[thirdparty/kernel/stable-queue.git] / releases / 3.4.77 / rds-prevent-dereference-of-a-null-device.patch

From foo@baz Mon Jan 13 09:28:30 PST 2014
From: Sasha Levin <sasha.levin@oracle.com>
Date: Wed, 18 Dec 2013 23:49:42 -0500
Subject: rds: prevent dereference of a NULL device

From: Sasha Levin <sasha.levin@oracle.com>

[ Upstream commit c2349758acf1874e4c2b93fe41d072336f1a31d0 ]

Binding might result in a NULL device, which is dereferenced
causing this BUG:

[ 1317.260548] BUG: unable to handle kernel NULL pointer dereference at 000000000000097
4
[ 1317.261847] IP: [<ffffffff84225f52>] rds_ib_laddr_check+0x82/0x110
[ 1317.263315] PGD 418bcb067 PUD 3ceb21067 PMD 0
[ 1317.263502] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 1317.264179] Dumping ftrace buffer:
[ 1317.264774]    (ftrace buffer empty)
[ 1317.265220] Modules linked in:
[ 1317.265824] CPU: 4 PID: 836 Comm: trinity-child46 Tainted: G        W    3.13.0-rc4-
next-20131218-sasha-00013-g2cebb9b-dirty #4159
[ 1317.267415] task: ffff8803ddf33000 ti: ffff8803cd31a000 task.ti: ffff8803cd31a000
[ 1317.268399] RIP: 0010:[<ffffffff84225f52>]  [<ffffffff84225f52>] rds_ib_laddr_check+
0x82/0x110
[ 1317.269670] RSP: 0000:ffff8803cd31bdf8  EFLAGS: 00010246
[ 1317.270230] RAX: 0000000000000000 RBX: ffff88020b0dd388 RCX: 0000000000000000
[ 1317.270230] RDX: ffffffff8439822e RSI: 00000000000c000a RDI: 0000000000000286
[ 1317.270230] RBP: ffff8803cd31be38 R08: 0000000000000000 R09: 0000000000000000
[ 1317.270230] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[ 1317.270230] R13: 0000000054086700 R14: 0000000000a25de0 R15: 0000000000000031
[ 1317.270230] FS:  00007ff40251d700(0000) GS:ffff88022e200000(0000) knlGS:000000000000
0000
[ 1317.270230] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 1317.270230] CR2: 0000000000000974 CR3: 00000003cd478000 CR4: 00000000000006e0
[ 1317.270230] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1317.270230] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000090602
[ 1317.270230] Stack:
[ 1317.270230]  0000000054086700 5408670000a25de0 5408670000000002 0000000000000000
[ 1317.270230]  ffffffff84223542 00000000ea54c767 0000000000000000 ffffffff86d26160
[ 1317.270230]  ffff8803cd31be68 ffffffff84223556 ffff8803cd31beb8 ffff8800c6765280
[ 1317.270230] Call Trace:
[ 1317.270230]  [<ffffffff84223542>] ? rds_trans_get_preferred+0x42/0xa0
[ 1317.270230]  [<ffffffff84223556>] rds_trans_get_preferred+0x56/0xa0
[ 1317.270230]  [<ffffffff8421c9c3>] rds_bind+0x73/0xf0
[ 1317.270230]  [<ffffffff83e4ce62>] SYSC_bind+0x92/0xf0
[ 1317.270230]  [<ffffffff812493f8>] ? context_tracking_user_exit+0xb8/0x1d0
[ 1317.270230]  [<ffffffff8119313d>] ? trace_hardirqs_on+0xd/0x10
[ 1317.270230]  [<ffffffff8107a852>] ? syscall_trace_enter+0x32/0x290
[ 1317.270230]  [<ffffffff83e4cece>] SyS_bind+0xe/0x10
[ 1317.270230]  [<ffffffff843a6ad0>] tracesys+0xdd/0xe2
[ 1317.270230] Code: 00 8b 45 cc 48 8d 75 d0 48 c7 45 d8 00 00 00 00 66 c7 45 d0 02 00
89 45 d4 48 89 df e8 78 49 76 ff 41 89 c4 85 c0 75 0c 48 8b 03 <80> b8 74 09 00 00 01 7
4 06 41 bc 9d ff ff ff f6 05 2a b6 c2 02
[ 1317.270230] RIP  [<ffffffff84225f52>] rds_ib_laddr_check+0x82/0x110
[ 1317.270230]  RSP <ffff8803cd31bdf8>
[ 1317.270230] CR2: 0000000000000974

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/rds/ib.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/net/rds/ib.c
+++ b/net/rds/ib.c
@@ -338,7 +338,8 @@ static int rds_ib_laddr_check(__be32 add
 	ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin);
 	/* due to this, we will claim to support iWARP devices unless we
 	   check node_type. */
-	if (ret || cm_id->device->node_type != RDMA_NODE_IB_CA)
+	if (ret || !cm_id->device ||
+	    cm_id->device->node_type != RDMA_NODE_IB_CA)
 		ret = -EADDRNOTAVAIL;
 
