From: Steve Wise <sw...@opengridcomputing.com>
3.12-stable review patch. If anyone has any objections, please let me know.
===============
commit f2625f7db4dd0bbd16a9c7d2950e7621f9aa57ad upstream.
cma_accept_iw() needs to return an error if conn_params is NULL.
Since this is coming from user space, we can crash.
Reported-by: Shaobo He <sha...@cs.utah.edu>
Acked-by: Sean Hefty <sean.he...@intel.com>
Signed-off-by: Steve Wise <sw...@opengridcomputing.com>
Signed-off-by: Doug Ledford <dledf...@redhat.com>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
drivers/infiniband/core/cma.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 1429143301a7..ce6a1afcb410 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -2914,6 +2914,9 @@ static int cma_accept_iw(struct rdma_id_private *id_priv,
struct iw_cm_conn_param iw_param;
int ret;
+ if (!conn_param)
+ return -EINVAL;
+
ret = cma_modify_qp_rtr(id_priv, conn_param);
if (ret)
return ret;
--
2.12.0
