From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
syzbot+71655d44855ac3e76366@syzkaller.appspotmail.com,
Leon Romanovsky <leonro@mellanox.com>,
Jason Gunthorpe <jgg@mellanox.com>
Subject: [PATCH 4.14 24/67] RDMA/ucma: Check that device exists prior to accessing it
Date: Fri, 6 Apr 2018 15:23:54 +0200 [thread overview]
Message-ID: <20180406084344.595753875@linuxfoundation.org> (raw)
In-Reply-To: <20180406084341.225558262@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Leon Romanovsky <leonro@mellanox.com>
commit c8d3bcbfc5eab3f01cf373d039af725f3b488813 upstream.
Ensure that device exists prior to accessing its properties.
Reported-by: <syzbot+71655d44855ac3e76366@syzkaller.appspotmail.com>
Fixes: 75216638572f ("RDMA/cma: Export rdma cm interface to userspace")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/ucma.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -1335,7 +1335,7 @@ static ssize_t ucma_notify(struct ucma_f
{
struct rdma_ucm_notify cmd;
struct ucma_context *ctx;
- int ret;
+ int ret = -EINVAL;
if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
return -EFAULT;
@@ -1344,7 +1344,9 @@ static ssize_t ucma_notify(struct ucma_f
if (IS_ERR(ctx))
return PTR_ERR(ctx);
- ret = rdma_notify(ctx->cm_id, (enum ib_event_type) cmd.event);
+ if (ctx->cm_id->device)
+ ret = rdma_notify(ctx->cm_id, (enum ib_event_type)cmd.event);
+
ucma_put_ctx(ctx);
return ret;
}
next prev parent reply other threads:[~2018-04-06 13:38 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-06 13:23 [PATCH 4.14 00/67] 4.14.33-stable review Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 01/67] ARM: OMAP: Fix SRAM W+X mapping Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 02/67] ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 03/67] ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 04/67] ARM: dts: sun6i: a31s: bpi-m2: add missing regulators Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 05/67] mtd: jedec_probe: Fix crash in jedec_read_mfr() Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 06/67] mtd: nand: atmel: Fix get_sectorsize() function Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 07/67] ALSA: usb-audio: Add native DSD support for TEAC UD-301 Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 08/67] ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 09/67] ALSA: pcm: potential uninitialized return values Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 10/67] x86/platform/uv/BAU: Add APIC idt entry Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 11/67] perf/hwbp: Simplify the perf-hwbp code, fix documentation Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 12/67] ceph: only dirty ITER_IOVEC pages for direct read Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 13/67] ipc/shm.c: add split function to shm_vm_ops Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 14/67] i2c: i2c-stm32f7: fix no check on returned setup Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 15/67] powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 16/67] powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 17/67] partitions/msdos: Unable to mount UFS 44bsd partitions Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 18/67] xfrm_user: uncoditionally validate esn replay attribute struct Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 19/67] RDMA/ucma: Check AF family prior resolving address Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 20/67] RDMA/ucma: Fix use-after-free access in ucma_close Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 21/67] RDMA/ucma: Ensure that CM_ID exists prior to access it Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 22/67] RDMA/rdma_cm: Fix use after free race with process_one_req Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 23/67] RDMA/ucma: Check that device is connected prior to access it Greg Kroah-Hartman
2018-04-06 13:23 ` Greg Kroah-Hartman [this message]
2018-04-06 13:23 ` [PATCH 4.14 25/67] RDMA/ucma: Introduce safer rdma_addr_size() variants Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 26/67] net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 27/67] xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 28/67] percpu: add __GFP_NORETRY semantics to the percpu balancing path Greg Kroah-Hartman
2018-04-06 13:23 ` [PATCH 4.14 29/67] netfilter: x_tables: make allocation less aggressive Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 30/67] netfilter: bridge: ebt_among: add more missing match size checks Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 31/67] l2tp: fix races with ipv4-mapped ipv6 addresses Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 32/67] netfilter: drop template ct when conntrack is skipped Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 33/67] netfilter: x_tables: add and use xt_check_proc_name Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 34/67] phy: qcom-ufs: add MODULE_LICENSE tag Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 35/67] Bluetooth: Fix missing encryption refresh on Security Request Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 36/67] usb: dwc2: Improve gadget state disconnection handling Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 37/67] bitmap: fix memset optimization on big-endian systems Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 38/67] USB: serial: ftdi_sio: add RT Systems VX-8 cable Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 39/67] USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 40/67] USB: serial: cp210x: add ELDAT Easywave RX09 id Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 41/67] serial: 8250: Add Nuvoton NPCM UART Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 42/67] mei: remove dev_err message on an unsupported ioctl Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 43/67] /dev/mem: Avoid overwriting "err" in read_mem() Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 44/67] media: usbtv: prevent double free in error case Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 45/67] parport_pc: Add support for WCH CH382L PCI-E single parallel port card Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 46/67] crypto: lrw - Free rctx->ext with kzfree Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 47/67] crypto: inside-secure - fix clock management Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 48/67] crypto: testmgr - Fix incorrect values in PKCS#1 test vector Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 49/67] crypto: ahash - Fix early termination in hash walk Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 51/67] crypto: ccp - return an actual key size from RSA max_size callback Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 52/67] crypto: arm,arm64 - Fix random regeneration of S_shipped Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 53/67] crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 54/67] Btrfs: fix unexpected cow in run_delalloc_nocow Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 55/67] staging: comedi: ni_mio_common: ack ai fifo error interrupts Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 56/67] Revert "base: arch_topology: fix section mismatch build warnings" Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 57/67] Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370 Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 58/67] Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 59/67] Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 60/67] vt: change SGR 21 to follow the standards Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 61/67] ARM: dts: DRA76-EVM: Set powerhold property for tps65917 Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 62/67] net: hns: Fix ethtool private flags Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 63/67] Fix slab name "biovec-(1<<(21-12))" Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 64/67] Revert "ARM: dts: am335x-pepper: Fix the audio CODECs reset pin" Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 65/67] Revert "ARM: dts: omap3-n900: " Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 66/67] Revert "cpufreq: Fix governor module removal race" Greg Kroah-Hartman
2018-04-06 13:24 ` [PATCH 4.14 67/67] Revert "ip6_vti: adjust vti mtu according to mtu of lower device" Greg Kroah-Hartman
2018-04-06 20:07 ` [PATCH 4.14 00/67] 4.14.33-stable review Dan Rue
2018-04-06 22:10 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180406084344.595753875@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jgg@mellanox.com \
--cc=leonro@mellanox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+71655d44855ac3e76366@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).