FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-16 05:50:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

IB/iser: Fix error flow in iser ep connection establishment

Browse Source 
The current error flow code was releasing the IB connection object and
calling iscsi_destroy_endpoint() directly without going through the
reference counting mechanism introduced in commit 39ff05d ("IB/iser:
Enhance disconnection logic for multi-pathing"). This resulted in a
double free of the iscsi endpoint object, which causes a kernel NULL
pointer dereference.  Fix that by plugging into the IB conn reference
counting correctly.

Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
This commit is contained in:
Or Gerlitz 2012-04-29 17:04:21 +03:00 committed by Roland Dreier
parent d48b97b403
commit 7d9c0de4ab
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/infiniband/ulp/iser/iscsi_iser.c
View File

@ -573,10 +573,9 @@ iscsi_iser_ep_connect(struct Scsi_Host *shost, struct sockaddr *dst_addr,
err = iser_connect(ib_conn, NULL, (struct sockaddr_in *)dst_addr,
non_blocking);
if (err) {
iscsi_destroy_endpoint(ep);
if (err)
return ERR_PTR(err);
}
return ep;
}

3
drivers/infiniband/ulp/iser/iser_verbs.c
View File

@ -613,8 +613,9 @@ id_failure:
ib_conn->cma_id = NULL;
addr_failure:
ib_conn->state = ISER_CONN_DOWN;
iser_conn_put(ib_conn, 1); /* deref ib conn's cma id */
connect_failure:
iser_conn_release(ib_conn, 1);
iser_conn_put(ib_conn, 1); /* deref ib conn deallocate */
return err;
}