From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 1 Dec 2019 17:25:00 +0000 (+0100)
Subject: cgroups/devices: handle NULL
X-Git-Tag: lxc-4.0.0~90^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30da741c5038e3e683e170bfee974d25487de14a;p=thirdparty%2Flxc.git

cgroups/devices: handle NULL

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c
index 52c1860f5..826f757df 100644
--- a/src/lxc/cgroups/cgroup2_devices.c
+++ b/src/lxc/cgroups/cgroup2_devices.c
@@ -51,6 +51,9 @@ static int bpf_program_add_instructions(struct bpf_program *prog,
 
 void bpf_program_free(struct bpf_program *prog)
 {
+	if (!prog)
+		return;
+
 	(void)bpf_program_cgroup_detach(prog);
 
 	if (prog->kernel_fd >= 0)
@@ -176,6 +179,9 @@ struct bpf_program *bpf_program_new(uint32_t prog_type)
 
 int bpf_program_init(struct bpf_program *prog)
 {
+	if (!prog)
+		return minus_one_set_errno(EINVAL);
+
 	const struct bpf_insn pre_insn[] = {
 	    /* load device type to r2 */
 	    BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, access_type)),
@@ -206,6 +212,9 @@ int bpf_program_append_device(struct bpf_program *prog, struct device_item *devi
 	int access_mask;
 	int device_type;
 
+	if (!prog || !device)
+		return minus_one_set_errno(EINVAL);
+
 	/* This is a global rule so no need to append anything. */
 	if (device->global_rule >= 0) {
 		prog->blacklist = device->global_rule;
@@ -287,6 +296,9 @@ int bpf_program_finalize(struct bpf_program *prog)
 	    BPF_EXIT_INSN(),
 	};
 
+	if (!prog)
+		return minus_one_set_errno(EINVAL);
+
 	TRACE("Implementing %s bpf device cgroup program",
 	      prog->blacklist ? "blacklist" : "whitelist");
 	return bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
@@ -327,6 +339,9 @@ int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
 	union bpf_attr attr;
 	int ret;
 
+	if (!prog)
+		return minus_one_set_errno(EINVAL);
+
 	if (flags & ~(BPF_F_ALLOW_OVERRIDE, BPF_F_ALLOW_MULTI))
 		return error_log_errno(EINVAL, "Invalid flags for bpf program");