Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3177165pxb;
        Mon, 9 Nov 2020 04:54:19 -0800 (PST)
X-Google-Smtp-Source: ABdhPJx5PUJ33vcKAe2yuvmZi47Y/J7wcEaitfoV10qClVejqmR3QnlQW9RLFD7lIV1WHhSoifFr
X-Received: by 2002:a17:906:402:: with SMTP id d2mr13983699eja.165.1604926459703;
        Mon, 09 Nov 2020 04:54:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1604926459; cv=none;
        d=google.com; s=arc-20160816;
        b=PkkjOzHwktETVBB5pbLudDU5/QgkXzb1aiLfrI44ETcoVri1FT6VenS1hnO/ZhjIIe
         fnEBWmqxsGWQVH4KTgIaEUAjz5LO4TToIEbhqJQjL4Lxt5iAM2+zFKPKQZD8jP5pe/Ld
         PbFAESL0N9JecBuHULuzlHekGjHbH6vIky8CIHMuLUYSIDvknHv0GT72247NFJNOn7G9
         4JIXvHutmY3ilvnO2iFz5pX85/EwEvvKbppg3UMSemlkNoGJesGweC9pklx/UBJyYVAD
         lChbHd78rORBuw7KzlGnTR7TpetYqJHSKTPqrb2OMaF62ZT5KKQaraqmv/F6ZzIC3GkL
         hqwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=PCZXZGJ7lY6Minn5zhUxGzQacseG/i8RGCf4Jhr0Zoc=;
        b=ljFUXYVZ0tjWdPqZ2P/RmqlnO8Gb3mGY2M4Rve1zJu0dugkaWOhoFnliZiRPieLSzj
         AWQzmjzb9XEedSSiBUqvMExUGyy9ZYQwuaGMFwevYoLKmBUIUMxW4B7s7W8Q0qH1YSk8
         /7G1v2tfT420USi43NPNWeBLCRYrOMGxaFgW0VRqLgI1/9rVJ5bTynEn3YO/Y32wyUJW
         vV+SYU1zlw297YOfVY9qLGUaC+OZs7iY4Oju43L65GRNN72TdQx8WNrISHQjByxbWw6p
         xxC8suPevEjNqKocM8G0+1hd6MdngwuYMFrgQpdQe8vzSHG9+TR+iim0vRav4VcwwR6v
         mMFw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id dp1si7417070ejc.286.2020.11.09.04.53.56;
        Mon, 09 Nov 2020 04:54:19 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729853AbgKIMw1 (ORCPT <rfc822;patchstalker@gmail.com>
        + 99 others); Mon, 9 Nov 2020 07:52:27 -0500
Received: from youngberry.canonical.com ([91.189.89.112]:51404 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729836AbgKIMw0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 9 Nov 2020 07:52:26 -0500
Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost)
        by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.86_2)
        (envelope-from <colin.king@canonical.com>)
        id 1kc6ee-00069P-2a; Mon, 09 Nov 2020 12:52:16 +0000
From:   Colin King <colin.king@canonical.com>
To:     Mat Martineau <mathew.j.martineau@linux.intel.com>,
        Matthieu Baerts <matthieu.baerts@tessares.net>,
        "David S . Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Geliang Tang <geliangtang@gmail.com>,
        Paolo Abeni <pabeni@redhat.com>, netdev@vger.kernel.org,
        mptcp@lists.01.org
Cc:     kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
Date:   Mon,  9 Nov 2020 12:52:15 +0000
Message-Id: <20201109125215.2080172-1-colin.king@canonical.com>
X-Mailer: git-send-email 2.28.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Colin Ian King <colin.king@canonical.com>

Currently the assignment of pointer net from the sock_net(sk) call
is potentially dereferencing a null pointer sk. sk points to the
same location as pointer msk and msk is being null checked after
the sock_net call.  Fix this by calling sock_net after the null
check on pointer msk.

Addresses-Coverity: ("Dereference before null check")
Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 net/mptcp/pm_netlink.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
index ed60538df7b2..e76879ea5a30 100644
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -206,13 +206,15 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
 	struct mptcp_pm_add_entry *entry = from_timer(entry, timer, add_timer);
 	struct mptcp_sock *msk = entry->sock;
 	struct sock *sk = (struct sock *)msk;
-	struct net *net = sock_net(sk);
+	struct net *net;
 
 	pr_debug("msk=%p", msk);
 
 	if (!msk)
 		return;
 
+	net = sock_net(sk);
+
 	if (inet_sk_state_load(sk) == TCP_CLOSE)
 		return;
 
-- 
2.28.0