From: David Howells <dhowe...@redhat.com>
Date: Tue, 02 Jul 2019 15:59:12 +0100
> If sendmsg() or sendmmsg() is called on a connected socket that hasn't had
> bind() called on it, then an oops will occur when the kernel tries to
> connect the call because no local endpoint has been allocated.
>
> Fix this by implicitly binding the socket if it is in the
> RXRPC_CLIENT_UNBOUND state, just like it does for the RXRPC_UNBOUND state.
>
> Further, the state should be transitioned to RXRPC_CLIENT_BOUND after this
> to prevent further attempts to bind it.
>
> This can be tested with:
...
> Leading to the following oops:
...
> Fixes: 2341e0775747 ("rxrpc: Simplify connect() implementation and simplify
> sendmsg() op")
> Reported-by: syzbot+7966f2a0b2c7da893...@syzkaller.appspotmail.com
> Signed-off-by: David Howells <dhowe...@redhat.com>
> Reviewed-by: Marc Dionne <marc.dio...@auristor.com>
Applied and queued up for -stable, thanks.
