From patchwork Fri Dec 12 05:33:48 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sasha Levin <sasha.levin@oracle.com>
X-Patchwork-Id: 420366
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 33529140082
	for <patchwork-incoming@ozlabs.org>;
	Fri, 12 Dec 2014 16:34:36 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1760053AbaLLFeJ (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 12 Dec 2014 00:34:09 -0500
Received: from aserp1040.oracle.com ([141.146.126.69]:44726 "EHLO
	aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754461AbaLLFeI (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 12 Dec 2014 00:34:08 -0500
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93])
	by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with
	ESMTP id sBC5XxmN011591
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 12 Dec 2014 05:34:00 GMT
Received: from userz7022.oracle.com (userz7022.oracle.com [156.151.31.86])
	by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
	sBC5XwHH024270
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 12 Dec 2014 05:33:59 GMT
Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22])
	by userz7022.oracle.com (8.14.5+Sun/8.14.4) with ESMTP id
	sBC5XvOR001046; Fri, 12 Dec 2014 05:33:57 GMT
Received: from lappy.hsd1.nh.comcast.net (/10.154.115.3)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Thu, 11 Dec 2014 21:33:57 -0800
From: Sasha Levin <sasha.levin@oracle.com>
To: davem@davemloft.net
Cc: ast@plumgrid.com, dborkman@redhat.com, hannes@stressinduktion.org,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
	Sasha Levin <sasha.levin@oracle.com>
Subject: [PATCH] net: sock: correctly handle failed prog retrieval from fd
Date: Fri, 12 Dec 2014 00:33:48 -0500
Message-Id: <1418362428-15067-1-git-send-email-sasha.levin@oracle.com>
X-Mailer: git-send-email 2.1.0
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Commit "net: sock: allow eBPF programs to be attached to sockets" didn't
correctly handle the case where there is a failure getting the prog from
a given fd.

This allows for easy NULL ptr deref from userspace.

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
 net/core/filter.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/core/filter.c b/net/core/filter.c
index 8cc3c03..ec9baea 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -1103,8 +1103,8 @@ int sk_attach_bpf(u32 ufd, struct sock *sk)
 		return -EPERM;
 
 	prog = bpf_prog_get(ufd);
-	if (!prog)
-		return -EINVAL;
+	if (IS_ERR(prog))
+		return PTR_ERR(prog);
 
 	if (prog->aux->prog_type != BPF_PROG_TYPE_SOCKET_FILTER) {
 		/* valid fd, but invalid program type */