Linux-SCSI Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] scsi: fcoe: fix null-ptr-deref Read in fc_release_transport
@ 2019-08-20  5:43 zhengbin
  2019-09-04  8:51 ` zhengbin (A)
  2019-09-11  1:21 ` Martin K. Petersen
  0 siblings, 2 replies; 4+ messages in thread
From: zhengbin @ 2019-08-20  5:43 UTC (permalink / raw)
  To: hare, jejb, martin.petersen, linux-scsi; +Cc: yi.zhang, zhengbin13

In fcoe_if_init, if fc_attach_transport(&fcoe_vport_fc_functions)
fails, need to free the previously memory and return fail,
otherwise will trigger null-ptr-deref Read in fc_release_transport.

fcoe_exit
  fcoe_if_exit
    fc_release_transport(fcoe_vport_scsi_transport)

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
---
 drivers/scsi/fcoe/fcoe.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/drivers/scsi/fcoe/fcoe.c b/drivers/scsi/fcoe/fcoe.c
index 00dd47b..2f82e56 100644
--- a/drivers/scsi/fcoe/fcoe.c
+++ b/drivers/scsi/fcoe/fcoe.c
@@ -1250,15 +1250,21 @@ static int __init fcoe_if_init(void)
 	/* attach to scsi transport */
 	fcoe_nport_scsi_transport =
 		fc_attach_transport(&fcoe_nport_fc_functions);
+	if (!fcoe_nport_scsi_transport)
+		goto err;
+
 	fcoe_vport_scsi_transport =
 		fc_attach_transport(&fcoe_vport_fc_functions);
-
-	if (!fcoe_nport_scsi_transport) {
-		printk(KERN_ERR "fcoe: Failed to attach to the FC transport\n");
-		return -ENODEV;
-	}
+	if (!fcoe_vport_scsi_transport)
+		goto err_vport;

 	return 0;
+
+err_vport:
+	fc_release_transport(fcoe_nport_scsi_transport);
+err:
+	printk(KERN_ERR "fcoe: Failed to attach to the FC transport\n");
+	return -ENODEV;
 }

 /**
--
2.7.4


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] scsi: fcoe: fix null-ptr-deref Read in fc_release_transport
  2019-08-20  5:43 [PATCH] scsi: fcoe: fix null-ptr-deref Read in fc_release_transport zhengbin
@ 2019-09-04  8:51 ` zhengbin (A)
  2019-09-09  9:56   ` Hannes Reinecke
  2019-09-11  1:21 ` Martin K. Petersen
  1 sibling, 1 reply; 4+ messages in thread
From: zhengbin (A) @ 2019-09-04  8:51 UTC (permalink / raw)
  To: hare, jejb, martin.petersen, linux-scsi; +Cc: yi.zhang

ping

On 2019/8/20 13:43, zhengbin wrote:
> In fcoe_if_init, if fc_attach_transport(&fcoe_vport_fc_functions)
> fails, need to free the previously memory and return fail,
> otherwise will trigger null-ptr-deref Read in fc_release_transport.
>
> fcoe_exit
>   fcoe_if_exit
>     fc_release_transport(fcoe_vport_scsi_transport)
>
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: zhengbin <zhengbin13@huawei.com>
> ---
>  drivers/scsi/fcoe/fcoe.c | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/scsi/fcoe/fcoe.c b/drivers/scsi/fcoe/fcoe.c
> index 00dd47b..2f82e56 100644
> --- a/drivers/scsi/fcoe/fcoe.c
> +++ b/drivers/scsi/fcoe/fcoe.c
> @@ -1250,15 +1250,21 @@ static int __init fcoe_if_init(void)
>  	/* attach to scsi transport */
>  	fcoe_nport_scsi_transport =
>  		fc_attach_transport(&fcoe_nport_fc_functions);
> +	if (!fcoe_nport_scsi_transport)
> +		goto err;
> +
>  	fcoe_vport_scsi_transport =
>  		fc_attach_transport(&fcoe_vport_fc_functions);
> -
> -	if (!fcoe_nport_scsi_transport) {
> -		printk(KERN_ERR "fcoe: Failed to attach to the FC transport\n");
> -		return -ENODEV;
> -	}
> +	if (!fcoe_vport_scsi_transport)
> +		goto err_vport;
>
>  	return 0;
> +
> +err_vport:
> +	fc_release_transport(fcoe_nport_scsi_transport);
> +err:
> +	printk(KERN_ERR "fcoe: Failed to attach to the FC transport\n");
> +	return -ENODEV;
>  }
>
>  /**
> --
> 2.7.4
>
>
> .
>


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] scsi: fcoe: fix null-ptr-deref Read in fc_release_transport
  2019-09-04  8:51 ` zhengbin (A)
@ 2019-09-09  9:56   ` Hannes Reinecke
  0 siblings, 0 replies; 4+ messages in thread
From: Hannes Reinecke @ 2019-09-09  9:56 UTC (permalink / raw)
  To: zhengbin (A), jejb, martin.petersen, Hannes Reinecke, linux-scsi; +Cc: yi.zhang

On 9/4/19 10:51 AM,  zhengbin (A)  wrote:
> ping
> 
> On 2019/8/20 13:43, zhengbin wrote:
>> In fcoe_if_init, if fc_attach_transport(&fcoe_vport_fc_functions)
>> fails, need to free the previously memory and return fail,
>> otherwise will trigger null-ptr-deref Read in fc_release_transport.
>>
>> fcoe_exit
>>   fcoe_if_exit
>>     fc_release_transport(fcoe_vport_scsi_transport)
>>
>> Reported-by: Hulk Robot <hulkci@huawei.com>
>> Signed-off-by: zhengbin <zhengbin13@huawei.com>
>> ---
>>  drivers/scsi/fcoe/fcoe.c | 16 +++++++++++-----
>>  1 file changed, 11 insertions(+), 5 deletions(-)
>>
[ .. ]
>>
> 
> 
Reviewed-by: Hannes Reinecke <hare@suse.com>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		      Teamlead Storage & Networking
hare@suse.de			                  +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 247165 (AG München), GF: Felix Imendörffer

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] scsi: fcoe: fix null-ptr-deref Read in fc_release_transport
  2019-08-20  5:43 [PATCH] scsi: fcoe: fix null-ptr-deref Read in fc_release_transport zhengbin
  2019-09-04  8:51 ` zhengbin (A)
@ 2019-09-11  1:21 ` Martin K. Petersen
  1 sibling, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2019-09-11  1:21 UTC (permalink / raw)
  To: zhengbin; +Cc: hare, jejb, martin.petersen, linux-scsi, yi.zhang


zhengbin,

> In fcoe_if_init, if fc_attach_transport(&fcoe_vport_fc_functions)
> fails, need to free the previously memory and return fail,
> otherwise will trigger null-ptr-deref Read in fc_release_transport.

Applied to 5.4/scsi-queue. Thank you.

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-20  5:43 [PATCH] scsi: fcoe: fix null-ptr-deref Read in fc_release_transport zhengbin
2019-09-04  8:51 ` zhengbin (A)
2019-09-09  9:56   ` Hannes Reinecke
2019-09-11  1:21 ` Martin K. Petersen

Linux-SCSI Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-scsi/0 linux-scsi/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-scsi linux-scsi/ https://lore.kernel.org/linux-scsi \
		linux-scsi@vger.kernel.org linux-scsi@archiver.kernel.org
	public-inbox-index linux-scsi


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-scsi


AGPL code for this site: git clone https://public-inbox.org/ public-inbox