• Nicholas Bellinger's avatar
    iscsi-target: Avoid early conn_logout_comp for iser connections · f068fbc8
    Nicholas Bellinger authored
    This patch fixes a iser specific logout bug where early complete()
    of conn->conn_logout_comp in iscsit_close_connection() was causing
    isert_wait4logout() to complete too soon, triggering a use after
    free NULL pointer dereference of iscsi_conn memory.
    
    The complete() was originally added for traditional iscsi-target
    when a ISCSI_LOGOUT_OP failed in iscsi_target_rx_opcode(), but given
    iser-target does not wait in logout failure, this special case needs
    to be avoided.
    Reported-by: default avatarSagi Grimberg <sagig@mellanox.com>
    Cc: Sagi Grimberg <sagig@mellanox.com>
    Cc: Slava Shwartsman <valyushash@gmail.com>
    Cc: <stable@vger.kernel.org> # v3.10+
    Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
    f068fbc8
iscsi_target.c 129 KB