Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7d9eacf9 authored by Roi Dayan's avatar Roi Dayan Committed by Roland Dreier
Browse files

IB/iser: Avoid dereferencing iscsi_iser conn object when not bound to iser connection 



Fix a possible NULL pointer dereference in disconnection flow. This
can happen if the target disconnected/rejected the connection request,
e.g before the binding stage between iscsi connection to the transport
connection.

Signed-off-by: default avatarAlex Tabachnik <alext@mellanox.com>
Signed-off-by: default avatarRoi Dayan <roid@mellanox.com>
Signed-off-by: default avatarOr Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: default avatarRoland Dreier <roland@purestorage.com>
parent 38dbfb59

drivers/infiniband/ulp/iser/iser_verbs.c

+7 −3
Original line number Diff line number Diff line
@@ -652,9 +652,13 @@ static int iser_disconnected_handler(struct rdma_cm_id *cma_id) 
	/* getting here when the state is UP means that the conn is being *

	 * terminated asynchronously from the iSCSI layer's perspective.  */

	if (iser_conn_state_comp_exch(ib_conn, ISER_CONN_UP,

				      ISER_CONN_TERMINATING))

					ISER_CONN_TERMINATING)){

		if (ib_conn->iser_conn)

			iscsi_conn_failure(ib_conn->iser_conn->iscsi_conn,

					   ISCSI_ERR_CONN_FAILED);

		else

			iser_err("iscsi_iser connection isn't bound\n");

	}



	/* Complete the termination process if no posts are pending */

	if (ib_conn->post_recv_buf_count == 0 &&