From: Maurizio Lombardi <mlombard@redhat.com>
To: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: jayamohan.kallickal@avagotech.com, ketan.mukadam@avagotech.com,
sony.john@avagotech.com, linux-scsi@vger.kernel.org
Subject: Re: [PATCH] be2iscsi: set the boot_kset pointer to NULL in case of failure
Date: Tue, 8 Mar 2016 11:28:13 +0100 [thread overview]
Message-ID: <56DEA93D.30206@redhat.com> (raw)
In-Reply-To: <yq137s1zpwz.fsf@sermon.lab.mkp.net>
On 03/08/2016 03:03 AM, Martin K. Petersen wrote:
>>>>>> "Maurizio" == Maurizio Lombardi <mlombard@redhat.com> writes:
>
> Maurizio,
>
> Maurizio> In beiscsi_setup_boot_info(), the boot_kset pointer should be
> Maurizio> set to NULL in case of failure otherwise an invalid pointer
> Maurizio> dereference may occur later.
>
> iscsi_boot_destroy_kset() checks before deref and the other use location
> just checks to see whether it's NULL. Are there places in the core iSCSI
> code that use this without checking?
1) At the beginning of the beiscsi_setup_boot_info() function there is
the following check:
----------
/* it has been created previously */
if (phba->boot_kset)
return 0;
----------
If the function fails and the boot_kset pointer is not set to NULL,
subsequent calls to beiscsi_setup_boot_info() will incorrectly return
success because it assumes that the boot_kset pointer is valid.
2) it is true that iscsi_boot_destroy_kset() checks whether the pointer is NULL
or not, but it the kset has been already destroyed and the pointer is not set to
NULL, then it will dereference an invalid pointer.
Regards,
Maurizio
next prev parent reply other threads:[~2016-03-08 10:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-04 9:41 [PATCH] be2iscsi: set the boot_kset pointer to NULL in case of failure Maurizio Lombardi
2016-03-04 11:36 ` Johannes Thumshirn
2016-03-07 2:26 ` Jitendra Bhivare
2016-03-08 2:03 ` Martin K. Petersen
2016-03-08 10:28 ` Maurizio Lombardi [this message]
2016-03-09 1:52 ` Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DEA93D.30206@redhat.com \
--to=mlombard@redhat.com \
--cc=jayamohan.kallickal@avagotech.com \
--cc=ketan.mukadam@avagotech.com \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=sony.john@avagotech.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).