git.ipfire.org Git - thirdparty/kernel/stable.git/commit

IB/isert: Fix incorrect release of isert connection

[ Upstream commit 699826f4e30ab76a62c238c86fbef7e826639c8d ]

The ib_isert module is releasing the isert connection both in
isert_wait_conn() handler as well as isert_free_conn() handler.
In isert_wait_conn() handler, it is expected to wait for iSCSI
session logout operation to complete. It should free the isert
connection only in isert_free_conn() handler.

When a bunch of iSER target is cleared, this issue can lead to
use-after-free memory issue as isert conn is twice released

Fixes: b02efbfc9a05 ("iser-target: Fix implicit termination of connections")
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Link: https://lore.kernel.org/r/20230606102531.162967-4-saravanan.vajravel@broadcom.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

author	Saravanan Vajravel <saravanan.vajravel@broadcom.com>
	Tue, 6 Jun 2023 10:25:31 +0000 (03:25 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 21 Jun 2023 13:38:58 +0000 (15:38 +0200)
commit	ccf5a1b28e2b73952e8d23126fa1abc6ff99de55
tree	050db256ab25d8b1da753890ff87976d2ba368c3	tree
parent	6f40a2503dc5692bb6917151bae578280772a531	commit \| diff