From: Huang, Tao <huangtao@rock-chips.com>
Date: Wed, 27 Apr 2016 10:34:13 +0000 (+0800)
Subject: netfilter: xt_qtaguid: fix crash on non-full sks
X-Git-Tag: firefly_0821_release~2712
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=1b96a26c65104ee06eaa46dc23bbe22ebe3bf7d0;p=firefly-linux-kernel-4.4.55.git

netfilter: xt_qtaguid: fix crash on non-full sks

If sock is request_sock then kernel will crash. So use
skb_to_full_sk() and sk_fullsock() helper to make sure
we get full sock.

Change-Id: Iefd548e0591055b1a8031f0835c4dca7b9d42b61
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
---

diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c
index e1442bfb668d..2596e1bf402f 100644
--- a/net/netfilter/xt_qtaguid.c
+++ b/net/netfilter/xt_qtaguid.c
@@ -1606,7 +1606,7 @@ static struct sock *qtaguid_find_sk(const struct sk_buff *skb,
 		 * When in TCP_TIME_WAIT the sk is not a "struct sock" but
 		 * "struct inet_timewait_sock" which is missing fields.
 		 */
-		if (sk->sk_state  == TCP_TIME_WAIT) {
+		if (!sk_fullsock(sk)) {
 			sock_gen_put(sk);
 			sk = NULL;
 		}
@@ -1689,7 +1689,7 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
 	/* default: Fall through and do UID releated work */
 	}
 
-	sk = skb->sk;
+	sk = skb_to_full_sk(skb);
 	/*
 	 * When in TCP_TIME_WAIT the sk is not a "struct sock" but
 	 * "struct inet_timewait_sock" which is missing fields.