1 files changed, 38 insertions, 0 deletions
diff --git a/patches/cve/CVE-2018-5333-RDS-null-pointer-dereference-in-rds_atomic_free_op.patch b/patches/cve/CVE-2018-5333-RDS-null-pointer-dereference-in-rds_atomic_free_op.patch
new file mode 100644
index 0000000..0b3a5f9
--- /dev/null
+++ b/patches/cve/CVE-2018-5333-RDS-null-pointer-dereference-in-rds_atomic_free_op.patch
@@ -0,0 +1,38 @@
+From 5edbe3c0249f54578636b71377861d579b1781cf Mon Sep 17 00:00:00 2001
+From: Mohamed Ghannam <simo.ghannam@gmail.com>
+Date: Wed, 3 Jan 2018 21:06:06 +0000
+Subject: [PATCH] RDS: null pointer dereference in rds_atomic_free_op
+[ Upstream commit 7d11f77f84b27cef452cee332f4e469503084737 ]
+set rm->atomic.op_active to 0 when rds_pin_pages() fails
+or the user supplied address is invalid,
+this prevents a NULL pointer usage in rds_atomic_free_op()
+CVE: CVE-2018-5333
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=5edbe3c0249f54578636b71377861d579b1781cf]
+Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
+Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ net/rds/rdma.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/net/rds/rdma.c b/net/rds/rdma.c
+index 94729d9da437..634cfcb7bba6 100644
+--- a/net/rds/rdma.c
+++ b/net/rds/rdma.c
+@@ -877,6 +877,7 @@ int rds_cmsg_atomic(struct rds_sock *rs, struct rds_message *rm,
+ err:
+        if (page)
+                put_page(page);
+       rm->atomic.op_active = 0;
+        kfree(rm->atomic.op_notifier);
+ 
+        return ret;
+-- 
+2.20.1

diff --git a/patches/cve/CVE-2018-5333-RDS-null-pointer-dereference-in-rds_atomic_free_op.patch b/patches/cve/CVE-2018-5333-RDS-null-pointer-dereference-in-rds_atomic_free_op.patch new file mode 100644 index 0000000..0b3a5f9 --- /dev/null +++ b/patches/cve/CVE-2018-5333-RDS-null-pointer-dereference-in-rds_atomic_free_op.patch
@@ -0,0 +1,38 @@
	1	From 5edbe3c0249f54578636b71377861d579b1781cf Mon Sep 17 00:00:00 2001
	2	From: Mohamed Ghannam <simo.ghannam@gmail.com>
	3	Date: Wed, 3 Jan 2018 21:06:06 +0000
	4	Subject: [PATCH] RDS: null pointer dereference in rds_atomic_free_op
	5
	6	[ Upstream commit 7d11f77f84b27cef452cee332f4e469503084737 ]
	7
	8	set rm->atomic.op_active to 0 when rds_pin_pages() fails
	9	or the user supplied address is invalid,
	10	this prevents a NULL pointer usage in rds_atomic_free_op()
	11
	12	CVE: CVE-2018-5333
	13	Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=5edbe3c0249f54578636b71377861d579b1781cf]
	14
	15	Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
	16	Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
	17	Signed-off-by: David S. Miller <davem@davemloft.net>
	18	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	19	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
	20	---
	21	net/rds/rdma.c \| 1 +
	22	1 file changed, 1 insertion(+)
	23
	24	diff --git a/net/rds/rdma.c b/net/rds/rdma.c
	25	index 94729d9da437..634cfcb7bba6 100644
	26	--- a/net/rds/rdma.c
	27	+++ b/net/rds/rdma.c
	28	@@ -877,6 +877,7 @@ int rds_cmsg_atomic(struct rds_sock rs, struct rds_message rm,
	29	err:
	30	if (page)
	31	put_page(page);
	32	+ rm->atomic.op_active = 0;
	33	kfree(rm->atomic.op_notifier);
	34
	35	return ret;
	36	--
	37	2.20.1
	38