Commit d16207f9 authored by Taehee Yoo's avatar Taehee Yoo Committed by Jakub Kicinski

amt: fix possible null-ptr-deref in amt_rcv()

When amt interface receives amt message, it tries to obtain amt private
data from sock.
If there is no amt private data, it frees an skb immediately.
After kfree_skb(), it increases the rx_dropped stats.
But in order to use rx_dropped, amt private data is needed.
So, it makes amt_rcv() to do not increase rx_dropped stats when it can
not obtain amt private data.
Reported-by: default avatarkernel test robot <lkp@intel.com>
Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Fixes: 1a1a0e80 ("amt: fix possible memory leak in amt_rcv()")
Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent f55a0707
...@@ -2698,7 +2698,8 @@ static int amt_rcv(struct sock *sk, struct sk_buff *skb) ...@@ -2698,7 +2698,8 @@ static int amt_rcv(struct sock *sk, struct sk_buff *skb)
amt = rcu_dereference_sk_user_data(sk); amt = rcu_dereference_sk_user_data(sk);
if (!amt) { if (!amt) {
err = true; err = true;
goto drop; kfree_skb(skb);
goto out;
} }
skb->dev = amt->dev; skb->dev = amt->dev;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment