tcp: fix more NULL deref after prequeue changes

[GitHub/LineageOS/android_kernel_samsung_universal7580.git] / net / ipv4 / tcp_ipv4.c

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 4c61ec553be93f07c0af764f99be51e2b0cb08e4..58e2947cf5e5d2791f10763fe85bb429d443f371 100644 (file)
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -651,6 +651,7 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
        arg.iov[0].iov_base = (unsigned char *)&rep;
        arg.iov[0].iov_len  = sizeof(rep.th);
 
+       net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
 #ifdef CONFIG_TCP_MD5SIG
        hash_location = tcp_parse_md5sig_option(th);
        if (!sk && hash_location) {
@@ -661,7 +662,7 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
                 * Incoming packet is checked with md5 hash with finding key,
                 * no RST generated if md5 hash doesn't match.
                 */
-               sk1 = __inet_lookup_listener(dev_net(skb_dst(skb)->dev),
+               sk1 = __inet_lookup_listener(net,
                                             &tcp_hashinfo, ip_hdr(skb)->saddr,
                                             th->source, ip_hdr(skb)->daddr,
                                             ntohs(th->source), inet_iif(skb));
@@ -709,7 +710,6 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
        if (sk)
                arg.bound_dev_if = sk->sk_bound_dev_if;
 
-       net = dev_net(skb_dst(skb)->dev);
        arg.tos = ip_hdr(skb)->tos;
        ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
                              skb, ip_hdr(skb)->saddr,