Commit 6492c6bf authored by Wenchao Hao's avatar Wenchao Hao Committed by Zheng Zengkai
Browse files

scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization 

mainline inclusion
from mainline-v5.18-rc1
commit 7dae459f
category: bugfix
bugzilla: 187381, https://gitee.com/openeuler/kernel/issues/I5LBBP
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7dae459f5e56a89ab01413ae055595c982713349

--------------------------------

iscsi_create_conn() exposed iscsi_cls_conn to sysfs prior to initialization
of iscsi_conn's dd_data. When userspace tried to access an attribute such
as the connect address, a NULL pointer dereference was observed.

Do not add iscsi_cls_conn to sysfs until it has been initialized.  Remove
iscsi_create_conn() since it is no longer used.

Link: https://lore.kernel.org/r/20220310015759.3296841-3-haowenchao@huawei.com


Reviewed-by: default avatarMike Christie <michael.christie@oracle.com>
Signed-off-by: default avatarWenchao Hao <haowenchao@huawei.com>
Signed-off-by: default avatarWu Bo <wubo40@huawei.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>

Conflict: iscsi_create_conn() is not removed
Signed-off-by: default avatarYu Kuai <yukuai3@huawei.com>
Reviewed-by: default avatarJason Yan <yanaijie@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 9b846090

drivers/scsi/libiscsi.c

+11 −2
Original line number Diff line number Diff line
@@ -3032,8 +3032,9 @@ iscsi_conn_setup(struct iscsi_cls_session *cls_session, int dd_size, 
	struct iscsi_conn *conn;

	struct iscsi_cls_conn *cls_conn;

	char *data;

	int err;



	cls_conn = iscsi_create_conn(cls_session, sizeof(*conn) + dd_size,

	cls_conn = iscsi_alloc_conn(cls_session, sizeof(*conn) + dd_size,

				     conn_idx);

	if (!cls_conn)

		return NULL;
@@ -3073,13 +3074,21 @@ iscsi_conn_setup(struct iscsi_cls_session *cls_session, int dd_size, 


	init_waitqueue_head(&session->ehwait);



	err = iscsi_add_conn(cls_conn);

	if (err)

		goto login_task_add_dev_fail;



	return cls_conn;



login_task_add_dev_fail:

	free_pages((unsigned long) conn->data,

		   get_order(ISCSI_DEF_MAX_RECV_SEG_LEN));



login_task_data_alloc_fail:

	kfifo_in(&session->cmdpool.queue, (void*)&conn->login_task,

		    sizeof(void*));

login_task_alloc_fail:

	iscsi_destroy_conn(cls_conn);

	iscsi_put_conn(cls_conn);

	return NULL;

}

EXPORT_SYMBOL_GPL(iscsi_conn_setup);