4.4-stable review patch. If anyone has any objections, please let me know.
------------------ From: Steve Wise <[email protected]> commit f2625f7db4dd0bbd16a9c7d2950e7621f9aa57ad upstream. cma_accept_iw() needs to return an error if conn_params is NULL. Since this is coming from user space, we can crash. Reported-by: Shaobo He <[email protected]> Acked-by: Sean Hefty <[email protected]> Signed-off-by: Steve Wise <[email protected]> Signed-off-by: Doug Ledford <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- drivers/infiniband/core/cma.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c @@ -3349,6 +3349,9 @@ static int cma_accept_iw(struct rdma_id_ struct iw_cm_conn_param iw_param; int ret; + if (!conn_param) + return -EINVAL; + ret = cma_modify_qp_rtr(id_priv, conn_param); if (ret) return ret;
