From f78cdbd75a57245ecc68f5a40e470933426a082b Mon Sep 17 00:00:00 2001 From: John Hubbard Date: Wed, 20 May 2020 12:41:47 -0700 Subject: [PATCH] rds: fix crash in rds_info_getsockopt() The conversion to pin_user_pages() had a bug: it overlooked the case of allocation of pages failing. Fix that by restoring an equivalent check. Reported-by: syzbot+118ac0af4ac7f785a45b@syzkaller.appspotmail.com Fixes: dbfe7d74376e ("rds: convert get_user_pages() --> pin_user_pages()") Cc: David S. Miller Cc: Jakub Kicinski Cc: netdev@vger.kernel.org Cc: linux-rdma@vger.kernel.org Cc: rds-devel@oss.oracle.com Signed-off-by: John Hubbard Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller --- net/rds/info.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/rds/info.c b/net/rds/info.c index e1d6356..b6b46a8 100644 --- a/net/rds/info.c +++ b/net/rds/info.c @@ -234,7 +234,8 @@ call_func: ret = -EFAULT; out: - unpin_user_pages(pages, nr_pages); + if (pages) + unpin_user_pages(pages, nr_pages); kfree(pages); return ret; -- 2.7.4