[PATCH 4/9] iscsi update: set deamon pid earlier

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>From michaelc@xxxxxxxxxxx:

If the transport lookup fails we set the daemon pid too late.
This can cause us deadlock since the netlink code will think we
meant to call back into our iscsi_if_rx function.

Signed-off-by: Mike Christie <michaelc@xxxxxxxxxxx>
Signed-off-by: Alex Aizman <itn780@xxxxxxxxx>
Signed-off-by: Dmitry Yusupov <dmitry_yus@xxxxxxxxx>



diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
index 448fd78..7fb6918 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -846,9 +846,6 @@ iscsi_if_recv_msg(struct sk_buff *skb, s
 	struct iscsi_cls_session *session;
 	struct iscsi_cls_conn *conn;
 
-	if (NETLINK_CREDS(skb)->uid)
-		return -EPERM;
-
 	priv = iscsi_if_transport_lookup(iscsi_ptr(ev->transport_handle));
 	if (!priv)
 		return -EINVAL;
@@ -857,8 +854,6 @@ iscsi_if_recv_msg(struct sk_buff *skb, s
 	if (!try_module_get(transport->owner))
 		return -EINVAL;
 
-	daemon_pid = NETLINK_CREDS(skb)->pid;
-
 	switch (nlh->nlmsg_type) {
 	case ISCSI_UEVENT_CREATE_SESSION:
 		err = iscsi_if_create_session(priv, ev);
@@ -934,7 +929,7 @@ iscsi_if_recv_msg(struct sk_buff *skb, s
 
 /* Get message from skb (based on rtnetlink_rcv_skb).  Each message is
  * processed by iscsi_if_recv_msg.  Malformed skbs with wrong length are
- * discarded silently.  */
+ * or invalid creds discarded silently.  */
 static void
 iscsi_if_rx(struct sock *sk, int len)
 {
@@ -942,6 +937,12 @@ iscsi_if_rx(struct sock *sk, int len)
 
 	mutex_lock(&rx_queue_mutex);
 	while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
+		if (NETLINK_CREDS(skb)->uid) {
+			skb_pull(skb, skb->len);
+			goto free_skb;
+		}
+		daemon_pid = NETLINK_CREDS(skb)->pid;
+
 		while (skb->len >= NLMSG_SPACE(0)) {
 			int err;
 			uint32_t rlen;
@@ -953,10 +954,12 @@ iscsi_if_rx(struct sock *sk, int len)
 			    skb->len < nlh->nlmsg_len) {
 				break;
 			}
+
 			ev = NLMSG_DATA(nlh);
 			rlen = NLMSG_ALIGN(nlh->nlmsg_len);
 			if (rlen > skb->len)
 				rlen = skb->len;
+
 			err = iscsi_if_recv_msg(skb, nlh);
 			if (err) {
 				ev->type = ISCSI_KEVENT_IF_ERROR;
@@ -980,6 +983,7 @@ iscsi_if_rx(struct sock *sk, int len)
 			} while (err < 0 && err != -ECONNREFUSED);
 			skb_pull(skb, rlen);
 		}
+free_skb:
 		kfree_skb(skb);
 	}
 	mutex_unlock(&rx_queue_mutex);


-
: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux