Commit b8f1f658 authored by Jason Wang's avatar Jason Wang Committed by David S. Miller

vhost_net: validate sock before trying to put its fd

Sock will be NULL if we pass -1 to vhost_net_set_backend(), but when
we meet errors during ubuf allocation, the code does not check for
NULL before calling sockfd_put(), this will lead NULL
dereferencing. Fixing by checking sock pointer before.

Fixes: bab632d6 ("vhost: vhost TX zero-copy support")
Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e5ab564c
...@@ -1226,6 +1226,7 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd) ...@@ -1226,6 +1226,7 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
if (ubufs) if (ubufs)
vhost_net_ubuf_put_wait_and_free(ubufs); vhost_net_ubuf_put_wait_and_free(ubufs);
err_ubufs: err_ubufs:
if (sock)
sockfd_put(sock); sockfd_put(sock);
err_vq: err_vq:
mutex_unlock(&vq->mutex); mutex_unlock(&vq->mutex);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment