Skip to content

Commit

Permalink
team: fix releasing uninitialized pointer to BPF prog
Browse files Browse the repository at this point in the history 
Commit 34c5bd6 introduced the possibility that an
uninitialized pointer on the stack (orig_fp) can call into
sk_unattached_filter_destroy() when its value is non NULL.

Before that commit orig_fp was only destroyed in the same
block where it was assigned a valid BPF prog before. Fix it
up by initializing it to NULL.

Fixes: 34c5bd6 ("net: filter: don't release unattached filter through call_rcu()")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Pablo Neira <pablo@netfilter.org>
Cc: Alexei Starovoitov <ast@plumgrid.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Daniel Borkmann authored and David S. Miller committed Jul 31, 2014
1 parent ccda4a7 commit 2b391ee
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/net/team/team_mode_loadbalance.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,7 +272,7 @@ static int lb_bpf_func_set(struct team *team, struct team_gsetter_ctx *ctx)
{
struct lb_priv *lb_priv = get_lb_priv(team);
struct sk_filter *fp = NULL;
struct sk_filter *orig_fp;
struct sk_filter *orig_fp = NULL;
struct sock_fprog_kern *fprog = NULL;
int err;

Expand Down

0 comments on commit 2b391ee

Please sign in to comment.