Message ID | 20201109125215.2080172-1-colin.king@canonical.com |
---|---|
State | Superseded |
Delegated to: | David Miller |
Headers | show |
Series | [next] mptcp: fix a dereference of pointer before msk is null checked. | expand |
Context | Check | Description |
---|---|---|
jkicinski/cover_letter | success | Link |
jkicinski/fixes_present | success | Link |
jkicinski/patch_count | success | Link |
jkicinski/tree_selection | success | Guessed tree name to be net-next |
jkicinski/subject_prefix | warning | Target tree name not specified in the subject |
jkicinski/source_inline | success | Was 0 now: 0 |
jkicinski/verify_signedoff | success | Link |
jkicinski/module_param | success | Was 0 now: 0 |
jkicinski/build_32bit | success | Errors and warnings before: 1 this patch: 1 |
jkicinski/kdoc | success | Errors and warnings before: 0 this patch: 0 |
jkicinski/verify_fixes | success | Link |
jkicinski/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 16 lines checked |
jkicinski/build_allmodconfig_warn | success | Errors and warnings before: 1 this patch: 1 |
jkicinski/header_inline | success | Link |
jkicinski/stable | success | Stable not CCed |
On Mon, 9 Nov 2020, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > Currently the assignment of pointer net from the sock_net(sk) call > is potentially dereferencing a null pointer sk. sk points to the > same location as pointer msk and msk is being null checked after > the sock_net call. Fix this by calling sock_net after the null > check on pointer msk. > > Addresses-Coverity: ("Dereference before null check") > Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout") > Signed-off-by: Colin Ian King <colin.king@canonical.com> > --- > net/mptcp/pm_netlink.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > Hi Colin and Jakub - I noticed that the follow-up discussion on this patch didn't go to the netdev list, so patchwork did not get updated. This patch is superseded by the following, which already has a Reviewed-by tag from Matthieu: http://patchwork.ozlabs.org/project/netdev/patch/078a2ef5bdc4e3b2c25ef852461692001f426495.1604976945.git.geliangtang@gmail.com/ Thanks! -- Mat Martineau Intel
On 11/11/2020 18:49, Mat Martineau wrote: > On Mon, 9 Nov 2020, Colin King wrote: > >> From: Colin Ian King <colin.king@canonical.com> >> >> Currently the assignment of pointer net from the sock_net(sk) call >> is potentially dereferencing a null pointer sk. sk points to the >> same location as pointer msk and msk is being null checked after >> the sock_net call. Fix this by calling sock_net after the null >> check on pointer msk. >> >> Addresses-Coverity: ("Dereference before null check") >> Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout") >> Signed-off-by: Colin Ian King <colin.king@canonical.com> >> --- >> net/mptcp/pm_netlink.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> > > Hi Colin and Jakub - > > I noticed that the follow-up discussion on this patch didn't go to the > netdev list, so patchwork did not get updated. > > This patch is superseded by the following, which already has a > Reviewed-by tag from Matthieu: > > http://patchwork.ozlabs.org/project/netdev/patch/078a2ef5bdc4e3b2c25ef852461692001f426495.1604976945.git.geliangtang@gmail.com/ > > OK, thanks for letting me know. Good to see it got fixed! Colin > > Thanks! > > -- > Mat Martineau > Intel
diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index ed60538df7b2..e76879ea5a30 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -206,13 +206,15 @@ static void mptcp_pm_add_timer(struct timer_list *timer) struct mptcp_pm_add_entry *entry = from_timer(entry, timer, add_timer); struct mptcp_sock *msk = entry->sock; struct sock *sk = (struct sock *)msk; - struct net *net = sock_net(sk); + struct net *net; pr_debug("msk=%p", msk); if (!msk) return; + net = sock_net(sk); + if (inet_sk_state_load(sk) == TCP_CLOSE) return;