On Fri, 5 Feb 2021 18:13:35 +0100 Stefano Garzarella wrote:
> On Fri, Feb 05, 2021 at 03:25:17PM +0100, Norbert Slusarek wrote:
> >From: Norbert Slusarek <nslusa...@gmx.net>
> >Date: Fri, 5 Feb 2021 13:12:06 +0100
> >Subject: [PATCH] net/vmw_vsock: fix NULL pointer dereference
> >
> >In vsock_stream_connect(), a thread will enter schedule_timeout().
> >While being scheduled out, another thread can enter vsock_stream_connect()
> >as well and set vsk->transport to NULL. In case a signal was sent, the
> >first thread can leave schedule_timeout() and vsock_transport_cancel_pkt()
> >will be called right after. Inside vsock_transport_cancel_pkt(), a null
> >dereference will happen on transport->cancel_pkt.
> >
> >Fixes: c0cfa2d8a788 ("vsock: add multi-transports support")
> >Reported-by: Norbert Slusarek <nslusa...@gmx.net>
> >Signed-off-by: Norbert Slusarek <nslusa...@gmx.net>
> >---
> > net/vmw_vsock/af_vsock.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> >diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
> >index 6894f21dc147..cb81cfb47a78 100644
> >--- a/net/vmw_vsock/af_vsock.c
> >+++ b/net/vmw_vsock/af_vsock.c
> >@@ -1233,7 +1233,7 @@ static int vsock_transport_cancel_pkt(struct
> >vsock_sock *vsk)
> > {
> > const struct vsock_transport *transport = vsk->transport;
> >
> >- if (!transport->cancel_pkt)
> >+ if (!transport || !transport->cancel_pkt)
> > return -EOPNOTSUPP;
> >
> > return transport->cancel_pkt(vsk);
> >--
> >2.30.0
> >
>
> I can't see this patch on https://patchwork.kernel.org/project/netdevbpf/list/
>
> Maybe because you forgot to CC the netdev maintainers.
> Please next time use scripts/get_maintainer.pl
>
> Anyway the patch LGTM, so
>
> Reviewed-by: Stefano Garzarella <sgarz...@redhat.com>
Applied, thanks!
