From: Tuo Li <islituo@gmail.com>
To: ayush.sawal@chelsio.com, andrew+netdev@lunn.ch,
davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, kernelxing@tencent.com
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Tuo Li <islituo@gmail.com>
Subject: [PATCH] chcr_ktls: add a defensive NULL check to prevent a possible null-pointer dereference in chcr_ktls_dev_del()
Date: Tue, 6 Jan 2026 20:33:02 +0800 [thread overview]
Message-ID: <20260106123302.166220-1-islituo@gmail.com> (raw)
In this function, u_ctx is guarded by an if statement, which indicates that
it may be NULL:
u_ctx = tx_info->adap->uld[CXGB4_ULD_KTLS].handle;
if (u_ctx && u_ctx->detach)
return;
Consequently, a potential null-pointer dereference may occur when
tx_info->tid != -1, as shown below:
if (tx_info->tid != -1) {
...
xa_erase(&u_ctx->tid_list, tx_info->tid);
}
Therefore, add a defensive NULL check to prevent this issue.
Fixes: 65e302a9bd57 ("cxgb4/ch_ktls: Clear resources when pf4 device is removed")
Signed-off-by: Tuo Li <islituo@gmail.com>
---
drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
index 4e2096e49684..79292314a012 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
@@ -389,7 +389,8 @@ static void chcr_ktls_dev_del(struct net_device *netdev,
cxgb4_remove_tid(&tx_info->adap->tids, tx_info->tx_chan,
tx_info->tid, tx_info->ip_family);
- xa_erase(&u_ctx->tid_list, tx_info->tid);
+ if (u_ctx)
+ xa_erase(&u_ctx->tid_list, tx_info->tid);
}
port_stats = &tx_info->adap->ch_ktls_stats.ktls_port[tx_info->port_id];
--
2.43.0
next reply other threads:[~2026-01-06 12:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-06 12:33 Tuo Li [this message]
2026-01-09 1:53 ` [PATCH] chcr_ktls: add a defensive NULL check to prevent a possible null-pointer dereference in chcr_ktls_dev_del() Jakub Kicinski
2026-01-11 17:25 ` Tuo Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260106123302.166220-1-islituo@gmail.com \
--to=islituo@gmail.com \
--cc=andrew+netdev@lunn.ch \
--cc=ayush.sawal@chelsio.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kernelxing@tencent.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox