From mboxrd@z Thu Jan 1 00:00:00 1970 From: simo.ghannam@gmail.com Subject: [PATCH] RDS: null pointer dereference in rds_atomic_free_op Date: Wed, 3 Jan 2018 21:06:06 +0000 Message-ID: <5a4d45ce.8b8a1c0a.1d072.e5e1@mx.google.com> Cc: Mohamed Ghannam To: netdev@vger.kernel.org, linux-rdma@vger.kernel.org, santosh.shilimkar@oracle.com, davem@davemloft.net, rds-devel@oss.oracle.com Return-path: Received: from mail-wm0-f68.google.com ([74.125.82.68]:36512 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751098AbeACVGY (ORCPT ); Wed, 3 Jan 2018 16:06:24 -0500 Sender: netdev-owner@vger.kernel.org List-ID: From: Mohamed Ghannam set rm->atomic.op_active to 0 when rds_pin_pages() fails or the user supplied address is invalid, this prevents a NULL pointer usage in rds_atomic_free_op() Signed-off-by: Mohamed Ghannam --- net/rds/rdma.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/rds/rdma.c b/net/rds/rdma.c index bc2f1e0977d6..398932fbaf27 100644 --- a/net/rds/rdma.c +++ b/net/rds/rdma.c @@ -874,6 +874,7 @@ int rds_cmsg_atomic(struct rds_sock *rs, struct rds_message *rm, err: if (page) put_page(page); + rm->atomic.op_active = 0; kfree(rm->atomic.op_notifier); return ret; -- 2.14.1