net/smc: fix restoring of fallback changes

When a listen socket is closed then all non-accepted sockets in its
accept queue are to be released. Inside __smc_release() the helper
smc_restore_fallback_changes() restores the changes done to the socket
without to check if the clcsocket has a file set. This can result in
a crash. Fix this by checking the file pointer first.

Reviewed-by: Ursula Braun <ubraun@linux.ibm.com>
Fixes: f536dffc0b79 ("net/smc: fix closing of fallback SMC sockets")
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index d091509b5982f234eae1345a0ae98573b467adc9..1163d51196da996dac190701b9f31618a4406e46 100644 (file)
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -126,8 +126,10 @@ EXPORT_SYMBOL_GPL(smc_proto6);
 
 static void smc_restore_fallback_changes(struct smc_sock *smc)
 {
-       smc->clcsock->file->private_data = smc->sk.sk_socket;
-       smc->clcsock->file = NULL;
+       if (smc->clcsock->file) { /* non-accepted sockets have no file yet */
+               smc->clcsock->file->private_data = smc->sk.sk_socket;
+               smc->clcsock->file = NULL;
+       }
 }
 
 static int __smc_release(struct smc_sock *smc)