git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Pavel Zhigulin <Pavel.Zhigulin@kaspersky.com>
	Fri, 24 Oct 2025 16:13:02 +0000 (19:13 +0300)
committer	Jakub Kicinski <kuba@kernel.org>
	Wed, 29 Oct 2025 01:40:20 +0000 (18:40 -0700)
commit	d8d2b1f81530988abe2e2bfaceec1c5d30b9a0b4
tree	7931ffcff03aded3b1b5e6b75ffe34cb00249320	tree \| snapshot
parent	36fedc44e37e811f25666c600bce4bc027290226	commit \| diff

net: cxgb4/ch_ipsec: fix potential use-after-free in ch_ipsec_xfrm_add_state() callback

In ch_ipsec_xfrm_add_state() there is not check of try_module_get
return value. It is very unlikely, but try_module_get() could return
false value, which could cause use-after-free error.
Conditions: The module count must be zero, and a module unload in
progress. The thread doing the unload is blocked somewhere.
Another thread makes a callback into the module for some request
that (for instance) would need to create a kernel thread.
It tries to get a reference for the thread.
So try_module_get(THIS_MODULE) is the right call - and will fail here.

This fix adds checking the result of try_module_get call

Fixes: 6dad4e8ab3ec ("chcr: Add support for Inline IPSec")
Signed-off-by: Pavel Zhigulin <Pavel.Zhigulin@kaspersky.com>
Link: https://patch.msgid.link/20251024161304.724436-1-Pavel.Zhigulin@kaspersky.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>