From ddcc9b7feb451c5c8145d11879a6585a4ddd317d Mon Sep 17 00:00:00 2001 From: Karsten Graul Date: Tue, 15 Sep 2020 22:57:09 +0200 Subject: [PATCH] net/smc: check variable before dereferencing in smc_close.c smc->clcsock and smc->clcsock->sk are used before the check if they can be dereferenced. Fix this by checking the variables first. Fixes: a60a2b1e0af1 ("net/smc: reduce active tcp_listen workers") Reported-by: kernel test robot Reported-by: Dan Carpenter Signed-off-by: Karsten Graul Signed-off-by: David S. Miller --- net/smc/smc_close.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/smc/smc_close.c b/net/smc/smc_close.c index 10d05a6d34fc..0f9ffba07d26 100644 --- a/net/smc/smc_close.c +++ b/net/smc/smc_close.c @@ -208,11 +208,12 @@ int smc_close_active(struct smc_sock *smc) break; case SMC_LISTEN: sk->sk_state = SMC_CLOSED; - smc->clcsock->sk->sk_data_ready = smc->clcsk_data_ready; - smc->clcsock->sk->sk_user_data = NULL; sk->sk_state_change(sk); /* wake up accept */ - if (smc->clcsock && smc->clcsock->sk) + if (smc->clcsock && smc->clcsock->sk) { + smc->clcsock->sk->sk_data_ready = smc->clcsk_data_ready; + smc->clcsock->sk->sk_user_data = NULL; rc = kernel_sock_shutdown(smc->clcsock, SHUT_RDWR); + } smc_close_cleanup_listen(sk); release_sock(sk); flush_work(&smc->tcp_listen_work);