diff options
author | Sowmini Varadhan <sowmini.varadhan@oracle.com> | 2018-02-22 22:40:27 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-02-23 18:30:52 +0100 |
commit | 79a5b9727a1cceacd49921b78425ebda91836bd6 (patch) | |
tree | e03e5079d90724f8191618d5983afdc09868d356 /net/rds | |
parent | r8169: simplify and improve check for dash (diff) | |
download | linux-79a5b9727a1cceacd49921b78425ebda91836bd6.tar.xz linux-79a5b9727a1cceacd49921b78425ebda91836bd6.zip |
rds: rds_msg_zcopy should return error of null rm->data.op_mmp_znotifier
if either or both of MSG_ZEROCOPY and SOCK_ZEROCOPY have not been
specified, the rm->data.op_mmp_znotifier allocation will be skipped.
In this case, it is invalid ot pass down a cmsghdr with
RDS_CMSG_ZCOPY_COOKIE, so return EINVAL from rds_msg_zcopy for this
case.
Reported-by: syzbot+f893ae7bb2f6456dfbc3@syzkaller.appspotmail.com
Fixes: 0cebaccef3ac ("rds: zerocopy Tx support.")
Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/rds')
-rw-r--r-- | net/rds/send.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/rds/send.c b/net/rds/send.c index 79d158b3def0..acad04243b41 100644 --- a/net/rds/send.c +++ b/net/rds/send.c @@ -941,7 +941,8 @@ static int rds_cmsg_zcopy(struct rds_sock *rs, struct rds_message *rm, { u32 *cookie; - if (cmsg->cmsg_len < CMSG_LEN(sizeof(*cookie))) + if (cmsg->cmsg_len < CMSG_LEN(sizeof(*cookie)) || + !rm->data.op_mmp_znotifier) return -EINVAL; cookie = CMSG_DATA(cmsg); rm->data.op_mmp_znotifier->z_cookie = *cookie; |