bpf: fix null pointer dereference on pointer offload

Pointer offload is being null checked however the following statement dereferences the potentially null pointer offload when assigning offload->dev_state. Fix this by only assigning it if offload is not null. Detected by CoverityScan, CID#1475437 ("Dereference after null check") Fixes: 00db12c3d141 ("bpf: call verifier_prep from its callback in struct bpf_offload_dev") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Colin Ian King <colin.king@canonical.com> 2018-11-13 09:29:26 +0000
committer: Alexei Starovoitov <ast@kernel.org> 2018-11-16 20:48:27 -0800
commit: 592ee43faf860c1f2c0a4c11838db6fdb974bb78 (patch)
tree: abe6c9b8ad2e8cf99300ea96fc6e78c3bfaa6810 /kernel/bpf/offload.c
parent: 29a9c10e4110e368443f0b606d71557edee7f2cc (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/kernel/bpf/offload.c b/kernel/bpf/offload.c
index 52c5617e3716..54cf2b9c44a4 100644
--- a/kernel/bpf/offload.c
+++ b/kernel/bpf/offload.c
@@ -130,9 +130,10 @@ int bpf_prog_offload_verifier_prep(struct bpf_prog *prog)
 
 	down_read(&bpf_devs_lock);
 	offload = prog->aux->offload;
-	if (offload)
+	if (offload) {
 		ret = offload->offdev->ops->prepare(prog);
-	offload->dev_state = !ret;
+		offload->dev_state = !ret;
+	}
 	up_read(&bpf_devs_lock);
 
 	return ret;
author	Colin Ian King <colin.king@canonical.com>	2018-11-13 09:29:26 +0000
committer	Alexei Starovoitov <ast@kernel.org>	2018-11-16 20:48:27 -0800
commit	592ee43faf860c1f2c0a4c11838db6fdb974bb78 (patch)
tree	abe6c9b8ad2e8cf99300ea96fc6e78c3bfaa6810 /kernel/bpf/offload.c
parent	29a9c10e4110e368443f0b606d71557edee7f2cc (diff)