bpf: Fix NULL dereference in bpf_task_storage

In bpf_pid_task_storage_update_elem(), it missed to test the !task_storage_ptr(task) which then could trigger a NULL pointer exception in bpf_local_storage_update(). Fixes: 4cf1bc1f1045 ("bpf: Implement task local storage") Signed-off-by: Martin KaFai Lau <kafai@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Tested-by: Roman Gushchin <guro@fb.com> Acked-by: KP Singh <kpsingh@google.com> Link: https://lore.kernel.org/bpf/20201112001919.2028357-1-kafai@fb.com
author: Martin KaFai Lau <kafai@fb.com> 2020-11-11 16:19:19 -0800
committer: Alexei Starovoitov <ast@kernel.org> 2020-11-11 18:14:49 -0800
commit: 09a3dac7b579e57e7ef2d875b9216c845ae8a0e5 (patch)
tree: 719cb5169f79d3effa678cf513a19fa10530fb54 /kernel
parent: 8378788cfe746d6d7222ded06d400377a3fc93e5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/bpf/bpf_task_storage.c b/kernel/bpf/bpf_task_storage.c
index 39a45fba4fb0..4ef1959a78f2 100644
--- a/kernel/bpf/bpf_task_storage.c
+++ b/kernel/bpf/bpf_task_storage.c
@@ -150,7 +150,7 @@ static int bpf_pid_task_storage_update_elem(struct bpf_map *map, void *key,
 	 */
 	WARN_ON_ONCE(!rcu_read_lock_held());
 	task = pid_task(pid, PIDTYPE_PID);
-	if (!task) {
+	if (!task || !task_storage_ptr(task)) {
 		err = -ENOENT;
 		goto out;
 	}
author	Martin KaFai Lau <kafai@fb.com>	2020-11-11 16:19:19 -0800
committer	Alexei Starovoitov <ast@kernel.org>	2020-11-11 18:14:49 -0800
commit	09a3dac7b579e57e7ef2d875b9216c845ae8a0e5 (patch)
tree	719cb5169f79d3effa678cf513a19fa10530fb54 /kernel
parent	8378788cfe746d6d7222ded06d400377a3fc93e5 (diff)