This is a note to let you know that I've just added the patch titled
RDS: null pointer dereference in rds_atomic_free_op
to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: rds-null-pointer-dereference-in-rds_atomic_free_op.patch and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From foo@baz Sat Jan 13 10:51:05 CET 2018
From: Mohamed Ghannam simo.ghannam@gmail.com Date: Wed, 3 Jan 2018 21:06:06 +0000 Subject: RDS: null pointer dereference in rds_atomic_free_op
From: Mohamed Ghannam simo.ghannam@gmail.com
[ Upstream commit 7d11f77f84b27cef452cee332f4e469503084737 ]
set rm->atomic.op_active to 0 when rds_pin_pages() fails or the user supplied address is invalid, this prevents a NULL pointer usage in rds_atomic_free_op()
Signed-off-by: Mohamed Ghannam simo.ghannam@gmail.com Acked-by: Santosh Shilimkar santosh.shilimkar@oracle.com Signed-off-by: David S. Miller davem@davemloft.net Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- net/rds/rdma.c | 1 + 1 file changed, 1 insertion(+)
--- a/net/rds/rdma.c +++ b/net/rds/rdma.c @@ -877,6 +877,7 @@ int rds_cmsg_atomic(struct rds_sock *rs, err: if (page) put_page(page); + rm->atomic.op_active = 0; kfree(rm->atomic.op_notifier);
return ret;
Patches currently in stable-queue which might be from simo.ghannam@gmail.com are
queue-4.14/rds-null-pointer-dereference-in-rds_atomic_free_op.patch queue-4.14/rds-heap-oob-write-in-rds_message_alloc_sgs.patch