RDMA/netlink: OOPs in rdma_nl_rcv_msg() from misinterpreted flag

[sfrench/cifs-2.6.git] / drivers / infiniband / core / netlink.c

diff --git a/drivers/infiniband/core/netlink.c b/drivers/infiniband/core/netlink.c
index b12e58787c3ddc9f87d80e500392740336bfa362..1fb72c356e36ccc77fc3d97e384a238d9fa6d2f9 100644 (file)
--- a/drivers/infiniband/core/netlink.c
+++ b/drivers/infiniband/core/netlink.c
@@ -175,13 +175,24 @@ static int rdma_nl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
            !netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
 
+       /*
+        * LS responses overload the 0x100 (NLM_F_ROOT) flag.  Don't
+        * mistakenly call the .dump() function.
+        */
+       if (index == RDMA_NL_LS) {
+               if (cb_table[op].doit)
+                       return cb_table[op].doit(skb, nlh, extack);
+               return -EINVAL;
+       }
        /* FIXME: Convert IWCM to properly handle doit callbacks */
        if ((nlh->nlmsg_flags & NLM_F_DUMP) || index == RDMA_NL_RDMA_CM ||
            index == RDMA_NL_IWCM) {
                struct netlink_dump_control c = {
                        .dump = cb_table[op].dump,
                };
-               return netlink_dump_start(nls, skb, nlh, &c);
+               if (c.dump)
+                       return netlink_dump_start(nls, skb, nlh, &c);
+               return -EINVAL;
        }
 
        if (cb_table[op].doit)