drivers/scsi/libiscsi.c | 23 +++++--- drivers/scsi/scsi_transport_iscsi.c | 90 +++++++++++++++-------------- include/scsi/scsi_transport_iscsi.h | 5 +- 3 files changed, 66 insertions(+), 52 deletions(-)
We found a NULL pointer dereference in iscsi_sw_tcp_conn_get_param(), the root reason is we did sysfs addition wrong. The origin implement do device setup in iscsi_create_conn() which bind the alloc/init and add in one function; do device teardown in iscsi_destroy_conn() which bind remove and free in one function. This implement makes it impossible to initialize resources of device before add it to sysfs during setup. So this patchset splict both the setup and teradown of iscsi_cls_conn to 2 steps. For setup flow, we should call iscsi_alloc_conn() and initialize some resources, then call iscsi_add_conn(). For teradown flow, we should call iscsi_remove_conn() to remove device and free resources which related to iscsi_cls_conn, then call iscsi_put_conn() to free iscsi_cls_conn. V2 -> V3: * Fix some bugs and optimization the code implement. V1 -> V2: * add two more iscsi_free_conn() and iscsi_remove_conn() than V1 * change the teardown flow of iscsi_cls_conn Wenchao Hao (3): scsi: iscsi: Add helper functions to manage iscsi_cls_conn scsi:libiscsi: Add iscsi_cls_conn to sysfs after been initialized scsi:libiscsi: teradown iscsi_cls_conn gracefully drivers/scsi/libiscsi.c | 23 +++++--- drivers/scsi/scsi_transport_iscsi.c | 90 +++++++++++++++-------------- include/scsi/scsi_transport_iscsi.h | 5 +- 3 files changed, 66 insertions(+), 52 deletions(-) -- 2.32.0
On 2022/3/10 9:57, Wenchao Hao wrote: > We found a NULL pointer dereference in iscsi_sw_tcp_conn_get_param(), > the root reason is we did sysfs addition wrong. > > The origin implement do device setup in iscsi_create_conn() which > bind the alloc/init and add in one function; do device teardown in > iscsi_destroy_conn() which bind remove and free in one function. > > This implement makes it impossible to initialize resources of device > before add it to sysfs during setup. > > So this patchset splict both the setup and teradown of iscsi_cls_conn to > 2 steps. > > For setup flow, we should call iscsi_alloc_conn() and initialize some > resources, then call iscsi_add_conn(). > > For teradown flow, we should call iscsi_remove_conn() to remove device > and free resources which related to iscsi_cls_conn, then call > iscsi_put_conn() to free iscsi_cls_conn. > Friendly ping... > V2 -> V3: > * Fix some bugs and optimization the code implement. > > V1 -> V2: > * add two more iscsi_free_conn() and iscsi_remove_conn() than V1 > * change the teardown flow of iscsi_cls_conn > > Wenchao Hao (3): > scsi: iscsi: Add helper functions to manage iscsi_cls_conn > scsi:libiscsi: Add iscsi_cls_conn to sysfs after been initialized > scsi:libiscsi: teradown iscsi_cls_conn gracefully > > drivers/scsi/libiscsi.c | 23 +++++--- > drivers/scsi/scsi_transport_iscsi.c | 90 +++++++++++++++-------------- > include/scsi/scsi_transport_iscsi.h | 5 +- > 3 files changed, 66 insertions(+), 52 deletions(-) >
On 3/9/22 7:57 PM, Wenchao Hao wrote: > We found a NULL pointer dereference in iscsi_sw_tcp_conn_get_param(), > the root reason is we did sysfs addition wrong. > > The origin implement do device setup in iscsi_create_conn() which > bind the alloc/init and add in one function; do device teardown in > iscsi_destroy_conn() which bind remove and free in one function. > > This implement makes it impossible to initialize resources of device > before add it to sysfs during setup. > > So this patchset splict both the setup and teradown of iscsi_cls_conn to > 2 steps. > > For setup flow, we should call iscsi_alloc_conn() and initialize some > resources, then call iscsi_add_conn(). > > For teradown flow, we should call iscsi_remove_conn() to remove device > and free resources which related to iscsi_cls_conn, then call > iscsi_put_conn() to free iscsi_cls_conn. > > V2 -> V3: > * Fix some bugs and optimization the code implement. > > V1 -> V2: > * add two more iscsi_free_conn() and iscsi_remove_conn() than V1 > * change the teardown flow of iscsi_cls_conn > > Wenchao Hao (3): > scsi: iscsi: Add helper functions to manage iscsi_cls_conn > scsi:libiscsi: Add iscsi_cls_conn to sysfs after been initialized > scsi:libiscsi: teradown iscsi_cls_conn gracefully > > drivers/scsi/libiscsi.c | 23 +++++--- > drivers/scsi/scsi_transport_iscsi.c | 90 +++++++++++++++-------------- > include/scsi/scsi_transport_iscsi.h | 5 +- > 3 files changed, 66 insertions(+), 52 deletions(-) > Nice. Thanks. Reviewed-by: Mike Christie <michael.christie@oracle.com>
Wenchao, > We found a NULL pointer dereference in iscsi_sw_tcp_conn_get_param(), > the root reason is we did sysfs addition wrong. Applied to 5.18/scsi-staging, thanks! -- Martin K. Petersen Oracle Linux Engineering
On Wed, 9 Mar 2022 20:57:56 -0500, Wenchao Hao wrote:
> We found a NULL pointer dereference in iscsi_sw_tcp_conn_get_param(),
> the root reason is we did sysfs addition wrong.
>
> The origin implement do device setup in iscsi_create_conn() which
> bind the alloc/init and add in one function; do device teardown in
> iscsi_destroy_conn() which bind remove and free in one function.
>
> [...]
Applied to 5.18/scsi-queue, thanks!
[1/3] scsi: iscsi: Add helper functions to manage iscsi_cls_conn
https://git.kernel.org/mkp/scsi/c/ad515cada7da
[2/3] scsi:libiscsi: Add iscsi_cls_conn to sysfs after been initialized
https://git.kernel.org/mkp/scsi/c/7dae459f5e56
[3/3] scsi:libiscsi: teradown iscsi_cls_conn gracefully
https://git.kernel.org/mkp/scsi/c/8709c323091b
--
Martin K. Petersen Oracle Linux Engineering
© 2016 - 2026 Red Hat, Inc.