Re: [PATCH] net/tls: Fix possible UAF in tls_set_device_offload

From: Jakub Kicinski
Date: Fri Nov 18 2022 - 21:51:56 EST

Next message: Pengfei Xu: "Re: [Syzkaller & bisect] There is "__perf_event_overflow" WARNING in v6.1-rc5 kernel in guest"
Previous message: Tiezhu Yang: "[PATCH] tools/vm/slabinfo-gnuplot: Use "grep -E" instead of "egrep""
In reply to: Lu Jialin: "[PATCH] net/tls: Fix possible UAF in tls_set_device_offload"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 17 Nov 2022 18:41:32 +0800 Lu Jialin wrote:
> In tls_set_device_offload(), the error path "goto release_lock" will
> not remove start_marker_record->list from offload_ctx->records_list,
> but start_marker_record will be freed, then list traversal may cause UAF.

Nope, the two object which are linked together are freed one
after another.

Next message: Pengfei Xu: "Re: [Syzkaller & bisect] There is "__perf_event_overflow" WARNING in v6.1-rc5 kernel in guest"
Previous message: Tiezhu Yang: "[PATCH] tools/vm/slabinfo-gnuplot: Use "grep -E" instead of "egrep""
In reply to: Lu Jialin: "[PATCH] net/tls: Fix possible UAF in tls_set_device_offload"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]