From: Lee Duncan <lduncan@suse.com>
To: stgt@vger.kernel.org
Subject: [PATCH] Handle access of a target that has been removed
Date: Tue, 13 Oct 2015 11:10:17 -0700 [thread overview]
Message-ID: <561D4909.8040006@suse.com> (raw)
Hello:
I recently got a report of a tgtd core dump from our opencloud
group. The stack trace showed that a strcmp against a NULL was causing
the failure:
----------------------------------------------------------------
Program terminated with signal 11, Segmentation fault.
(gdb) bt
#0 0x00007fa701817576 in __strcmp_sse42 () from /lib64/libc.so.6
#1 0x0000000000408012 in target_find_by_name (
name=0x6ac16f "iqn.2010-10.org.openstack:volume-e812c705-80bc-4064-a84c-5559cda8b1ca") at iscsi/target.c:216
#2 0x0000000000406042 in login_start (conn=0x6abea8) at iscsi/iscsid.c:478
#3 0x0000000000406e77 in cmnd_exec_login (conn=<optimized out>)
at iscsi/iscsid.c:654
#4 cmnd_execute (conn=<optimized out>) at iscsi/iscsid.c:914
#5 iscsi_rx_handler (conn=0x6abea8) at iscsi/iscsid.c:2064
#6 0x0000000000409e98 in iscsi_tcp_event_handler (fd=<optimized out>,
events=1, data=0x63a480 <target_list>) at iscsi/iscsi_tcp.c:158
#7 0x0000000000418f1e in event_loop () at tgtd.c:272
#8 0x0000000000419405 in main (argc=1, argv=<optimized out>) at tgtd.c:438
----------------------------------------------------------------
It looks like target_find_by_name() uses tgt_targetname(), but doesn't
account for the fact that it can return a NULL when the target being
looked up does not (now) exist:
----------------------------------------------------------------
char *tgt_targetname(int tid)
{
struct target *target;
target = target_lookup(tid);
if (!target)
return NULL;
return target->name;
}
----------------------------------------------------------------
I propose the following patch to address this:
---
diff --git a/usr/iscsi/target.c b/usr/iscsi/target.c
index 7afd7fd0ba87..b0a36e7de7b4 100644
--- a/usr/iscsi/target.c
+++ b/usr/iscsi/target.c
@@ -369,9 +369,11 @@ void target_list_build(struct iscsi_connection *conn, char *addr, char *name)
struct iscsi_target *target_find_by_name(const char *name)
{
struct iscsi_target *target;
+ char *tname;
list_for_each_entry(target, &iscsi_targets_list, tlist) {
- if (!strcmp(tgt_targetname(target->tid), name))
+ tname = tgt_targetname(target->tid);
+ if (tname && !strcmp(tname, name))
return target;
}
--
Lee Duncan
next reply other threads:[~2015-10-13 18:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-13 18:10 Lee Duncan [this message]
2015-10-17 12:57 ` [PATCH] Handle access of a target that has been removed FUJITA Tomonori
2015-10-19 15:56 ` Lee Duncan
2015-10-28 5:28 ` FUJITA Tomonori
2015-11-13 19:15 ` Lee Duncan
2015-11-26 5:06 ` Lee Duncan
2015-11-27 5:56 ` FUJITA Tomonori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=561D4909.8040006@suse.com \
--to=lduncan@suse.com \
--cc=stgt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.