4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Steve Wise <swise@xxxxxxxxxxxxxxxxxxxxx> commit f2625f7db4dd0bbd16a9c7d2950e7621f9aa57ad upstream. cma_accept_iw() needs to return an error if conn_params is NULL. Since this is coming from user space, we can crash. Reported-by: Shaobo He <shaobo@xxxxxxxxxxx> Acked-by: Sean Hefty <sean.hefty@xxxxxxxxx> Signed-off-by: Steve Wise <swise@xxxxxxxxxxxxxxxxxxxxx> Signed-off-by: Doug Ledford <dledford@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/infiniband/core/cma.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c @@ -3540,6 +3540,9 @@ static int cma_accept_iw(struct rdma_id_ struct iw_cm_conn_param iw_param; int ret; + if (!conn_param) + return -EINVAL; + ret = cma_modify_qp_rtr(id_priv, conn_param); if (ret) return ret;