[SCSI] iscsi_tcp: stop leaking r2t_info's when the incoming R2T is bad

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Linux Kernel Mailing List

Subject: [SCSI] iscsi_tcp: stop leaking r2t_info's when the incoming R2T is bad

Date: Friday, January 25, 2008 - 7:06 pm

Gitweb:     http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=03766a...
Commit:     03766a1d4e4520066d3ed2097bfdf6e606aba828
Parent:     a8ac6311cc21d78fa284cd43f56df2063f536bf1
Author:     Olaf Kirch <olaf.kirch@oracle.com>
AuthorDate: Thu Dec 13 12:43:36 2007 -0600
Committer:  James Bottomley <James.Bottomley@HansenPartnership.com>
CommitDate: Fri Jan 11 18:28:43 2008 -0600

    [SCSI] iscsi_tcp: stop leaking r2t_info's when the incoming R2T is bad
    
    iscsi_r2t_rsp checks the incoming R2T for sanity, and if it
    thinks it's fishy, it will drop it silently. In this case, we
    leaked an r2t_info object. If we do this often enough, we run
    into a BUG_ON some time later.
    
    Removed r2t wrappers and update patch by Mike Christie
    
    Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
    Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
    Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
 drivers/scsi/iscsi_tcp.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c
index 7212fe9..ecba606 100644
--- a/drivers/scsi/iscsi_tcp.c
+++ b/drivers/scsi/iscsi_tcp.c
@@ -658,6 +658,8 @@ iscsi_r2t_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
 	r2t->data_length = be32_to_cpu(rhdr->data_length);
 	if (r2t->data_length == 0) {
 		printk(KERN_ERR "iscsi_tcp: invalid R2T with zero data len\n");
+		__kfifo_put(tcp_ctask->r2tpool.queue, (void*)&r2t,
+			    sizeof(void*));
 		spin_unlock(&session->lock);
 		return ISCSI_ERR_DATALEN;
 	}
@@ -669,10 +671,12 @@ iscsi_r2t_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
 
 	r2t->data_offset = be32_to_cpu(rhdr->data_offset);
 	if (r2t->data_offset + r2t->data_length > scsi_bufflen(ctask->sc)) {
-		spin_unlock(&session->lock);
 		printk(KERN_ERR "iscsi_tcp: invalid R2T with data len %u at "
 		       "offset %u and total length %d\n", r2t->data_length,
 		       r2t->data_offset, scsi_bufflen(ctask->sc));
+		__kfifo_put(tcp_ctask->r2tpool.queue, (void*)&r2t,
+			    sizeof(void*));
+		spin_unlock(&session->lock);
 		return ISCSI_ERR_DATALEN;
 	}
 
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[SCSI] iscsi_tcp: stop leaking r2t_info's when the incomin ..., Linux Kernel Mailing ..., (Fri Jan 25, 7:06 pm)


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Matthew Garrett	Re: [PATCH] Enable speedstep for sonoma processors.
Mauro Carvalho Chehab	Re: [PATCH 1/2] media: Add timberdale video-in driver
Peter Zijlstra	[PATCH 23/30] netvm: skb processing
Greg Kroah-Hartman	[PATCH 21/28] cgroupfs: create /sys/fs/cgroup to mount cgroupfs on
git:
Jan Hudec	Re: GIT push to sftp (feature request)
Steffen Prohaska	[PATCH 0/4] core.ignorecase
Johannes Schindelin	Re: Git checkout preserve timestamp?
Linus Torvalds	[PATCH 1/7] Make unpack_trees_options bit flags actual bitfields
Johan Herland	Re: What's cooking in git.git (Oct 2010, #01; Wed, 13)
linux-netdev:
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Richard Cochran	Re: [PATCH v3 3/3] ptp: Added a clock that uses the eTSEC found on the MPC85xx.
Jan Engelhardt	Re: [PATCH] Fix netfilter xt_time's time_mt()'s use of do_div()
Herbert Xu	Re: [RFC PATCH 00/17] virtual-bus
Jeff Kirsher	Re: [net-next-2.6 PATCH] e1000e: don't inadvertently re-set INTX_DISABLE
git-commits-head:
Linux Kernel Mailing List	ALSA: hda - Enable beep on Realtek codecs with PCI SSID override
Linux Kernel Mailing List	Use path_put() in a few places instead of {mnt,d}put()
Linux Kernel Mailing List	mv643xx_eth: use sw csum for big packets
Linux Kernel Mailing List	arm: fix HAVE_CLK merge goof
Linux Kernel Mailing List	arm: convert pcm037 platform to use smsc911x
freebsd-current:
David Wolfskill	"interrupt storm..."; seems associated with an0 NIC
Andriy Gapon	Re: letting glabel recognise a media change
Garrett Cooper	Re: Only display ACPI bootmenu key if ACPI is present
Pyun YongHyeon	CFT: msk(4) Rx checksum offloading support
FreeBSD Tinderbox	[head tinderbox] failure on sparc64/sparc64