Re: [PATCH] tipc: fix RCU dereference race in tipc_aead_users_dec()

Next message: Ming Lei: "Re: [Kernel Bug] KASAN: slab-use-after-free Read in __blkcg_rstat_flush"
Previous message: Felix Gu: "[PATCH v3 2/2] clk: imx: imx6q: Fix device node reference leak in of_assigned_ldb_sels()"
In reply to: Jakub Kicinski: "Re: [PATCH] tipc: fix RCU dereference race in tipc_aead_users_dec()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Daniel Hodges

Date: Tue Feb 03 2026 - 09:11:26 EST

On Mon, Feb 02, 2026 at 05:48:33PM -0800, Jakub Kicinski wrote:
> On Sat, 31 Jan 2026 18:21:28 -0800 Daniel Hodges wrote:
> > tipc_aead_users_dec() calls rcu_dereference(aead) twice: once to store
> > in 'tmp' for the NULL check, and again inside the atomic_add_unless()
> > call.
> >
> > Use the already-dereferenced 'tmp' pointer consistently, matching the
> > correct pattern used in tipc_aead_users_inc() and tipc_aead_users_set().
> >
> > Fixes: fc1b6d6de220 ("tipc: introduce TIPC encryption & authentication")
> > Cc: stable@xxxxxxxxxxxxxxx
> >
> > Signed-off-by: Daniel Hodges <hodgesd@xxxxxxxx>
>
> Somehow this didn't reach patchwork, please resend, and while you do
> that please remove the empty line between cc stable and you sob.

Sounds good, the corp email keeps getting filtered so I'll resend from
my personal email.