mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 04:47:05 +00:00
Code Issues Releases Wiki Activity
No description
1127244 commits 105 branches 5097 tags 5.5 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Maurizio Lombardi 1533b8b305 scsi: target: iscsi: Fix a race condition between login_work and the login thread 
[ Upstream commit fec1b2fa62 ]

In case a malicious initiator sends some random data immediately after a
login PDU; the iscsi_target_sk_data_ready() callback will schedule the
login_work and, at the same time, the negotiation may end without clearing
the LOGIN_FLAGS_INITIAL_PDU flag (because no additional PDU exchanges are
required to complete the login).

The login has been completed but the login_work function will find the
LOGIN_FLAGS_INITIAL_PDU flag set and will never stop from rescheduling
itself; at this point, if the initiator drops the connection, the
iscsit_conn structure will be freed, login_work will dereference a released
socket structure and the kernel crashes.

BUG: kernel NULL pointer dereference, address: 0000000000000230
PF: supervisor write access in kernel mode
PF: error_code(0x0002) - not-present page
Workqueue: events iscsi_target_do_login_rx [iscsi_target_mod]
RIP: 0010:_raw_read_lock_bh+0x15/0x30
Call trace:
 iscsi_target_do_login_rx+0x75/0x3f0 [iscsi_target_mod]
 process_one_work+0x1e8/0x3c0

Fix this bug by forcing login_work to stop after the login has been
completed and the socket callbacks have been restored.

Add a comment to clearify the return values of iscsi_target_do_login()

Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
Link: https://lore.kernel.org/r/20221115125638.102517-1-mlombard@redhat.com
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-12-31 13:26:48 +01:00
arch x86/apic: Handle no CONFIG_X86_X2APIC on systems with x2APIC enabled by BIOS 2022-12-31 13:26:41 +01:00
block blk-mq: fix possible memleak when register 'hctx' failed 2022-12-31 13:26:45 +01:00
certs certs: make system keyring depend on built-in x509 parser 2022-09-24 04:31:18 +09:00
crypto crypto: tcrypt - Fix multibuffer skcipher speed test mem leak 2022-12-31 13:26:20 +01:00
Documentation dt-bindings: mfd: qcom,spmi-pmic: Drop PWM reg dependency 2022-12-31 13:26:36 +01:00
drivers scsi: target: iscsi: Fix a race condition between login_work and the login thread 2022-12-31 13:26:48 +01:00
fs hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() 2022-12-31 13:26:47 +01:00
include Bluetooth: Add quirk to disable MWS Transport Configuration 2022-12-31 13:26:47 +01:00
init init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash 2022-12-02 17:43:11 +01:00
io_uring io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() 2022-12-14 11:40:53 +01:00
ipc ipc: fix memory leak in init_mqueue_fs() 2022-12-31 13:25:48 +01:00
kernel bpf: Prevent decl_tag from being referenced in func_proto arg 2022-12-31 13:26:45 +01:00
lib test_firmware: fix memory leak in test_firmware_init() 2022-12-31 13:26:26 +01:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm tmpfs: fix data loss from failed fallocate 2022-12-14 11:40:52 +01:00
net Bluetooth: Add quirk to disable MWS Transport Configuration 2022-12-31 13:26:47 +01:00
samples samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() 2022-12-31 13:26:28 +01:00
scripts scripts/faddr2line: Fix regression in name resolution on ppc64le 2022-12-08 11:30:14 +01:00
security apparmor: Fix memleak in alloc_ns() 2022-12-31 13:26:17 +01:00
sound ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table 2022-12-31 13:26:46 +01:00
tools selftests/bpf: Fix conflicts with built-in functions in bpf_iter_ksym 2022-12-31 13:26:46 +01:00
usr Not a lot of material this cycle. Many singleton patches against various 2022-05-27 11:22:03 -07:00
virt KVM: Update gfn_to_pfn_cache khva when it moves within the same page 2022-12-02 17:43:13 +01:00
.clang-format inet: ping: use hlist_nulls rcu iterator during lookup 2022-12-14 11:40:58 +01:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: split the second line of *.mod into *.usyms 2022-05-08 03:16:59 +09:00
.mailmap Qualcomm ARM64 DTS fixes for 6.0 2022-09-23 16:44:37 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS drm for 5.20/6.0 2022-08-03 19:52:08 -07:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS One MAINTAINERS update, two MM fixes, both cc:stable 2022-10-01 09:13:29 -07:00
Makefile Linux 6.0.15 2022-12-21 17:41:16 +01:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.