Commit cc6fb9a6 authored by Mike Christie's avatar Mike Christie Committed by Yongqiang Liu
Browse files

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress 

mainline inclusion
from mainline-v6.2-rc6
commit f484a794
category: bugfix
bugzilla: 188443, https://gitee.com/openeuler/kernel/issues/I6I8YD
CVE: NA

----------------------------------------

If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails,
userspace could be accessing the host's ipaddress attr. If we then free the
session via iscsi_session_teardown() while userspace is still accessing the
session we will hit a use after free bug.

Set the tcp_sw_host->session after we have completed session creation and
can no longer fail.

Link: https://lore.kernel.org/r/20230117193937.21244-3-michael.christie@oracle.com


Signed-off-by: default avatarMike Christie <michael.christie@oracle.com>
Reviewed-by: default avatarLee Duncan <lduncan@suse.com>
Acked-by: default avatarDing Hui <dinghui@sangfor.com.cn>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: default avatarZhong Jinghua <zhongjinghua@huawei.com>
Reviewed-by: default avatarHou Tao <houtao1@huawei.com>
Signed-off-by: default avatarYongqiang Liu <liuyongqiang13@huawei.com>
parent 3835c5e9
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment