• Roland Dreier's avatar
    tcm_qla2xxx: Don't insert nacls without sessions into the btree · 3578ddba
    Roland Dreier authored
    When we create an explicit node ACL in tcm_qla2xxx_make_nodeacl(),
    there is a call to tcm_qla2xxx_setup_nacl_from_rport(), which puts the
    node ACL into the lport_fcport_map even though there is no session yet
    for the initiator.  Since the only time we remove entries from this
    map is when we free a session, this means that if we later delete this
    node ACL without the initiator ever creating a session, we'll leave
    the nacl pointer in the btree pointing at freed memory.
    
    This is especially bad if that initiator later does send us a command
    that would cause us to create a dynamic ACL and session: we'll find
    the stale freed nacl pointer in the btree and end up with use-after-free.
    
    We could add more code to clear the btree entry when deleting the
    explicit nacl, but the original insertion is pointless: without a
    session attached, we'll just have to update the entry when a session
    appears anyway.  So we can just delete tcm_qla2xxx_setup_nacl_from_rport()
    and the code that calls it.
    Signed-off-by: default avatarRoland Dreier <roland@purestorage.com>
    Cc: Chad Dupuis <chad.dupuis@qlogic.com>
    Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
    Cc: Arun Easi <arun.easi@qlogic.com>
    Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
    3578ddba
tcm_qla2xxx.c 52.6 KB