| From afd0be7299533bb2e2b09104399d8a467ecbd2c5 Mon Sep 17 00:00:00 2001 |
| From: Ciara Loftus <ciara.loftus@intel.com> |
| Date: Thu, 8 Apr 2021 05:20:09 +0000 |
| Subject: libbpf: Fix potential NULL pointer dereference |
| |
| From: Ciara Loftus <ciara.loftus@intel.com> |
| |
| commit afd0be7299533bb2e2b09104399d8a467ecbd2c5 upstream. |
| |
| Wait until after the UMEM is checked for null to dereference it. |
| |
| Fixes: 43f1bc1efff1 ("libbpf: Restore umem state after socket create failure") |
| Signed-off-by: Ciara Loftus <ciara.loftus@intel.com> |
| Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
| Link: https://lore.kernel.org/bpf/20210408052009.7844-1-ciara.loftus@intel.com |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| tools/lib/bpf/xsk.c | 5 +++-- |
| 1 file changed, 3 insertions(+), 2 deletions(-) |
| |
| --- a/tools/lib/bpf/xsk.c |
| +++ b/tools/lib/bpf/xsk.c |
| @@ -777,18 +777,19 @@ int xsk_socket__create_shared(struct xsk |
| struct xsk_ring_cons *comp, |
| const struct xsk_socket_config *usr_config) |
| { |
| + bool unmap, rx_setup_done = false, tx_setup_done = false; |
| void *rx_map = NULL, *tx_map = NULL; |
| struct sockaddr_xdp sxdp = {}; |
| struct xdp_mmap_offsets off; |
| struct xsk_socket *xsk; |
| struct xsk_ctx *ctx; |
| int err, ifindex; |
| - bool unmap = umem->fill_save != fill; |
| - bool rx_setup_done = false, tx_setup_done = false; |
| |
| if (!umem || !xsk_ptr || !(rx || tx)) |
| return -EFAULT; |
| |
| + unmap = umem->fill_save != fill; |
| + |
| xsk = calloc(1, sizeof(*xsk)); |
| if (!xsk) |
| return -ENOMEM; |
