From patchwork Wed May 20 19:41:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Hubbard X-Patchwork-Id: 11561121 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 858AD913 for ; Wed, 20 May 2020 19:41:54 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 49259207D8 for ; Wed, 20 May 2020 19:41:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=nvidia.com header.i=@nvidia.com header.b="Usr87tV7" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 49259207D8 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=nvidia.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 7D88A80007; Wed, 20 May 2020 15:41:53 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 76374900002; Wed, 20 May 2020 15:41:53 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 629F480007; Wed, 20 May 2020 15:41:53 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0176.hostedemail.com [216.40.44.176]) by kanga.kvack.org (Postfix) with ESMTP id 472A0900002 for ; Wed, 20 May 2020 15:41:53 -0400 (EDT) Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 0459E180AD815 for ; Wed, 20 May 2020 19:41:52 +0000 (UTC) X-FDA: 76838117706.22.band14_67af47588e33b X-Spam-Summary: 1,0,0,,d41d8cd98f00b204,jhubbard@nvidia.com,,RULES_HIT:30051:30054:30064:30070,0,RBL:216.228.121.65:@nvidia.com:.lbl8.mailshell.net-64.10.201.10 62.18.0.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:ft,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:23,LUA_SUMMARY:none X-HE-Tag: band14_67af47588e33b X-Filterd-Recvd-Size: 3733 Received: from hqnvemgate26.nvidia.com (hqnvemgate26.nvidia.com [216.228.121.65]) by imf13.hostedemail.com (Postfix) with ESMTP for ; Wed, 20 May 2020 19:41:52 +0000 (UTC) Received: from hqpgpgate101.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate26.nvidia.com (using TLS: TLSv1.2, DES-CBC3-SHA) id ; Wed, 20 May 2020 12:41:38 -0700 Received: from hqmail.nvidia.com ([172.20.161.6]) by hqpgpgate101.nvidia.com (PGP Universal service); Wed, 20 May 2020 12:41:51 -0700 X-PGP-Universal: processed; by hqpgpgate101.nvidia.com on Wed, 20 May 2020 12:41:51 -0700 Received: from HQMAIL109.nvidia.com (172.20.187.15) by HQMAIL101.nvidia.com (172.20.187.10) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 20 May 2020 19:41:50 +0000 Received: from rnnvemgw01.nvidia.com (10.128.109.123) by HQMAIL109.nvidia.com (172.20.187.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 20 May 2020 19:41:50 +0000 Received: from sandstorm.nvidia.com (Not Verified[10.2.48.182]) by rnnvemgw01.nvidia.com with Trustwave SEG (v7,5,8,10121) id ; Wed, 20 May 2020 12:41:49 -0700 From: John Hubbard To: CC: , , , , , , , , , , Subject: [PATCH] rds: fix crash in rds_info_getsockopt() Date: Wed, 20 May 2020 12:41:47 -0700 Message-ID: <20200520194147.127137-1-jhubbard@nvidia.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <00000000000000d71e05a6185662@google.com> References: <00000000000000d71e05a6185662@google.com> MIME-Version: 1.0 X-NVConfidentiality: public DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1590003698; bh=BDc/TGIweZ3py3sn3bABD+UZSkqou30hrSEE7VKAsls=; h=X-PGP-Universal:From:To:CC:Subject:Date:Message-ID:X-Mailer: In-Reply-To:References:MIME-Version:X-NVConfidentiality: Content-Transfer-Encoding:Content-Type; b=Usr87tV7HeZqbUmbIRIvw15CSaVc3ECl1mv4frv1GaPVCn0N+XWQUYPrPeBLsI5Kj qEFSsUaJEllygpY4GjniXqBJg/DC7Mf0b1FgsyP1o56Ts56pRSC41uDR3uCE0/cDdD ycoaKbA8edjJPxfZFkjABe2Gu5KhC2w87pS0BowsUUDhWcuWIa5+axkCpH+YwQcc35 doFGfTOmtwNfhdTSd7J1ml+udns7lKS0zqOtBZ7zAY1mgaPwjiJentF/DV7gIHnI+y 8y8DUkl5Z4LAYmsiLoMbqyJlqkcFKaA4b//8wFK1xz37dfYxfF+Fw3UtD7+X1RaXKx 90vuJWTA+inPA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The conversion to pin_user_pages() had a bug: it overlooked the case of allocation of pages failing. Fix that by restoring an equivalent check. Reported-by: syzbot+118ac0af4ac7f785a45b@syzkaller.appspotmail.com Fixes: dbfe7d74376e ("rds: convert get_user_pages() --> pin_user_pages()") Cc: David S. Miller Cc: Jakub Kicinski Cc: netdev@vger.kernel.org Cc: linux-rdma@vger.kernel.org Cc: rds-devel@oss.oracle.com Signed-off-by: John Hubbard Acked-by: Santosh Shilimkar --- net/rds/info.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/rds/info.c b/net/rds/info.c index e1d63563e81c..b6b46a8214a0 100644 --- a/net/rds/info.c +++ b/net/rds/info.c @@ -234,7 +234,8 @@ int rds_info_getsockopt(struct socket *sock, int optname, char __user *optval, ret = -EFAULT; out: - unpin_user_pages(pages, nr_pages); + if (pages) + unpin_user_pages(pages, nr_pages); kfree(pages); return ret;