From: Mohamed Ghannam
set rm->atomic.op_active to 0 when rds_pin_pages() fails
or the user supplied address is invalid,
this prevents a NULL pointer usage in rds_atomic_free_op()
Signed-off-by: Mohamed Ghannam
---
net/rds/rdma.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/rds/rdma.
From: Mohamed Ghannam
When args->nr_local is 0, nr_pages gets also 0 due some size
calculation via rds_rm_size(), which is later used to allocate
pages for DMA, this bug produces a heap Out-Of-Bound write access
to a specific memory region.
Signed-off-by: Mohamed Ghannam
---
net/rds/rdma.c | 3
From: Mohamed Ghannam
inet->hdrincl is racy, and could lead to uninitialized stack pointer
usage, so its value should be read only once.
Signed-off-by: Mohamed Ghannam
---
net/ipv4/raw.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/raw.c b/net/i
From: Mohamed Ghannam
Whenever the sock object is in DCCP_CLOSED state,
dccp_disconnect() must free dccps_hc_tx_ccid and
dccps_hc_rx_ccid and set to NULL.
Signed-off-by: Mohamed Ghannam
---
net/dccp/proto.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/net/dccp/proto.c b/net/dccp/pr
From: Mohamed Ghannam
Whenever the sock object is in DCCP_CLOSED state,
dccp_disconnect() must free dccps_hc_tx_ccid and
dccps_hc_rx_ccid and set to NULL.
Signed-off-by: Mohamed Ghannam
---
net/dccp/proto.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/net/dc
From: Mohamed Ghannam
Whenever the sock object is in DCCP_CLOSED state, dccp_disconnect()
must free
dccps_hc_tx_ccid and dccps_hc_rx_ccid and set to NULL.
Signed-off-by: Mohamed Ghannam
---
net/dccp/proto.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/net/dccp/pro
From: Mohamed Ghannam
Whenever the sock object is in DCCP_CLOSED state, dccp_disconnect()
must free
dccps_hc_tx_ccid and dccps_hc_rx_ccid and set to NULL.
Signed-off-by: Mohamed Ghannam
---
net/dccp/proto.c | 4
1 file changed, 4 insertions(+)
diff --git a/net/dccp/prot
