net: avoid NULL deref in inet_ctl_sock_destroy()

Under low memory conditions, tcp_sk_init() and icmp_sk_init()
can both iterate on all possible cpus and call inet_ctl_sock_destroy(),
with eventual NULL pointer.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/inet_common.h b/include/net/inet_common.h
index 279f83591971bd886e78e1b20e4a5c29051fc563..109e3ee9108c0e0219f6cb64a21dc68f1f519ff6 100644 (file)
--- a/include/net/inet_common.h
+++ b/include/net/inet_common.h
@@ -41,7 +41,8 @@ int inet_recv_error(struct sock *sk, struct msghdr *msg, int len,
 
 static inline void inet_ctl_sock_destroy(struct sock *sk)
 {
-       sock_release(sk->sk_socket);
+       if (sk)
+               sock_release(sk->sk_socket);
 }
 
 #endif