| Message ID | trinity-c2d6cede-bfb1-44e2-85af-1fbc7f541715-1612535117028@3c-app-gmx-bap12 (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | net/vmw_vsock: fix NULL pointer dereference | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Guessed tree name to be net-next |
| netdev/subject_prefix | warning | Target tree name not specified in the subject |
| netdev/cc_maintainers | warning | 5 maintainers not CCed: kuba@kernel.org andraprs@amazon.com davem@davemloft.net colin.king@canonical.com jhansen@vmware.com |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 8 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
| netdev/header_inline | success | Link |
| netdev/stable | success | Stable not CCed |
On Fri, 5 Feb 2021 18:13:35 +0100 Stefano Garzarella wrote: > On Fri, Feb 05, 2021 at 03:25:17PM +0100, Norbert Slusarek wrote: > >From: Norbert Slusarek <nslusarek@gmx.net> > >Date: Fri, 5 Feb 2021 13:12:06 +0100 > >Subject: [PATCH] net/vmw_vsock: fix NULL pointer dereference > > > >In vsock_stream_connect(), a thread will enter schedule_timeout(). > >While being scheduled out, another thread can enter vsock_stream_connect() > >as well and set vsk->transport to NULL. In case a signal was sent, the > >first thread can leave schedule_timeout() and vsock_transport_cancel_pkt() > >will be called right after. Inside vsock_transport_cancel_pkt(), a null > >dereference will happen on transport->cancel_pkt. > > > >Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") > >Reported-by: Norbert Slusarek <nslusarek@gmx.net> > >Signed-off-by: Norbert Slusarek <nslusarek@gmx.net> > >--- > > net/vmw_vsock/af_vsock.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > >diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c > >index 6894f21dc147..cb81cfb47a78 100644 > >--- a/net/vmw_vsock/af_vsock.c > >+++ b/net/vmw_vsock/af_vsock.c > >@@ -1233,7 +1233,7 @@ static int vsock_transport_cancel_pkt(struct vsock_sock *vsk) > > { > > const struct vsock_transport *transport = vsk->transport; > > > >- if (!transport->cancel_pkt) > >+ if (!transport || !transport->cancel_pkt) > > return -EOPNOTSUPP; > > > > return transport->cancel_pkt(vsk); > >-- > >2.30.0 > > > > I can't see this patch on https://patchwork.kernel.org/project/netdevbpf/list/ > > Maybe because you forgot to CC the netdev maintainers. > Please next time use scripts/get_maintainer.pl > > Anyway the patch LGTM, so > > Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Applied, thanks!
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 6894f21dc147..cb81cfb47a78 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -1233,7 +1233,7 @@ static int vsock_transport_cancel_pkt(struct vsock_sock *vsk) { const struct vsock_transport *transport = vsk->transport; - if (!transport->cancel_pkt) + if (!transport || !transport->cancel_pkt) return -EOPNOTSUPP; return transport->cancel_pkt(vsk);