net/rds: An rds_sock is added too early to the hash table - linux/linux-stable.git

diff options

author	Ka-Cheong Poon <ka-cheong.poon@oracle.com>	2019-09-11 02:58:05 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-10-01 08:26:13 +0200
commit	3de749d6d7cee11bbbe00090f4a285b759a406ab (patch)
tree	01c800866aa7b25d2cb9e9807657ed2e528785c9 /net/unix/sysctl_net_unix.c
parent	07f7ec87b5f6e1c9d954e967e971efa696ecb018 (diff)

net/rds: An rds_sock is added too early to the hash table

[ Upstream commit c5c1a030a7dbf8dd4e1fa4405ae9a89dc1d2a8db ] In rds_bind(), an rds_sock is added to the RDS bind hash table before rs_transport is set. This means that the socket can be found by the receive code path when rs_transport is NULL. And the receive code path de-references rs_transport for congestion update check. This can cause a panic. An rds_sock should not be added to the bind hash table before all the needed fields are set. Reported-by: syzbot+4b4f8163c2e246df3c4c@syzkaller.appspotmail.com Signed-off-by: Ka-Cheong Poon <ka-cheong.poon@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'net/unix/sysctl_net_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: