blob: 3f49db3a4875f8be2a393d44ea28139895d3adbf [file] [log] [blame]
From 14220863aac2f5ae6a44dad034f29a1f18374a56 Mon Sep 17 00:00:00 2001
From: Karsten Graul <kgraul@linux.ibm.com>
Date: Sat, 18 Jul 2020 15:06:18 +0200
Subject: [PATCH] net/smc: fix restoring of fallback changes
commit 1ad24058335427d046b2e5666bcd15a62ad9e242 upstream.
When a listen socket is closed then all non-accepted sockets in its
accept queue are to be released. Inside __smc_release() the helper
smc_restore_fallback_changes() restores the changes done to the socket
without to check if the clcsocket has a file set. This can result in
a crash. Fix this by checking the file pointer first.
Reviewed-by: Ursula Braun <ubraun@linux.ibm.com>
Fixes: f536dffc0b79 ("net/smc: fix closing of fallback SMC sockets")
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index fe955fae2995..1070e6edeca2 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -125,8 +125,10 @@ EXPORT_SYMBOL_GPL(smc_proto6);
static void smc_restore_fallback_changes(struct smc_sock *smc)
{
- smc->clcsock->file->private_data = smc->sk.sk_socket;
- smc->clcsock->file = NULL;
+ if (smc->clcsock->file) { /* non-accepted sockets have no file yet */
+ smc->clcsock->file->private_data = smc->sk.sk_socket;
+ smc->clcsock->file = NULL;
+ }
}
static int smc_release(struct socket *sock)
--
2.27.0