From 30f8cb812e27d8ab40a2c0669ac20a8ee45a7c56 Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Fri, 2 Feb 2024 13:58:37 -0500
Subject: [PATCH] socket: Don't assume m0 != NULL in sbappendcontrol_locked()

Some callers (e.g., ktls_decrypt()) violate this assumption and thus
could trigger a NULL pointer dereference in KMSAN kernels.

Reported by:	glebius
Fixes:		ec45f952a232 ("sockbuf: Add KMSAN checks to sbappend*()")
MFC after:	1 week
---
 sys/kern/uipc_sockbuf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/kern/uipc_sockbuf.c b/sys/kern/uipc_sockbuf.c
index 2732ee8199e..6d3050596f2 100644
--- a/sys/kern/uipc_sockbuf.c
+++ b/sys/kern/uipc_sockbuf.c
@@ -1326,7 +1326,8 @@ sbappendcontrol_locked(struct sockbuf *sb, struct mbuf *m0,
 {
 	struct mbuf *m, *mlast;
 
-	kmsan_check_mbuf(m0, "sbappend");
+	if (m0 != NULL)
+		kmsan_check_mbuf(m0, "sbappend");
 	kmsan_check_mbuf(control, "sbappend");
 
 	sbm_clrprotoflags(m0, flags);