 	rdsdebug("addr %pI4 ret %d node type %d\n",
Commit	Line	Data
963efa89 GKH	1	From foo@baz Mon Jan 13 09:28:30 PST 2014
	2	From: Sasha Levin <sasha.levin@oracle.com>
	3	Date: Wed, 18 Dec 2013 23:49:42 -0500
	4	Subject: rds: prevent dereference of a NULL device
	5
	6	From: Sasha Levin <sasha.levin@oracle.com>
	7
	8	[ Upstream commit c2349758acf1874e4c2b93fe41d072336f1a31d0 ]
	9
	10	Binding might result in a NULL device, which is dereferenced
	11	causing this BUG:
	12
	13	[ 1317.260548] BUG: unable to handle kernel NULL pointer dereference at 000000000000097
	14	4
	15	[ 1317.261847] IP: [<ffffffff84225f52>] rds_ib_laddr_check+0x82/0x110
	16	[ 1317.263315] PGD 418bcb067 PUD 3ceb21067 PMD 0
	17	[ 1317.263502] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
	18	[ 1317.264179] Dumping ftrace buffer:
	19	[ 1317.264774] (ftrace buffer empty)
	20	[ 1317.265220] Modules linked in:
	21	[ 1317.265824] CPU: 4 PID: 836 Comm: trinity-child46 Tainted: G W 3.13.0-rc4-
	22	next-20131218-sasha-00013-g2cebb9b-dirty #4159
	23	[ 1317.267415] task: ffff8803ddf33000 ti: ffff8803cd31a000 task.ti: ffff8803cd31a000
	24	[ 1317.268399] RIP: 0010:[<ffffffff84225f52>] [<ffffffff84225f52>] rds_ib_laddr_check+
	25	0x82/0x110
	26	[ 1317.269670] RSP: 0000:ffff8803cd31bdf8 EFLAGS: 00010246
	27	[ 1317.270230] RAX: 0000000000000000 RBX: ffff88020b0dd388 RCX: 0000000000000000
	28	[ 1317.270230] RDX: ffffffff8439822e RSI: 00000000000c000a RDI: 0000000000000286
	29	[ 1317.270230] RBP: ffff8803cd31be38 R08: 0000000000000000 R09: 0000000000000000
	30	[ 1317.270230] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
	31	[ 1317.270230] R13: 0000000054086700 R14: 0000000000a25de0 R15: 0000000000000031
	32	[ 1317.270230] FS: 00007ff40251d700(0000) GS:ffff88022e200000(0000) knlGS:000000000000
	33	0000
	34	[ 1317.270230] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
	35	[ 1317.270230] CR2: 0000000000000974 CR3: 00000003cd478000 CR4: 00000000000006e0
	36	[ 1317.270230] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
	37	[ 1317.270230] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000090602
	38	[ 1317.270230] Stack:
	39	[ 1317.270230] 0000000054086700 5408670000a25de0 5408670000000002 0000000000000000
	40	[ 1317.270230] ffffffff84223542 00000000ea54c767 0000000000000000 ffffffff86d26160
	41	[ 1317.270230] ffff8803cd31be68 ffffffff84223556 ffff8803cd31beb8 ffff8800c6765280
	42	[ 1317.270230] Call Trace:
	43	[ 1317.270230] [<ffffffff84223542>] ? rds_trans_get_preferred+0x42/0xa0
	44	[ 1317.270230] [<ffffffff84223556>] rds_trans_get_preferred+0x56/0xa0
	45	[ 1317.270230] [<ffffffff8421c9c3>] rds_bind+0x73/0xf0
	46	[ 1317.270230] [<ffffffff83e4ce62>] SYSC_bind+0x92/0xf0
	47	[ 1317.270230] [<ffffffff812493f8>] ? context_tracking_user_exit+0xb8/0x1d0
	48	[ 1317.270230] [<ffffffff8119313d>] ? trace_hardirqs_on+0xd/0x10
	49	[ 1317.270230] [<ffffffff8107a852>] ? syscall_trace_enter+0x32/0x290
	50	[ 1317.270230] [<ffffffff83e4cece>] SyS_bind+0xe/0x10
	51	[ 1317.270230] [<ffffffff843a6ad0>] tracesys+0xdd/0xe2
	52	[ 1317.270230] Code: 00 8b 45 cc 48 8d 75 d0 48 c7 45 d8 00 00 00 00 66 c7 45 d0 02 00
	53	89 45 d4 48 89 df e8 78 49 76 ff 41 89 c4 85 c0 75 0c 48 8b 03 <80> b8 74 09 00 00 01 7
	54	4 06 41 bc 9d ff ff ff f6 05 2a b6 c2 02
	55	[ 1317.270230] RIP [<ffffffff84225f52>] rds_ib_laddr_check+0x82/0x110
	56	[ 1317.270230] RSP <ffff8803cd31bdf8>
	57	[ 1317.270230] CR2: 0000000000000974
	58
	59	Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
	60	Signed-off-by: David S. Miller <davem@davemloft.net>
	61	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	62	---
	63	net/rds/ib.c \| 3 ++-
	64	1 file changed, 2 insertions(+), 1 deletion(-)
65
66	--- a/net/rds/ib.c
67	+++ b/net/rds/ib.c
68	@@ -338,7 +338,8 @@ static int rds_ib_laddr_check(__be32 add
69	ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin);
70	/* due to this, we will claim to support iWARP devices unless we
71	check node_type. */
72	- if (ret \|\| cm_id->device->node_type != RDMA_NODE_IB_CA)
73	+ if (ret \|\| !cm_id->device \|\|
74	+ cm_id->device->node_type != RDMA_NODE_IB_CA)
75	ret = -EADDRNOTAVAIL;
76
77	rdsdebug("addr %pI4 ret %d node type %d\n",