From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx> This patch fixes a free after use bug in lio_target_make_nodeacl() during dynamic -> explict NodeACL conversion where iscsi_node_acl was incorrectly referencing memory from the original se_nacl_new allocation, instead of the pointer returned from core_tpg_add_initiator_node_acl() during the conversion. Cc: Andy Grover <agrover@xxxxxxxxxx> Cc: Christoph Hellwig <hch@xxxxxx> Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx> --- drivers/target/iscsi/iscsi_target_configfs.c | 6 ++---- 1 files changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/target/iscsi/iscsi_target_configfs.c b/drivers/target/iscsi/iscsi_target_configfs.c index 6b35b37..dcef63b 100644 --- a/drivers/target/iscsi/iscsi_target_configfs.c +++ b/drivers/target/iscsi/iscsi_target_configfs.c @@ -812,9 +812,6 @@ static struct se_node_acl *lio_target_make_nodeacl( if (!se_nacl_new) return ERR_PTR(-ENOMEM); - acl = container_of(se_nacl_new, struct iscsi_node_acl, - se_node_acl); - cmdsn_depth = ISCSI_TPG_ATTRIB(tpg)->default_cmdsn_depth; /* * se_nacl_new may be released by core_tpg_add_initiator_node_acl() @@ -825,7 +822,8 @@ static struct se_node_acl *lio_target_make_nodeacl( if (IS_ERR(se_nacl)) return se_nacl; - stats_cg = &acl->se_node_acl.acl_fabric_stat_group; + acl = container_of(se_nacl, struct iscsi_node_acl, se_node_acl); + stats_cg = &se_nacl->acl_fabric_stat_group; stats_cg->default_groups = kzalloc(sizeof(struct config_group) * 2, GFP_KERNEL); -- 1.7.2.5 -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
