bpf: fix oops on allocation failure

"err" is set to zero if bpf_map_area_alloc() fails so it means we return
ERR_PTR(0) which is NULL.  The caller, find_and_alloc_map(), is not
expecting NULL returns and will oops.

Fixes: 174a79ff9515 ("bpf: sockmap with sk redirect support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c
index bcc326a2e5cebd23759179f37496976b213f7902..db0d99d2fe1846cc19b202b42df4031fc7f4d5f3 100644 (file)
--- a/kernel/bpf/sockmap.c
+++ b/kernel/bpf/sockmap.c
@@ -523,6 +523,7 @@ static struct bpf_map *sock_map_alloc(union bpf_attr *attr)
        if (err)
                goto free_stab;
 
+       err = -ENOMEM;
        stab->sock_map = bpf_map_area_alloc(stab->map.max_entries *
                                            sizeof(struct sock *),
                                            stab->map.numa_node);