subject:"\[PATCH\] libiscsi\: Fix use\-after\-free race during iscsi_session

Re: [PATCH] libiscsi: Fix use-after-free race during iscsi_session_teardown

2017-07-13 Thread kbuild test robot

Hi Khazhismel,

[auto build test WARNING on mkp-scsi/for-next]
[also build test WARNING on v4.12 next-20170713]
[if your patch is applied to the wrong git tree, please drop us a note to help 
improve the system]

url:
https://github.com/0day-ci/linux/commits/Khazhismel-Kumykov/libiscsi-Fix-use-after-free-race-during-iscsi_session_teardown/20170713-231300
base:   https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next
config: xtensa-allyesconfig (attached as .config)
compiler: xtensa-linux-gcc (GCC) 4.9.0
reproduce:
wget 
https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross -O 
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=xtensa 

All warnings (new ones prefixed by >>):

   drivers//scsi/libiscsi.c: In function 'iscsi_session_teardown':
>> drivers//scsi/libiscsi.c:2863:2: warning: passing argument 1 of 
>> 'iscsi_remove_session' from incompatible pointer type
 iscsi_remove_session(session);
 ^
   In file included from drivers//scsi/libiscsi.c:41:0:
   include/scsi/scsi_transport_iscsi.h:435:13: note: expected 'struct 
iscsi_cls_session *' but argument is of type 'struct iscsi_session *'
extern void iscsi_remove_session(struct iscsi_cls_session *session);
^

vim +/iscsi_remove_session +2863 drivers//scsi/libiscsi.c

  2850  
  2851  /**
  2852   * iscsi_session_teardown - destroy session, host, and cls_session
  2853   * @cls_session: iscsi session
  2854   */
  2855  void iscsi_session_teardown(struct iscsi_cls_session *cls_session)
  2856  {
  2857  struct iscsi_session *session = cls_session->dd_data;
  2858  struct module *owner = cls_session->transport->owner;
  2859  struct Scsi_Host *shost = session->host;
  2860  
  2861  iscsi_pool_free(&session->cmdpool);
  2862  
> 2863  iscsi_remove_session(session);
  2864  
  2865  kfree(session->password);
  2866  kfree(session->password_in);
  2867  kfree(session->username);
  2868  kfree(session->username_in);
  2869  kfree(session->targetname);
  2870  kfree(session->targetalias);
  2871  kfree(session->initiatorname);
  2872  kfree(session->boot_root);
  2873  kfree(session->boot_nic);
  2874  kfree(session->boot_target);
  2875  kfree(session->ifacename);
  2876  kfree(session->portal_type);
  2877  kfree(session->discovery_parent_type);
  2878  
  2879  iscsi_free_session(cls_session);
  2880  
  2881  iscsi_host_dec_session_cnt(shost);
  2882  module_put(owner);
  2883  }
  2884  EXPORT_SYMBOL_GPL(iscsi_session_teardown);
  2885  

---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all   Intel Corporation


.config.gz
Description: application/gzip

Re: [PATCH] libiscsi: Fix use-after-free race during iscsi_session_teardown

2017-07-13 Thread kbuild test robot

Hi Khazhismel,

[auto build test ERROR on mkp-scsi/for-next]
[also build test ERROR on v4.12 next-20170713]
[if your patch is applied to the wrong git tree, please drop us a note to help 
improve the system]

url:
https://github.com/0day-ci/linux/commits/Khazhismel-Kumykov/libiscsi-Fix-use-after-free-race-during-iscsi_session_teardown/20170713-231300
base:   https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next
config: i386-randconfig-x018-201728 (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
# save the attached .config to linux build tree
make ARCH=i386 

