Web lists-archives.com

Re: [PATCH net] rds: Fix NULL pointer dereference in __rds_rdma_map




From: Håkon Bugge <Haakon.Bugge@xxxxxxxxxx>
Date: Wed,  6 Dec 2017 17:18:28 +0100

> This is a fix for syzkaller719569, where memory registration was
> attempted without any underlying transport being loaded.
> 
> Analysis of the case reveals that it is the setsockopt() RDS_GET_MR
> (2) and RDS_GET_MR_FOR_DEST (7) that are vulnerable.
> 
> Here is an example stack trace when the bug is hit:
 ...
> The fix is to check the existence of an underlying transport in
> __rds_rdma_map().
> 
> Signed-off-by: Håkon Bugge <haakon.bugge@xxxxxxxxxx>
> Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx>

Applied and queued up for -stable, thanks.