chelsio/chtls: fix writing freed memory

[ Upstream commit da1a039bcf293e4699d413c9f65d975da2d7c0bd ]

When chtls_sock *csk is freed, same memory can be allocated
to different csk in chtls_sock_create().
csk->cdev = NULL; statement might ends up modifying wrong
csk, eventually causing kernel panic.
removing (csk->cdev = NULL) statement as it is not required.

Fixes: 3a0a97838923 ("crypto/chtls: Fix chtls crash in connection cleanup")
Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/crypto/chelsio/chtls/chtls_cm.c b/drivers/crypto/chelsio/chtls/chtls_cm.c
index 64567b6c358df38c5fa8e4b3d9cd47a3443b76b5..bad8e90ba168d0cd8aa489e7f533719659ced78c 100644 (file)
--- a/drivers/crypto/chelsio/chtls/chtls_cm.c
+++ b/drivers/crypto/chelsio/chtls/chtls_cm.c
@@ -483,7 +483,6 @@ void chtls_destroy_sock(struct sock *sk)
        chtls_purge_write_queue(sk);
        free_tls_keyid(sk);
        kref_put(&csk->kref, chtls_sock_release);
-       csk->cdev = NULL;
        if (sk->sk_family == AF_INET)
                sk->sk_prot = &tcp_prot;
 #if IS_ENABLED(CONFIG_IPV6)