All errors (new ones prefixed by >>):

   drivers//scsi/libiscsi.c: In function 'iscsi_session_teardown':
>> drivers//scsi/libiscsi.c:2863:23: error: passing argument 1 of 
>> 'iscsi_remove_session' from incompatible pointer type 
>> [-Werror=incompatible-pointer-types]
 iscsi_remove_session(session);
  ^~~
   In file included from drivers//scsi/libiscsi.c:41:0:
   include/scsi/scsi_transport_iscsi.h:435:13: note: expected 'struct 
iscsi_cls_session *' but argument is of type 'struct iscsi_session *'
extern void iscsi_remove_session(struct iscsi_cls_session *session);
^~~~
   cc1: some warnings being treated as errors

vim +/iscsi_remove_session +2863 drivers//scsi/libiscsi.c

  2850  
  2851  /**
  2852   * iscsi_session_teardown - destroy session, host, and cls_session
  2853   * @cls_session: iscsi session
  2854   */
  2855  void iscsi_session_teardown(struct iscsi_cls_session *cls_session)
  2856  {
  2857  struct iscsi_session *session = cls_session->dd_data;
  2858  struct module *owner = cls_session->transport->owner;
  2859  struct Scsi_Host *shost = session->host;
  2860  
  2861  iscsi_pool_free(&session->cmdpool);
  2862  
> 2863  iscsi_remove_session(session);
  2864  
  2865  kfree(session->password);
  2866  kfree(session->password_in);
  2867  kfree(session->username);
  2868  kfree(session->username_in);
  2869  kfree(session->targetname);
  2870  kfree(session->targetalias);
  2871  kfree(session->initiatorname);
  2872  kfree(session->boot_root);
  2873  kfree(session->boot_nic);
  2874  kfree(session->boot_target);
  2875  kfree(session->ifacename);
  2876  kfree(session->portal_type);
  2877  kfree(session->discovery_parent_type);
  2878  
  2879  iscsi_free_session(cls_session);
  2880  
  2881  iscsi_host_dec_session_cnt(shost);
  2882  module_put(owner);
  2883  }
  2884  EXPORT_SYMBOL_GPL(iscsi_session_teardown);
  2885  

---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all   Intel Corporation


.config.gz
Description: application/gzip

[PATCH] libiscsi: Fix use-after-free race during iscsi_session_teardown

2017-07-12 Thread Khazhismel Kumykov

Session attributes exposed through sysfs were freed before the device
was destroyed, resulting in a potential use-after-free. Free these
attributes after removing the device.

Signed-off-by: Khazhismel Kumykov 
---
 drivers/scsi/libiscsi.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
index 42381adf0769..f9199bebaec7 100644
--- a/drivers/scsi/libiscsi.c
+++ b/drivers/scsi/libiscsi.c
@@ -2851,9 +2851,6 @@ EXPORT_SYMBOL_GPL(iscsi_session_setup);
 /**
  * iscsi_session_teardown - destroy session, host, and cls_session
  * @cls_session: iscsi session
- *
- * The driver must have called iscsi_remove_session before
- * calling this.
  */
 void iscsi_session_teardown(struct iscsi_cls_session *cls_session)
 {
@@ -2863,6 +2860,8 @@ void iscsi_session_teardown(struct iscsi_cls_session 
*cls_session)
 
iscsi_pool_free(&session->cmdpool);
 
+   iscsi_remove_session(session);
+
kfree(session->password);
kfree(session->password_in);
kfree(session->username);
@@ -2877,7 +2876,8 @@ void iscsi_session_teardown(struct iscsi_cls_session 
*cls_session)
kfree(session->portal_type);
kfree(session->discovery_parent_type);
 
-   iscsi_destroy_session(cls_session);
+   iscsi_free_session(cls_session);
+
iscsi_host_dec_session_cnt(shost);
module_put(owner);
 }
-- 
2.13.2.932.g7449e964c-goog



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [PATCH] libiscsi: Fix use-after-free race during iscsi_session_teardown

Re: [PATCH] libiscsi: Fix use-after-free race during iscsi_session_teardown

[PATCH] libiscsi: Fix use-after-free race during iscsi_session_teardown

3 matches

Site Navigation

Mail list logo

Footer information