This is a note to let you know that I've just added the patch titled scsi: iscsi_tcp: restrict to TCP sockets to the 6.5-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: scsi-iscsi_tcp-restrict-to-tcp-sockets.patch and it can be found in the queue-6.5 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit d9c1240a5d1247dee93af74535f7d907c1fdcf0b Author: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Fri Sep 15 17:11:11 2023 +0000 scsi: iscsi_tcp: restrict to TCP sockets [ Upstream commit f4f82c52a0ead5ab363d207d06f81b967d09ffb8 ] Nothing prevents iscsi_sw_tcp_conn_bind() to receive file descriptor pointing to non TCP socket (af_unix for example). Return -EINVAL if this is attempted, instead of crashing the kernel. Fixes: 7ba247138907 ("[SCSI] open-iscsi/linux-iscsi-5 Initiator: Initiator code") Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Cc: Lee Duncan <lduncan@xxxxxxxx> Cc: Chris Leech <cleech@xxxxxxxxxx> Cc: Mike Christie <michael.christie@xxxxxxxxxx> Cc: "James E.J. Bottomley" <jejb@xxxxxxxxxxxxx> Cc: "Martin K. Petersen" <martin.petersen@xxxxxxxxxx> Cc: open-iscsi@xxxxxxxxxxxxxxxx Cc: linux-scsi@xxxxxxxxxxxxxxx Reviewed-by: Mike Christie <michael.christie@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c index 9ab8555180a3a..8e14cea15f980 100644 --- a/drivers/scsi/iscsi_tcp.c +++ b/drivers/scsi/iscsi_tcp.c @@ -724,6 +724,10 @@ iscsi_sw_tcp_conn_bind(struct iscsi_cls_session *cls_session, return -EEXIST; } + err = -EINVAL; + if (!sk_is_tcp(sock->sk)) + goto free_socket; + err = iscsi_conn_bind(cls_session, cls_conn, is_leading); if (err) goto free_socket;