-
由 Mike Christie 提交于
mainline inclusion from mainline-v6.2-rc6 commit f484a794 category: bugfix bugzilla: 188443, https://gitee.com/openeuler/kernel/issues/I6I8YD CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 ---------------------------------------- If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host's ipaddress attr. If we then free the session via iscsi_session_teardown() while userspace is still accessing the session we will hit a use after free bug. Set the tcp_sw_host->session after we have completed session creation and can no longer fail. Link: https://lore.kernel.org/r/20230117193937.21244-3-michael.christie@oracle.comSigned-off-by: NMike Christie <michael.christie@oracle.com> Reviewed-by: NLee Duncan <lduncan@suse.com> Acked-by: NDing Hui <dinghui@sangfor.com.cn> Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com> Signed-off-by: NZhong Jinghua <zhongjinghua@huawei.com> Reviewed-by: NHou Tao <houtao1@huawei.com> Signed-off-by: NJialin Zhang <zhangjialin11@huawei.com>
cd3d3b3c