[PATCH] net/mlx5: Fix a potential use after free in mlx5e_ktls_del_rx

[Lv Yunlong <lyl2019@xxxxxxxxxxxxxxxx>]

My static analyzer tool reported a potential uaf in
mlx5e_ktls_del_rx. In this function, if the condition
cancel_work_sync(&resync->work) is true, and then
priv_rx could be freed. But priv_rx is used later.

I'm unfamiliar with how this function works. Maybe the
maintainer forgot to add return after freeing priv_rx?

Fixes: b850bbff96512 ("net/mlx5e: kTLS, Use refcounts to free kTLS RX priv context")
Signed-off-by: Lv Yunlong <lyl2019@xxxxxxxxxxxxxxxx>
---
 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c
index d06532d0baa4..54a77df42316 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c
@@ -663,8 +663,10 @@ void mlx5e_ktls_del_rx(struct net_device *netdev, struct tls_context *tls_ctx)
 		 */
 		wait_for_completion(&priv_rx->add_ctx);
 	resync = &priv_rx->resync;
-	if (cancel_work_sync(&resync->work))
+	if (cancel_work_sync(&resync->work)) {
 		mlx5e_ktls_priv_rx_put(priv_rx);
+		return;
+	}
 
 	priv_rx->stats->tls_del++;
 	if (priv_rx->rule.rule)
-- 
2.25.1