Re: [PATCH] chcr_ktls: fix a possible null-pointer dereference in chcr_ktls_dev_add()

From: Tuo Li
Date: Thu Nov 14 2024 - 05:40:14 EST




On 2024/11/8 23:00, Markus Elfring wrote:
>
>> Consider the following execution scenario:
>>
>> chcr_ktls_cpl_act_open_rpl() //641
>> u_ctx = adap->uld[CXGB4_ULD_KTLS].handle; //686
>> if (u_ctx) { //687
>> complete(&tx_info->completion); //704
>>
>> The variable u_ctx is checked by an if statement at Line 687, which means
>> it can be NULL. Then, complete() is called at Line 704, which will wake
>> up wait_for_completion_xxx().
>
>
> To which software revision would you like to refer here?
>
> How does the presented information fit to a statement like the following?
> https://elixir.bootlin.com/linux/v6.12-rc6/source/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c#L442
>
> if (u_ctx && u_ctx->detach)
> goto out;

We have run our tool on Linux 6.11, and the line numbers correspond to the
code in that version.

> Would you eventually like to trace the control flow back any further
> for the data structure member “handle”?
>

I have traced the control flow further for the data structure member
'handle,' but I have not found where the member is assigned a NULL value. I
am not sure if I might have overlooked something.