summaryrefslogtreecommitdiffstats
path: root/net/rds/message.c
diff options
context:
space:
mode:
authorAditya Pakki <pakki001@umn.edu>2021-04-07 02:09:12 +0200
committerDavid S. Miller <davem@davemloft.net>2021-04-07 23:01:24 +0200
commit0c85a7e87465f2d4cbc768e245f4f45b2f299b05 (patch)
treef653dfb46e6bd1f35733c346052343ee5be02643 /net/rds/message.c
parentdocs: ethtool: fix some copy-paste errors (diff)
downloadlinux-0c85a7e87465f2d4cbc768e245f4f45b2f299b05.tar.xz
linux-0c85a7e87465f2d4cbc768e245f4f45b2f299b05.zip
net/rds: Avoid potential use after free in rds_send_remove_from_sock
In case of rs failure in rds_send_remove_from_sock(), the 'rm' resource is freed and later under spinlock, causing potential use-after-free. Set the free pointer to NULL to avoid undefined behavior. Signed-off-by: Aditya Pakki <pakki001@umn.edu> Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/rds/message.c')
-rw-r--r--net/rds/message.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/rds/message.c b/net/rds/message.c
index 799034e0f513..4fc66ff0f1ec 100644
--- a/net/rds/message.c
+++ b/net/rds/message.c
@@ -180,6 +180,7 @@ void rds_message_put(struct rds_message *rm)
rds_message_purge(rm);
kfree(rm);
+ rm = NULL;
}
}
EXPORT_SYMBOL_GPL(rds_message_put);