| Message ID | 20200915205709.50325-2-kgraul@linux.ibm.com |
|---|---|
| State | New |
| Headers | show |
| Series | [net-next,1/1] net/smc: check variable before dereferencing in smc_close.c | expand |
From: Karsten Graul <kgraul@linux.ibm.com> Date: Tue, 15 Sep 2020 22:57:09 +0200 > smc->clcsock and smc->clcsock->sk are used before the check if they can > be dereferenced. Fix this by checking the variables first. > > Fixes: a60a2b1e0af1 ("net/smc: reduce active tcp_listen workers") > Reported-by: kernel test robot <lkp@intel.com> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > Signed-off-by: Karsten Graul <kgraul@linux.ibm.com> Applied, thank you.
diff --git a/net/smc/smc_close.c b/net/smc/smc_close.c index 10d05a6d34fc..0f9ffba07d26 100644 --- a/net/smc/smc_close.c +++ b/net/smc/smc_close.c @@ -208,11 +208,12 @@ int smc_close_active(struct smc_sock *smc) break; case SMC_LISTEN: sk->sk_state = SMC_CLOSED; - smc->clcsock->sk->sk_data_ready = smc->clcsk_data_ready; - smc->clcsock->sk->sk_user_data = NULL; sk->sk_state_change(sk); /* wake up accept */ - if (smc->clcsock && smc->clcsock->sk) + if (smc->clcsock && smc->clcsock->sk) { + smc->clcsock->sk->sk_data_ready = smc->clcsk_data_ready; + smc->clcsock->sk->sk_user_data = NULL; rc = kernel_sock_shutdown(smc->clcsock, SHUT_RDWR); + } smc_close_cleanup_listen(sk); release_sock(sk); flush_work(&smc->tcp_listen_work);
smc->clcsock and smc->clcsock->sk are used before the check if they can be dereferenced. Fix this by checking the variables first. Fixes: a60a2b1e0af1 ("net/smc: reduce active tcp_listen workers") Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Karsten Graul <kgraul@linux.ibm.com> --- net/smc/smc_close.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)