Commit 198bf1b0 authored by Alexei Starovoitov's avatar Alexei Starovoitov Committed by David S. Miller

net: sock: fix access via invalid file descriptor

0day robot reported the following crash:
[   21.233581] BUG: unable to handle kernel NULL pointer dereference at 0000000000000007
[   21.234709] IP: [<ffffffff8156ebda>] sk_attach_bpf+0x39/0xc2

It's due to bpf_prog_get() returning ERR_PTR.
Check it properly.
Reported-by: default avatarFengguang Wu <fengguang.wu@intel.com>
Fixes: 89aa0758 ("net: sock: allow eBPF programs to be attached to sockets")
Signed-off-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f95b414e
...@@ -1103,8 +1103,8 @@ int sk_attach_bpf(u32 ufd, struct sock *sk) ...@@ -1103,8 +1103,8 @@ int sk_attach_bpf(u32 ufd, struct sock *sk)
return -EPERM; return -EPERM;
prog = bpf_prog_get(ufd); prog = bpf_prog_get(ufd);
if (!prog) if (IS_ERR(prog))
return -EINVAL; return PTR_ERR(prog);
if (prog->aux->prog_type != BPF_PROG_TYPE_SOCKET_FILTER) { if (prog->aux->prog_type != BPF_PROG_TYPE_SOCKET_FILTER) {
/* valid fd, but invalid program type */ /* valid fd, but invalid program type */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment