed-off-by: Vinay Kumar Yadav --- drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c index bdb53fa41022..ec4f79049a06 100644 --- a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c +++ b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c @@ -483,7 +483,6 @@ void chtls_destroy_sock(struct sock *sk) chtls_purge_write_queue(sk); free_tls_keyid(sk); kref_put(&csk->kref, chtls_sock_release); - csk->cdev = NULL; if (sk->sk_family == AF_INET) sk->sk_prot = &tcp_prot; #if IS_ENABLED(CONFIG_IPV6)