summaryrefslogtreecommitdiffstats
path: root/net/rds
diff options
context:
space:
mode:
authorSowmini Varadhan <sowmini.varadhan@oracle.com>2018-02-22 22:40:27 +0100
committerDavid S. Miller <davem@davemloft.net>2018-02-23 18:30:52 +0100
commit79a5b9727a1cceacd49921b78425ebda91836bd6 (patch)
treee03e5079d90724f8191618d5983afdc09868d356 /net/rds
parentr8169: simplify and improve check for dash (diff)
downloadlinux-79a5b9727a1cceacd49921b78425ebda91836bd6.tar.xz
linux-79a5b9727a1cceacd49921b78425ebda91836bd6.zip
rds: rds_msg_zcopy should return error of null rm->data.op_mmp_znotifier
if either or both of MSG_ZEROCOPY and SOCK_ZEROCOPY have not been specified, the rm->data.op_mmp_znotifier allocation will be skipped. In this case, it is invalid ot pass down a cmsghdr with RDS_CMSG_ZCOPY_COOKIE, so return EINVAL from rds_msg_zcopy for this case. Reported-by: syzbot+f893ae7bb2f6456dfbc3@syzkaller.appspotmail.com Fixes: 0cebaccef3ac ("rds: zerocopy Tx support.") Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com> Acked-by: Willem de Bruijn <willemb@google.com> Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/rds')
-rw-r--r--net/rds/send.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/rds/send.c b/net/rds/send.c
index 79d158b3def0..acad04243b41 100644
--- a/net/rds/send.c
+++ b/net/rds/send.c
@@ -941,7 +941,8 @@ static int rds_cmsg_zcopy(struct rds_sock *rs, struct rds_message *rm,
{
u32 *cookie;
- if (cmsg->cmsg_len < CMSG_LEN(sizeof(*cookie)))
+ if (cmsg->cmsg_len < CMSG_LEN(sizeof(*cookie)) ||
+ !rm->data.op_mmp_znotifier)
return -EINVAL;
cookie = CMSG_DATA(cmsg);
rm->data.op_mmp_znotifier->z_cookie = *cookie;