Commit af5834c5 authored Jul 18, 2023 by Zhong Jinghua

scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()

mainline inclusion
from mainline-v6.3-rc6
commit 48b19b79
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7L8DZ?from=project-issue
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48b19b79cfa37b1e50da3b5a8af529f994c08901



----------------------------------------

The validity of sock should be checked before assignment to avoid incorrect
values. Commit 57569c37 ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref
while calling getpeername()") introduced this change which may lead to
inconsistent values of tcp_sw_conn->sendpage and conn->datadgst_en.

Fix the issue by moving the position of the assignment.

Fixes: 57569c37 ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()")
Signed-off-by: Zhong Jinghua <zhongjinghua@huawei.com>
Link: https://lore.kernel.org/r/20230329071739.2175268-1-zhongjinghua@huaweicloud.com


Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Zhong Jinghua <zhongjinghua@huawei.com>

parent 52afcca1

drivers/scsi/iscsi_tcp.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -729,13 +729,12 @@ static int iscsi_sw_tcp_conn_set_param(struct iscsi_cls_conn *cls_conn,
		iscsi_set_param(cls_conn, param, buf, buflen);
		break;
		case ISCSI_PARAM_DATADGST_EN:
		iscsi_set_param(cls_conn, param, buf, buflen);

		mutex_lock(&tcp_sw_conn->sock_lock);
		if (!tcp_sw_conn->sock) {
		mutex_unlock(&tcp_sw_conn->sock_lock);
		return -ENOTCONN;
		}
		iscsi_set_param(cls_conn, param, buf, buflen);
		tcp_sw_conn->sendpage = conn->datadgst_en ?
		sock_no_sendpage : tcp_sw_conn->sock->ops->sendpage;
		mutex_unlock(&tcp_sw_conn->sock_lock);