net: core: fix Null ptr dereference in UID-based routing

sock_i_uid(struct sock *) is being called without checking
for a valid "struct sock" pointer, resulting in following
Null pointer dereference:

[   17.633071] Unable to handle kernel NULL pointer dereference at virtual address 00000198
[   17.641087] pgd = ffffffc07a554000
[   17.644465] [00000198] *pgd=00000000fa49b003, *pud=00000000fa49b003, *pmd=0000000000000000
[   17.652669] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[   17.658186] Modules linked in:
[   17.661217] CPU: 1 PID: 1333 Comm: S21avahi-daemon Not tainted 4.0.0-rc7+ #2
[   17.668195] Hardware name: ARM Juno development board (r0) (DT)
[   17.674055] task: ffffffc976936800 ti: ffffffc079c0c000 task.ti: ffffffc079c0c000
[   17.681470] PC is at _raw_read_lock_bh+0x34/0x54
[   17.686042] LR is at sock_i_uid+0x24/0x64

Not that we need to check for valid pointer everytime we call
sock_i_uid() but plan is to at least do it when we are doing
this Null pointer check for other arguments.

Change-Id: I04521c1c38179687acd91d155ea2fd4658573ae7
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

include/net/route.h

@@ -143,7 +143,7 @@ static inline struct rtable *ip_route_output_ports(struct net *net, struct flowi
 	flowi4_init_output(fl4, oif, sk ? sk->sk_mark : 0, tos,
 			   RT_SCOPE_UNIVERSE, proto,
 			   sk ? inet_sk_flowi_flags(sk) : 0,
-			   daddr, saddr, dport, sport, sock_i_uid(sk));
+			   daddr, saddr, dport, sport, sk ? sock_i_uid(sk) : GLOBAL_ROOT_UID);
 	if (sk)
 		security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
 	return ip_route_output_flow(net, fl4, sk);

net/ipv4/route.c

@@ -531,7 +531,8 @@ static void __build_flow_key(struct flowi4 *fl4, struct sock *sk,
 	flowi4_init_output(fl4, oif, mark, tos,
 			   RT_SCOPE_UNIVERSE, prot,
 			   flow_flags,
-			   iph->daddr, iph->saddr, 0, 0, sock_i_uid(sk));
+			   iph->daddr, iph->saddr, 0, 0,
+			   sk ? sock_i_uid(sk) : GLOBAL_ROOT_UID);
 }
 
 static void build_skb_flow_key(struct flowi4 *fl4, const struct sk_buff *skb,