Maxim Mikityanskiy f6336724a4 net/tls: Remove the context from the list in tls_device_down ... tls_device_down takes a reference on all contexts it's going to move to the degraded state (software fallback). If sk_destruct runs afterwards, it can reduce the reference counter back to 1 and return early without destroying the context. Then tls_device_down will release the reference it took and call tls_device_free_ctx. However, the context will still stay in tls_device_down_list forever. The list will contain an item, memory for which is released, making a memory corruption possible. Fix the above bug by properly removing the context from all lists before any call to tls_device_free_ctx. Fixes: 3740651bf7 ("tls: Fix context leak on tls_device_down") Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com> Reviewed-by: Tariq Toukan <tariqt@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2022-07-24 21:40:56 +01:00
..
Kconfig	net/tls: Select SOCK_RX_QUEUE_MAPPING from TLS_DEVICE	2021-02-11 19:08:06 -08:00
Makefile	net/tls: add skeleton of MIB statistics	2019-10-05 16:29:00 -07:00
tls_device.c	net/tls: Remove the context from the list in tls_device_down	2022-07-24 21:40:56 +01:00
tls_device_fallback.c	net/tls: Fix use-after-free after the TLS device goes down and up	2021-06-01 15:58:05 -07:00
tls_main.c	net/tls: Check for errors in tls_device_init	2022-07-14 10:12:39 -07:00
tls_proc.c	net: fix proc_fs init handling in af_packet and tls	2020-12-14 19:39:30 -08:00
tls_sw.c	Revert "tls: rx: move counting TlsDecryptErrors for sync"	2022-07-06 13:10:59 +01:00
tls_toe.c	net/tls: rename tls_hw_* functions tls_toe_*	2019-10-04 14:07:07 -07:00
trace.c	net/tls: add tracing for device/offload events	2019-10-05 16:29:00 -07:00
trace.h	net/tls: add device decrypted trace point	2019-10-05 16:29:00 -07:00