From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Varun Prakash <varun@chelsio.com>,
Nicholas Bellinger <nab@linux-iscsi.org>
Subject: [PATCH 4.4 03/23] iscsi-target: fix memory leak in iscsit_setup_text_cmd()
Date: Mon, 14 Aug 2017 18:18:20 -0700 [thread overview]
Message-ID: <20170815011754.369399454@linuxfoundation.org> (raw)
In-Reply-To: <20170815011754.234902525@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Varun Prakash <varun@chelsio.com>
commit ea8dc5b4cd2195ee582cae28afa4164c6dea1738 upstream.
On receiving text request iscsi-target allocates buffer for
payload in iscsit_handle_text_cmd() and assigns buffer pointer
to cmd->text_in_ptr, this buffer is currently freed in
iscsit_release_cmd(), if iscsi-target sets 'C' bit in text
response then it will receive another text request from the
initiator with ttt != 0xffffffff in this case iscsi-target
will find cmd using itt and call iscsit_setup_text_cmd()
which will set cmd->text_in_ptr to NULL without freeing
previously allocated buffer.
This patch fixes this issue by calling kfree(cmd->text_in_ptr)
in iscsit_setup_text_cmd() before assigning NULL to it.
For the first text request cmd->text_in_ptr is NULL as
cmd is memset to 0 in iscsit_allocate_cmd().
Signed-off-by: Varun Prakash <varun@chelsio.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/target/iscsi/iscsi_target.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -1996,6 +1996,7 @@ iscsit_setup_text_cmd(struct iscsi_conn
cmd->cmd_sn = be32_to_cpu(hdr->cmdsn);
cmd->exp_stat_sn = be32_to_cpu(hdr->exp_statsn);
cmd->data_direction = DMA_NONE;
+ kfree(cmd->text_in_ptr);
cmd->text_in_ptr = NULL;
return 0;
next prev parent reply other threads:[~2017-08-15 1:19 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-15 1:18 [PATCH 4.4 00/23] 4.4.83-stable review Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 01/23] cpuset: fix a deadlock due to incomplete patching of cpusets_enabled() Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 02/23] mm: ratelimit PFNs busy info message Greg Kroah-Hartman
2017-08-15 1:18 ` Greg Kroah-Hartman [this message]
2017-08-15 1:18 ` [PATCH 4.4 04/23] iscsi-target: Fix iscsi_np reset hung task during parallel delete Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 05/23] fuse: initialize the flock flag in fuse_file on allocation Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 06/23] nfs/flexfiles: fix leak of nfs4_ff_ds_version arrays Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 07/23] USB: serial: option: add D-Link DWM-222 device ID Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 08/23] USB: serial: cp210x: add support for Qivicon USB ZigBee dongle Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 09/23] USB: serial: pl2303: add new ATEN device id Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 10/23] usb: musb: fix tx fifo flush handling again Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 11/23] USB: hcd: Mark secondary HCD as dead if the primary one died Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 12/23] staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 13/23] iio: accel: bmc150: Always restore device to normal mode after suspend-resume Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 14/23] iio: light: tsl2563: use correct event code Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 15/23] uas: Add US_FL_IGNORE_RESIDUE for Initio Corporation INIC-3069 Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 16/23] USB: Check for dropped connection before switching to full speed Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 17/23] usb: core: unlink urbs from the tail of the endpoints urb_list Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 18/23] usb: quirks: Add no-lpm quirk for Moshi USB to Ethernet Adapter Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 19/23] usb:xhci:Add quirk for Certain failing HP keyboard on reset after resume Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 20/23] iio: adc: vf610_adc: Fix VALT selection value for REFSEL bits Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 21/23] pnfs/blocklayout: require 64-bit sector_t Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 22/23] pinctrl: sunxi: add a missing function of A10/A20 pinctrl driver Greg Kroah-Hartman
2017-08-15 1:18 ` [PATCH 4.4 23/23] pinctrl: samsung: Remove bogus irq_[un]mask from resource management Greg Kroah-Hartman
2017-08-15 1:18 ` Greg Kroah-Hartman
2017-08-15 10:42 ` [PATCH 4.4 00/23] 4.4.83-stable review Guenter Roeck
2017-08-15 18:08 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170815011754.369399454@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nab@linux-iscsi.org \
--cc=stable@vger.kernel.org \
--cc=varun@chelsio.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.