rds: rds_msg_zcopy should return error of null rm->data.op_mmp_znotifier

if either or both of MSG_ZEROCOPY and SOCK_ZEROCOPY have not been specified, the rm->data.op_mmp_znotifier allocation will be skipped. In this case, it is invalid ot pass down a cmsghdr with RDS_CMSG_ZCOPY_COOKIE, so return EINVAL from rds_msg_zcopy for this case. Reported-by: [email protected] Fixes: 0cebaccef3ac ("rds: zerocopy Tx support.") Signed-off-by: Sowmini Varadhan <[email protected]> Acked-by: Willem de Bruijn <[email protected]> Acked-by: Santosh Shilimkar <[email protected]> Signed-off-by: David S. Miller <[email protected]>
author: Sowmini Varadhan <[email protected]> 2018-02-22 13:40:27 -0800
committer: David S. Miller <[email protected]> 2018-02-23 12:30:52 -0500
commit: 79a5b9727a1cceacd49921b78425ebda91836bd6 (patch)
tree: e03e5079d90724f8191618d5983afdc09868d356
parent: 9dbe7896d95af114fcb5554b53cf796ca9293b13 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/rds/send.c b/net/rds/send.c
index 79d158b3def0..acad04243b41 100644
--- a/net/rds/send.c
+++ b/net/rds/send.c
@@ -941,7 +941,8 @@ static int rds_cmsg_zcopy(struct rds_sock *rs, struct rds_message *rm,
 {
 	u32 *cookie;
 
-	if (cmsg->cmsg_len < CMSG_LEN(sizeof(*cookie)))
+	if (cmsg->cmsg_len < CMSG_LEN(sizeof(*cookie)) ||
+	    !rm->data.op_mmp_znotifier)
 		return -EINVAL;
 	cookie = CMSG_DATA(cmsg);
 	rm->data.op_mmp_znotifier->z_cookie = *cookie;
author	Sowmini Varadhan <[email protected]>	2018-02-22 13:40:27 -0800
committer	David S. Miller <[email protected]>	2018-02-23 12:30:52 -0500
commit	79a5b9727a1cceacd49921b78425ebda91836bd6 (patch)
tree	e03e5079d90724f8191618d5983afdc09868d356
parent	9dbe7896d95af114fcb5554b53cf796ca9293b13 (diff)