bpf: check NULL for sk_to_full_sk() return value
authorWANG Cong <xiyou.wangcong@gmail.com>
Mon, 17 Jul 2017 18:42:55 +0000 (11:42 -0700)
committerDavid S. Miller <davem@davemloft.net>
Mon, 17 Jul 2017 20:37:56 +0000 (13:37 -0700)
When req->rsk_listener is NULL, sk_to_full_sk() returns
NULL too, so we have to check its return value against
NULL here.

Fixes: 40304b2a1567 ("bpf: BPF support for sock_ops")
Reported-by: David Ahern <dsahern@gmail.com>
Tested-by: David Ahern <dsahern@gmail.com>
Cc: Lawrence Brakmo <brakmo@fb.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/bpf-cgroup.h

index 360c082e885c7777ef6d9509dec75bbb6ee3fff3..d41d40ac3efdb940bf96391d17ee737456cd24c2 100644 (file)
@@ -85,7 +85,7 @@ int __cgroup_bpf_run_filter_sock_ops(struct sock *sk,
        int __ret = 0;                                                         \
        if (cgroup_bpf_enabled && (sock_ops)->sk) {            \
                typeof(sk) __sk = sk_to_full_sk((sock_ops)->sk);               \
-               if (sk_fullsock(__sk))                                         \
+               if (__sk && sk_fullsock(__sk))                                 \
                        __ret = __cgroup_bpf_run_filter_sock_ops(__sk,         \
                                                                 sock_ops,     \
                                                         BPF_CGROUP_SOCK_OPS); \