netfilter: nft_set_pipapo: fix null deref for empty set

commit 30c1d25b9870d551be42535067d5481668b5e6f3 upstream. Blamed commit broke the check for a null scratch map: - if (unlikely(!m || !*raw_cpu_ptr(m->scratch))) + if (unlikely(!raw_cpu_ptr(m->scratch))) This should have been "if (!*raw_ ...)". Use the pattern of the avx2 version which is more readable. This can only be reproduced if avx2 support isn't available. Fixes: d8d871a35ca9 ("netfilter: nft_set_pipapo: merge pipapo_get/lookup") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Florian Westphal <fw@strlen.de> 2025-08-11 12:26:10 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-09-19 16:37:39 +0200
commit: 51a321b480d1e753667f6aea497312461563f9fe (patch)
tree: 6a1daa3c339426a8fe18c87317442aef91bbde28
parent: 9c495549ba3053c5c2560e8d46807d1c65818f9a (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
index fa6741b3205a..793790d79d13 100644
--- a/net/netfilter/nft_set_pipapo.c
+++ b/net/netfilter/nft_set_pipapo.c
@@ -426,10 +426,9 @@ static struct nft_pipapo_elem *pipapo_get(const struct nft_pipapo_match *m,
 
 	local_bh_disable();
 
-	if (unlikely(!raw_cpu_ptr(m->scratch)))
-		goto out;
-
 	scratch = *raw_cpu_ptr(m->scratch);
+	if (unlikely(!scratch))
+		goto out;
 
 	map_index = scratch->map_index;
author	Florian Westphal <fw@strlen.de>	2025-08-11 12:26:10 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-09-19 16:37:39 +0200
commit	51a321b480d1e753667f6aea497312461563f9fe (patch)
tree	6a1daa3c339426a8fe18c87317442aef91bbde28
parent	9c495549ba3053c5c2560e8d46807d1c65818f9a (diff)