netfilter: nft_set_pipapo: fix null deref for empty set

commit 30c1d25b9870d551be42535067d5481668b5e6f3 upstream. Blamed commit broke the check for a null scratch map: - if (unlikely(!m || !*raw_cpu_ptr(m->scratch))) + if (unlikely(!raw_cpu_ptr(m->scratch))) This should have been "if (!*raw_ ...)". Use the pattern of the avx2 version which is more readable. This can only be reproduced if avx2 support isn't available. Fixes: d8d871a35ca9 ("netfilter: nft_set_pipapo: merge pipapo_get/lookup") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Florian Westphal <fw@strlen.de> 2025-08-11 12:26:10 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-09-19 16:35:51 +0200
commit: 44b2be6d5994ddf07ecc86c01d3279bfa13e9ef6 (patch)
tree: bc70b27ee64d055a90eb40e91874bdd64c6c5e33
parent: 5539bc82cedadea42878025ff86117762f098a81 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
index fa6741b3205a..793790d79d13 100644
--- a/net/netfilter/nft_set_pipapo.c
+++ b/net/netfilter/nft_set_pipapo.c
@@ -426,10 +426,9 @@ static struct nft_pipapo_elem *pipapo_get(const struct nft_pipapo_match *m,
 
 	local_bh_disable();
 
-	if (unlikely(!raw_cpu_ptr(m->scratch)))
-		goto out;
-
 	scratch = *raw_cpu_ptr(m->scratch);
+	if (unlikely(!scratch))
+		goto out;
 
 	map_index = scratch->map_index;
author	Florian Westphal <fw@strlen.de>	2025-08-11 12:26:10 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-09-19 16:35:51 +0200
commit	44b2be6d5994ddf07ecc86c01d3279bfa13e9ef6 (patch)
tree	bc70b27ee64d055a90eb40e91874bdd64c6c5e33
parent	5539bc82cedadea42878025ff86117762f098a81 (diff)