This is a note to let you know that I've just added the patch titled
iscsi-target: Fix memory corruption in iscsit_logout_post_handler_diffcid
to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
iscsi-target-fix-memory-corruption-in-iscsit_logout_post_handler_diffcid.patch
and it can be found in the queue-3.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From b53b0d99d6fbf7d44330395349a895521cfdbc96 Mon Sep 17 00:00:00 2001
From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
Date: Wed, 17 Sep 2014 11:45:17 -0700
Subject: iscsi-target: Fix memory corruption in iscsit_logout_post_handler_diffcid
From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
commit b53b0d99d6fbf7d44330395349a895521cfdbc96 upstream.
This patch fixes a bug in iscsit_logout_post_handler_diffcid() where
a pointer used as storage for list_for_each_entry() was incorrectly
being used to determine if no matching entry had been found.
This patch changes iscsit_logout_post_handler_diffcid() to key off
bool conn_found to determine if the function needs to exit early.
Reported-by: Joern Engel <joern@xxxxxxxxx>
Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/target/iscsi/iscsi_target.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -4513,6 +4513,7 @@ static void iscsit_logout_post_handler_d
{
struct iscsi_conn *l_conn;
struct iscsi_session *sess = conn->sess;
+ bool conn_found = false;
if (!sess)
return;
@@ -4521,12 +4522,13 @@ static void iscsit_logout_post_handler_d
list_for_each_entry(l_conn, &sess->sess_conn_list, conn_list) {
if (l_conn->cid == cid) {
iscsit_inc_conn_usage_count(l_conn);
+ conn_found = true;
break;
}
}
spin_unlock_bh(&sess->conn_lock);
- if (!l_conn)
+ if (!conn_found)
return;
if (l_conn->sock)
Patches currently in stable-queue which might be from nab@xxxxxxxxxxxxxxx are
queue-3.14/target-iser-get-isert_conn-reference-once-got-to-connected_handler.patch
queue-3.14/iscsi-target-fix-memory-corruption-in-iscsit_logout_post_handler_diffcid.patch
queue-3.14/target-fix-inverted-logic-in-se_dev_alua_support_state_store.patch
queue-3.14/iscsi-target-avoid-null-pointer-in-iscsi_copy_param_list-failure.patch
queue-3.14/target-iser-don-t-put-isert_conn-inside-disconnected-handler.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html