Re: [PATCH] scsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/20/22 3:35 AM, Li Jinlin wrote:
> 
> On 2022/8/8 0:58, Mike Christie wrote:
> 
>> @@ -763,8 +768,15 @@ static int iscsi_sw_tcp_conn_set_param(struct iscsi_cls_conn *cls_conn,
>>  		break;
>>  	case ISCSI_PARAM_DATADGST_EN:
>>  		iscsi_set_param(cls_conn, param, buf, buflen);
>> +
>> +		mutex_lock(&tcp_sw_conn->sock_lock);
>> +		if (!tcp_sw_conn->sock) {
>> +			mutex_unlock(&tcp_sw_conn->sock_lock);
>> +			return -ENOTCONN;
>> +		}
>>  		tcp_sw_conn->sendpage = conn->datadgst_en ?
>>  			sock_no_sendpage : tcp_sw_conn->sock->ops->sendpage;
>> +		mutex_unlock(&tcp_sw_conn->sock_lock);
>>  		break;
>>  	case ISCSI_PARAM_MAX_R2T:
>>  		return iscsi_tcp_set_max_r2t(conn, buf);
>> @@ -789,14 +801,12 @@ static int iscsi_sw_tcp_conn_get_param(struct iscsi_cls_conn *cls_conn,
>>  	case ISCSI_PARAM_CONN_PORT:
>>  	case ISCSI_PARAM_CONN_ADDRESS:
>>  	case ISCSI_PARAM_LOCAL_PORT:
>> -		spin_lock_bh(&conn->session->frwd_lock);
>> -		if (!tcp_sw_conn || !tcp_sw_conn->sock) {
>> -			spin_unlock_bh(&conn->session->frwd_lock);
>> +		mutex_lock(&tcp_sw_conn->sock_lock);
> 
> In iscsi_tcp_conn_setup(), cls_conn was setup before initializing
> tcp_sw_conn. So tcp_sw_conn may be NULL in here, need to add a check.
> 
You're right. Instead of a check I'm going to split the rest of the
iscsi*conn_setup functions so we have a alloc and an add. We can then
do the sysfs exposure correctly.

Will resend.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux