This Linux kernel change "vhost_net: validate sock before trying to put its fd" is included in the Linux 3.16.61 release. This change is authored by Jason Wang <jasowang [at] redhat.com> on Thu Jun 21 13:11:31 2018 +0800. The commit for this change in Linux stable tree is 81aca22 (patch) which is from upstream commit b8f1f65. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream b8f1f65.
vhost_net: validate sock before trying to put its fd commit b8f1f65882f07913157c44673af7ec0b308d03eb upstream. Sock will be NULL if we pass -1 to vhost_net_set_backend(), but when we meet errors during ubuf allocation, the code does not check for NULL before calling sockfd_put(), this will lead NULL dereferencing. Fixing by checking sock pointer before. Fixes: bab632d69ee4 ("vhost: vhost TX zero-copy support") Reported-by: Dan Carpenter <email@example.com> Signed-off-by: Jason Wang <firstname.lastname@example.org> Signed-off-by: David S. Miller <email@example.com> Signed-off-by: Ben Hutchings <firstname.lastname@example.org>
There are 3 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.
drivers/vhost/net.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index d812f9d..f544cfa 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -983,7 +983,8 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd) if (ubufs) vhost_net_ubuf_put_wait_and_free(ubufs); err_ubufs: - sockfd_put(sock); + if (sock) + sockfd_put(sock); err_vq: mutex_unlock(&vq->mutex); err: