Re: [PATCH net] rds: Fix NULL pointer dereference in __rds_rdma_map
- Date: Wed, 06 Dec 2017 15:45:03 -0500 (EST)
- From: David Miller <davem@xxxxxxxxxxxxx>
- Subject: Re: [PATCH net] rds: Fix NULL pointer dereference in __rds_rdma_map
From: Håkon Bugge <Haakon.Bugge@xxxxxxxxxx>
Date: Wed, 6 Dec 2017 17:18:28 +0100
> This is a fix for syzkaller719569, where memory registration was
> attempted without any underlying transport being loaded.
> Analysis of the case reveals that it is the setsockopt() RDS_GET_MR
> (2) and RDS_GET_MR_FOR_DEST (7) that are vulnerable.
> Here is an example stack trace when the bug is hit:
> The fix is to check the existence of an underlying transport in
> Signed-off-by: Håkon Bugge <haakon.bugge@xxxxxxxxxx>
> Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx>
Applied and queued up for -stable, thanks.