Commit 676363d9 authored by Jason Wang's avatar Jason Wang Committed by Kleber Sacilotto de Souza

vhost_net: validate sock before trying to put its fd

BugLink: https://bugs.launchpad.net/bugs/1790884

[ Upstream commit b8f1f658 ]

Sock will be NULL if we pass -1 to vhost_net_set_backend(), but when
we meet errors during ubuf allocation, the code does not check for
NULL before calling sockfd_put(), this will lead NULL
dereferencing. Fixing by checking sock pointer before.

Fixes: bab632d6 ("vhost: vhost TX zero-copy support")
Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 144c626e
...@@ -955,6 +955,7 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd) ...@@ -955,6 +955,7 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
if (ubufs) if (ubufs)
vhost_net_ubuf_put_wait_and_free(ubufs); vhost_net_ubuf_put_wait_and_free(ubufs);
err_ubufs: err_ubufs:
if (sock)
sockfd_put(sock); sockfd_put(sock);
err_vq: err_vq:
mutex_unlock(&vq->mutex); mutex_unlock(&vq->mutex);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment