tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

net/rds: Check laddr_check before calling it

In rds_bind(), laddr_check is called without checking if it is NULL or
not. And rs_transport should be reset if rds_add_bound() fails.

Fixes: c5c1a030a7db ("net/rds: An rds_sock is added too early to the hash table")
Reported-by: syzbot+fae39afd2101a17ec624@syzkaller.appspotmail.com
Signed-off-by: Ka-Cheong Poon <ka-cheong.poon@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Ka-Cheong Poon and committed by
David S. Miller 05733434 4e1e83be

+4 -1
+4 -1
net/rds/bind.c
··· 244 244 */ 245 245 if (rs->rs_transport) { 246 246 trans = rs->rs_transport; 247 - if (trans->laddr_check(sock_net(sock->sk), 247 + if (!trans->laddr_check || 248 + trans->laddr_check(sock_net(sock->sk), 248 249 binding_addr, scope_id) != 0) { 249 250 ret = -ENOPROTOOPT; 250 251 goto out; ··· 264 263 265 264 sock_set_flag(sk, SOCK_RCU_FREE); 266 265 ret = rds_add_bound(rs, binding_addr, &port, scope_id); 266 + if (ret) 267 + rs->rs_transport = NULL; 267 268 268 269 out: 269 270 release_sock(sk);