libbpf: Fix potential NULL pointer dereference

commit afd0be7 upstream. Wait until after the UMEM is checked for null to dereference it. Fixes: 43f1bc1 ("libbpf: Restore umem state after socket create failure") Signed-off-by: Ciara Loftus <ciara.loftus@intel.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20210408052009.7844-1-ciara.loftus@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
xanmod · Apr 21, 2021 · b33f7e0 · b33f7e0
1 parent f40de00
commit b33f7e0
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/tools/lib/bpf/xsk.c b/tools/lib/bpf/xsk.c
@@ -777,18 +777,19 @@ int xsk_socket__create_shared(struct xsk_socket **xsk_ptr,
 			      struct xsk_ring_cons *comp,
 			      const struct xsk_socket_config *usr_config)
 {
+	bool unmap, rx_setup_done = false, tx_setup_done = false;
 	void *rx_map = NULL, *tx_map = NULL;
 	struct sockaddr_xdp sxdp = {};
 	struct xdp_mmap_offsets off;
 	struct xsk_socket *xsk;
 	struct xsk_ctx *ctx;
 	int err, ifindex;
-	bool unmap = umem->fill_save != fill;
-	bool rx_setup_done = false, tx_setup_done = false;
 
 	if (!umem || !xsk_ptr || !(rx || tx))
 		return -EFAULT;
 
+	unmap = umem->fill_save != fill;
+
 	xsk = calloc(1, sizeof(*xsk));
 	if (!xsk)
 		return -ENOMEM;