Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp4032080ybi; Mon, 3 Jun 2019 04:40:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqzlQAsUNfxEuuJgEjRaoiW042vtyrs/FvUR6hQjte3D+eW214EAflKgXuusNonPk1DqMq/a X-Received: by 2002:a17:902:4a:: with SMTP id 68mr29296420pla.235.1559562038029; Mon, 03 Jun 2019 04:40:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559562038; cv=none; d=google.com; s=arc-20160816; b=QH8VaFt3FxJ4qc6TITLSg/7+RFdS7BqLBG5Uav5VJ1AJC0ajF6WTIMzKLv2K5y0Qud LYZzN2V5wfH1d71zi0LTDGoDGWmuAJ3J08bwkxQt4e7I1ar+4XMGUeHPMAUL/zALAJTw KAYq9D7hs+++UYEf0KS1x77WmPqBOdLRbtEh6FGc0+aEJYA/6jzZb20Yh96+M67FtyAC 2z90o3XNr8U9LOxhSnNodj9n4vwVFw4BqFfI9q7smnzPSIP7mqsRAKyr5k5y/3u/+jTm Kwpttlh0JaoOIwvibWhJNhPLUA2/smTfyQW7DSm8DWQwoV/MB4oGTmWTV4EYZp4EwegI tZzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Yz+n+SJYpeIl0LoXNJgf7FXoqMw7JWvu3bKlr1klPCQ=; b=dWqoeGfzsaoM17Zs0bEJvyA35Nr0m9PnuFao/ME8wqDiRWg7vADn5CC7yGfD9E1tTa K5WZSz0lpYsKu5pHIqNgiWWYUrKCT1K9aSLBk/JQK2TkhE3EDYtCrG1nzkVWuihu3jpk vmRcHshBGuGX0nFhekGcjKUylnv+NwoU+t6c9bAD4UsPYliHgGo6bOcIF06Z6R8r3PKM GIrryFWPRkY0359DiPgVn6pn1pTBeQYbwvbQoivcR4LFZtCaiPZPQ/86iOq2GipONL1w 7gzsrBWSAO6FvbFerH5/5meq6TlWxB83pvP3eLRn+5VZS9WYL7YXbWFasE5OY2cuI5I6 nuTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HpHcyEyE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a24si16657236pgw.395.2019.06.03.04.40.19; Mon, 03 Jun 2019 04:40:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HpHcyEyE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728271AbfFCJQ3 (ORCPT + 99 others); Mon, 3 Jun 2019 05:16:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:60538 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728667AbfFCJMj (ORCPT ); Mon, 3 Jun 2019 05:12:39 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 971B627DF3; Mon, 3 Jun 2019 09:12:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559553159; bh=sVe/hc/9Uz5givtDxZl6T6BsIsAPVmZI5xhxpdMn4QM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HpHcyEyEB1h2y05ZPmEwdgcThrexx9pt7mi76i8JqKJ2lSQf3Yze5gyX4aHEHOXo3 woaRLzCETHhwW3Hfd3B0uxB+W8OwG2kpKaCJhXvGAK3C/9Ks7o4yCcz6bS9sWAWF8p mqUgWs6VBQZrV7x3iBXoebblqhaQi4lExXUGg12Q= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jakub Kicinski , Dirk van der Merwe , "David S. Miller" Subject: [PATCH 5.0 30/36] net/tls: dont ignore netdev notifications if no TLS features Date: Mon, 3 Jun 2019 11:09:18 +0200 Message-Id: <20190603090522.983099765@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190603090520.998342694@linuxfoundation.org> References: <20190603090520.998342694@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jakub Kicinski [ Upstream commit c3f4a6c39cf269a40d45f813c05fa830318ad875 ] On device surprise removal path (the notifier) we can't bail just because the features are disabled. They may have been enabled during the lifetime of the device. This bug leads to leaking netdev references and use-after-frees if there are active connections while device features are cleared. Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure") Signed-off-by: Jakub Kicinski Reviewed-by: Dirk van der Merwe Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/tls/tls_device.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -981,7 +981,8 @@ static int tls_dev_event(struct notifier { struct net_device *dev = netdev_notifier_info_to_dev(ptr); - if (!(dev->features & (NETIF_F_HW_TLS_RX | NETIF_F_HW_TLS_TX))) + if (!dev->tlsdev_ops && + !(dev->features & (NETIF_F_HW_TLS_RX | NETIF_F_HW_TLS_TX))) return NOTIFY_DONE; switch (event) {