This is a note to let you know that I've just added the patch titled
RDMA/ucma: Check that device exists prior to accessing it
to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: rdma-ucma-check-that-device-exists-prior-to-accessing-it.patch and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From c8d3bcbfc5eab3f01cf373d039af725f3b488813 Mon Sep 17 00:00:00 2001
From: Leon Romanovsky leonro@mellanox.com Date: Sun, 25 Mar 2018 11:39:05 +0300 Subject: RDMA/ucma: Check that device exists prior to accessing it
From: Leon Romanovsky leonro@mellanox.com
commit c8d3bcbfc5eab3f01cf373d039af725f3b488813 upstream.
Ensure that device exists prior to accessing its properties.
Reported-by: syzbot+71655d44855ac3e76366@syzkaller.appspotmail.com Fixes: 75216638572f ("RDMA/cma: Export rdma cm interface to userspace") Signed-off-by: Leon Romanovsky leonro@mellanox.com Signed-off-by: Jason Gunthorpe jgg@mellanox.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/infiniband/core/ucma.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/core/ucma.c +++ b/drivers/infiniband/core/ucma.c @@ -1317,7 +1317,7 @@ static ssize_t ucma_notify(struct ucma_f { struct rdma_ucm_notify cmd; struct ucma_context *ctx; - int ret; + int ret = -EINVAL;
if (copy_from_user(&cmd, inbuf, sizeof(cmd))) return -EFAULT; @@ -1326,7 +1326,9 @@ static ssize_t ucma_notify(struct ucma_f if (IS_ERR(ctx)) return PTR_ERR(ctx);
- ret = rdma_notify(ctx->cm_id, (enum ib_event_type) cmd.event); + if (ctx->cm_id->device) + ret = rdma_notify(ctx->cm_id, (enum ib_event_type)cmd.event); + ucma_put_ctx(ctx); return ret; }
Patches currently in stable-queue which might be from leonro@mellanox.com are
queue-4.9/rdma-ucma-check-af-family-prior-resolving-address.patch queue-4.9/rdma-ucma-check-that-device-is-connected-prior-to-access-it.patch queue-4.9/rdma-ucma-fix-use-after-free-access-in-ucma_close.patch queue-4.9/rdma-ucma-ensure-that-cm_id-exists-prior-to-access-it.patch queue-4.9/rdma-ucma-check-that-device-exists-prior-to-accessing-it.patch