[net] bpf: check NULL for sk_to_full_sk() return value

Message ID	20170717184255.6121-1-xiyou.wangcong@gmail.com
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Cong Wang <xiyou.wangcong@gmail.com> To: netdev@vger.kernel.org Cc: dsahern@gmail.com, Cong Wang <xiyou.wangcong@gmail.com>, Lawrence Brakmo <brakmo@fb.com>, Daniel Borkmann <daniel@iogearbox.net> Subject: [Patch net] bpf: check NULL for sk_to_full_sk() return value Date: Mon, 17 Jul 2017 11:42:55 -0700 Message-Id: <20170717184255.6121-1-xiyou.wangcong@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

20170717184255.6121-1-xiyou.wangcong@gmail.com

State

Accepted, archived

Delegated to:

David Miller

Headers

From: Cong Wang <xiyou.wangcong@gmail.com>
To: netdev@vger.kernel.org
Cc: dsahern@gmail.com, Cong Wang <xiyou.wangcong@gmail.com>,
	Lawrence Brakmo <brakmo@fb.com>, Daniel Borkmann <daniel@iogearbox.net>
Subject: [Patch net] bpf: check NULL for sk_to_full_sk() return value
Date: Mon, 17 Jul 2017 11:42:55 -0700
Message-Id: <20170717184255.6121-1-xiyou.wangcong@gmail.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Cong Wang July 17, 2017, 6:42 p.m. UTC

When req->rsk_listener is NULL, sk_to_full_sk() returns
NULL too, so we have to check its return value against
NULL here.

Fixes: 40304b2a1567 ("bpf: BPF support for sock_ops")
Reported-by: David Ahern <dsahern@gmail.com>
Tested-by: David Ahern <dsahern@gmail.com>
Cc: Lawrence Brakmo <brakmo@fb.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
---
 include/linux/bpf-cgroup.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Daniel Borkmann July 17, 2017, 7:06 p.m. UTC | #1

On 07/17/2017 08:42 PM, Cong Wang wrote:
> When req->rsk_listener is NULL, sk_to_full_sk() returns
> NULL too, so we have to check its return value against
> NULL here.
>
> Fixes: 40304b2a1567 ("bpf: BPF support for sock_ops")
> Reported-by: David Ahern <dsahern@gmail.com>
> Tested-by: David Ahern <dsahern@gmail.com>
> Cc: Lawrence Brakmo <brakmo@fb.com>
> Cc: Daniel Borkmann <daniel@iogearbox.net>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>

Acked-by: Daniel Borkmann <daniel@iogearbox.net>

David Miller July 17, 2017, 8:38 p.m. UTC | #2

From: Cong Wang <xiyou.wangcong@gmail.com>
Date: Mon, 17 Jul 2017 11:42:55 -0700

> When req->rsk_listener is NULL, sk_to_full_sk() returns
> NULL too, so we have to check its return value against
> NULL here.
> 
> Fixes: 40304b2a1567 ("bpf: BPF support for sock_ops")
> Reported-by: David Ahern <dsahern@gmail.com>
> Tested-by: David Ahern <dsahern@gmail.com>
> Cc: Lawrence Brakmo <brakmo@fb.com>
> Cc: Daniel Borkmann <daniel@iogearbox.net>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>

Applied, thanks.

diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h
index 360c082e885c..d41d40ac3efd 100644
--- a/include/linux/bpf-cgroup.h
+++ b/include/linux/bpf-cgroup.h
@@ -85,7 +85,7 @@  int __cgroup_bpf_run_filter_sock_ops(struct sock *sk,
 	int __ret = 0;							       \
 	if (cgroup_bpf_enabled && (sock_ops)->sk) {	       \
 		typeof(sk) __sk = sk_to_full_sk((sock_ops)->sk);	       \
-		if (sk_fullsock(__sk))					       \
+		if (__sk && sk_fullsock(__sk))				       \
 			__ret = __cgroup_bpf_run_filter_sock_ops(__sk,	       \
 								 sock_ops,     \
 							 BPF_CGROUP_SOCK_OPS); \