[Bug 106251] New: there exists a wrong return value of function iscsi_if_recv_msg() when iscsi_lookup_endpoint() fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://bugzilla.kernel.org/show_bug.cgi?id=106251

            Bug ID: 106251
           Summary: there exists a wrong return value of function
                    iscsi_if_recv_msg() when iscsi_lookup_endpoint() fails
           Product: SCSI Drivers
           Version: 2.5
    Kernel Version: 4.2
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Other
          Assignee: scsi_drivers-other@xxxxxxxxxxxxxxxxxxxx
          Reporter: rucsoftsec@xxxxxxxxx
        Regression: No

In function iscsi_if_recv_msg() at drivers/scsi/scsi_transport_iscsi.c:3491,
the call to iscsi_lookup_endpoint() in line 3575 may fail, and thus function
iscsi_if_recv_msg() will return the value of variable 'err'. And, the function
iscsi_if_recv_msg() will return 0 at last when it runs well. So the function
iscsi_if_recv_msg() will return 0 to its caller functions when it runs error
because of the failing call to iscsi_lookup_endpoint(), leading to a wrong
return value in function iscsi_if_recv_msg().
The related code snippets in iscsi_if_recv_msg() are as following.
iscsi_if_recv_msg @@ drivers/scsi/scsi_transport_iscsi.c:3491
3491 static int
3492 iscsi_if_recv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, uint32_t
*group)
3493 {
3494         int err = 0;
                     ......
3575                 ep = iscsi_lookup_endpoint(ev->u.b_conn.transport_eph);
3576                 if (ep) {
3577                         ep->conn = conn;
3578 
3579                         mutex_lock(&conn->ep_mutex);
3580                         conn->ep = ep;
3581                         mutex_unlock(&conn->ep_mutex);
3582                 } else
3583                         iscsi_cls_conn_printk(KERN_ERR, conn,
3584                                               "Could not set ep conn "
3585                                               "binding\n");
3586                 break;
                     ......
3679         return err;
3680 }


Generally, the return value of caller functions which call function
iscsi_lookup_endpoint() shall be set to a negative number when the call to
iscsi_lookup_endpoint() fails, like the following codes in another file.
beiscsi_conn_bind @@ drivers/scsi/be2iscsi/be_iscsi.c:195
195 int beiscsi_conn_bind(struct iscsi_cls_session *cls_session,
196                       struct iscsi_cls_conn *cls_conn,
197                       u64 transport_fd, int is_leading)
198 {
            ......
208         ep = iscsi_lookup_endpoint(transport_fd);
209         if (!ep)
210                 return -EINVAL;
            ......
238 }

Thank you

RUC_Soft_Sec

-- 
You are receiving this mail because:
You are watching the assignee of the bug.--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux