From: zhangmingyi <zhangmingyi5@huawei.com> euleros inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I545NW CVE: NA -------------------------------- fix a bug in bpf_tcp_ingress(), addr use after free Signed-off-by: zhangmingyi <zhangmingyi5@huawei.com> Reviewed-by: liuxin <liuxin350@huawei.com> Reviewed-by: wuchangye <wuchangye@huawei.com> Fixes: 8818e269f18d ("bpf, sockmap: Add sk_rmem_alloc check for sockmap") Signed-off-by: Liu Jian <liujian56@huawei.com> --- net/ipv4/tcp_bpf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c index ad612109317f..1cff6ae3f6fd 100644 --- a/net/ipv4/tcp_bpf.c +++ b/net/ipv4/tcp_bpf.c @@ -138,7 +138,8 @@ static int bpf_tcp_ingress(struct sock *sk, struct sk_psock *psock, if (!ret) { msg->sg.start = i; sk_psock_queue_msg(psock, tmp); - atomic_add(tmp->sg.size, &sk->sk_rmem_alloc); + if (sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED)) + atomic_add(tmp->sg.size, &sk->sk_rmem_alloc); sk_psock_data_ready(sk, psock); } else { sk_msg_free(sk, tmp); -- 2.34.1