bonding: fix null pointer deref in bond_ipsec_offload_ok

[ Upstream commit 95c90e4ad89d493a7a14fa200082e466e2548f9d ]

We must check if there is an active slave before dereferencing the pointer.

Fixes: 18cb261afd7b ("bonding: support hardware encryption offload to slaves")
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 2370da46321493de056e17a7b92f3051a844aac0..55841a0e05a47fccd42dc93afe7b4d8795e3e1ed 100644 (file)
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -604,6 +604,8 @@ static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)
        bond = netdev_priv(bond_dev);
        rcu_read_lock();
        curr_active = rcu_dereference(bond->curr_active_slave);
+       if (!curr_active)
+               goto out;
        real_dev = curr_active->dev;
 
        if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)