提交 3722873a 编写于 作者: Z Zhong Jinghua

scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()

mainline inclusion
from mainline-v6.3-rc6
commit 48b19b79
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7L8DZ?from=project-issue
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48b19b79cfa37b1e50da3b5a8af529f994c08901

----------------------------------------

The validity of sock should be checked before assignment to avoid incorrect
values. Commit 57569c37 ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref
while calling getpeername()") introduced this change which may lead to
inconsistent values of tcp_sw_conn->sendpage and conn->datadgst_en.

Fix the issue by moving the position of the assignment.

Fixes: 57569c37 ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()")
Signed-off-by: NZhong Jinghua <zhongjinghua@huawei.com>
Link: https://lore.kernel.org/r/20230329071739.2175268-1-zhongjinghua@huaweicloud.comReviewed-by: NMike Christie <michael.christie@oracle.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: NZhong Jinghua <zhongjinghua@huawei.com>
上级 80e7361a
...@@ -729,13 +729,12 @@ static int iscsi_sw_tcp_conn_set_param(struct iscsi_cls_conn *cls_conn, ...@@ -729,13 +729,12 @@ static int iscsi_sw_tcp_conn_set_param(struct iscsi_cls_conn *cls_conn,
iscsi_set_param(cls_conn, param, buf, buflen); iscsi_set_param(cls_conn, param, buf, buflen);
break; break;
case ISCSI_PARAM_DATADGST_EN: case ISCSI_PARAM_DATADGST_EN:
iscsi_set_param(cls_conn, param, buf, buflen);
mutex_lock(&tcp_sw_conn->sock_lock); mutex_lock(&tcp_sw_conn->sock_lock);
if (!tcp_sw_conn->sock) { if (!tcp_sw_conn->sock) {
mutex_unlock(&tcp_sw_conn->sock_lock); mutex_unlock(&tcp_sw_conn->sock_lock);
return -ENOTCONN; return -ENOTCONN;
} }
iscsi_set_param(cls_conn, param, buf, buflen);
tcp_sw_conn->sendpage = conn->datadgst_en ? tcp_sw_conn->sendpage = conn->datadgst_en ?
sock_no_sendpage : tcp_sw_conn->sock->ops->sendpage; sock_no_sendpage : tcp_sw_conn->sock->ops->sendpage;
mutex_unlock(&tcp_sw_conn->sock_lock); mutex_unlock(&tcp_sw_conn->sock_lock);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册