RDS: null pointer dereference in rds_atomic_free_op

set rm->atomic.op_active to 0 when rds_pin_pages() fails
or the user supplied address is invalid,
this prevents a NULL pointer usage in rds_atomic_free_op()

Signed-off-by: Mohamed Ghannam <[email protected]>
Acked-by: Santosh Shilimkar <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
(cherry picked from commit 7d11f77)

CVE: CVE-2018-5333
Orabug: 28020561

Reviewed-by: Shan Hai <[email protected]>
Signed-off-by: Allen Pais <[email protected]>

Author: 0x36

net/rds/rdma.c

@@ -844,6 +844,7 @@ int rds_cmsg_atomic(struct rds_sock *rs, struct rds_message *rm,
 err:
 	if (page)
 		put_page(page);
+	rm->atomic.op_active = 0;
 	kfree(rm->atomic.op_notifier);
 
 	return ret;