bpf: fix null pointer dereference on pointer offload

Pointer offload is being null checked however the following statement
dereferences the potentially null pointer offload when assigning
offload->dev_state.  Fix this by only assigning it if offload is not
null.

Detected by CoverityScan, CID#1475437 ("Dereference after null check")

Fixes: 00db12c3d141 ("bpf: call verifier_prep from its callback in struct bpf_offload_dev")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/offload.c b/kernel/bpf/offload.c
index 52c5617e37160220b096e8949454afe192c2f471..54cf2b9c44a4570e8007848d1b530d367aefe64f 100644 (file)
--- a/kernel/bpf/offload.c
+++ b/kernel/bpf/offload.c
@@ -130,9 +130,10 @@ int bpf_prog_offload_verifier_prep(struct bpf_prog *prog)
 
        down_read(&bpf_devs_lock);
        offload = prog->aux->offload;
-       if (offload)
+       if (offload) {
                ret = offload->offdev->ops->prepare(prog);
-       offload->dev_state = !ret;
+               offload->dev_state = !ret;
+       }
        up_read(&bpf_devs_lock);
 
        return ret;