From patchwork Thu Dec 11 04:14:55 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexei Starovoitov X-Patchwork-Id: 419936 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id DF7A11400A0 for ; Thu, 11 Dec 2014 15:15:32 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758416AbaLKEPH (ORCPT ); Wed, 10 Dec 2014 23:15:07 -0500 Received: from mail-pa0-f44.google.com ([209.85.220.44]:59199 "EHLO mail-pa0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754860AbaLKEPG (ORCPT ); Wed, 10 Dec 2014 23:15:06 -0500 Received: by mail-pa0-f44.google.com with SMTP id et14so4221227pad.17 for ; Wed, 10 Dec 2014 20:15:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=fJ3yisRhjrDfzlUFJlKGxUNt3ymX44lq6tO3Auvt0dU=; b=T01jDn1VsyCXge+RjgFLLG3XqdV4vTML+pmewLR0bBNTuG/wuYzURXTRtigjvu1mU4 XYtnPknZ1640drbE9CW/vASt/u+JWaLq0cBPyQFXJlcpqiYy6DTaAI1xY4v+R6HLQziX C5LoiOY/Wfkm/53N/laBq8jqQlmige6gGzYwhdz1us4Q6OZCXN/FWw420IeLMMISDAhA 5gwcFO9H8iFCDNzaHy0vjXO9DIZXDIqLUx4kEPbDqKRVmi3adxp6bD/OV55fsWbONWuM EbWascBOweYJ4HQfr74xItFeZIRXStbpJNoScrO0ch8XM+bkj0ayC9RrU1QH7dm6/3p6 ki1g== X-Gm-Message-State: ALoCoQkcXve5bI3bSlKnqoaV8p8Ir6mCvoXE9zqTy7REtLzOjX16N9wu7ol+6ojg3Lo5Bg7BwsTx X-Received: by 10.66.156.197 with SMTP id wg5mr12846800pab.145.1418271305718; Wed, 10 Dec 2014 20:15:05 -0800 (PST) Received: from localhost.localdomain ([12.229.56.226]) by mx.google.com with ESMTPSA id ml8sm5549341pdb.67.2014.12.10.20.15.04 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 10 Dec 2014 20:15:05 -0800 (PST) From: Alexei Starovoitov To: "David S. Miller" Cc: Fengguang Wu , Dave Jones , Daniel Borkmann , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH net-next] net: sock: fix access via invalid file descriptor Date: Wed, 10 Dec 2014 20:14:55 -0800 Message-Id: <1418271295-5829-1-git-send-email-ast@plumgrid.com> X-Mailer: git-send-email 1.7.9.5 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org 0day robot reported the following crash: [ 21.233581] BUG: unable to handle kernel NULL pointer dereference at 0000000000000007 [ 21.234709] IP: [] sk_attach_bpf+0x39/0xc2 It's due to bpf_prog_get() returning ERR_PTR. Check it properly. Reported-by: Fengguang Wu Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets") Signed-off-by: Alexei Starovoitov --- Silly mistake. I was sure I've checked this error path. Apparently not :( net/core/filter.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/core/filter.c b/net/core/filter.c index 8cc3c03078b3..ec9baea10c16 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1103,8 +1103,8 @@ int sk_attach_bpf(u32 ufd, struct sock *sk) return -EPERM; prog = bpf_prog_get(ufd); - if (!prog) - return -EINVAL; + if (IS_ERR(prog)) + return PTR_ERR(prog); if (prog->aux->prog_type != BPF_PROG_TYPE_SOCKET_FILTER) { /* valid fd, but invalid program type */