Received: by 2002:ab2:620c:0:b0:1ef:ffd0:ce49 with SMTP id o12csp458331lqt; Mon, 18 Mar 2024 12:50:16 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWF5mPwMeNFqdMU/gYHIO2nKwXEmlCXzYyR1qgzAoj4O82x9PbUGK0xRMOEPJd70/EqiV5zH75gQt/Tod+D31yFfY7ZgZr1cX6I+H5J/w== X-Google-Smtp-Source: AGHT+IENhPqWBI2v630RBru6SHrg9bWCYTIjIZcJvXrN7A71Vn7Rl3r1fZldJ3ggyEZq+3+qg95U X-Received: by 2002:a19:8c47:0:b0:513:cb8a:59a7 with SMTP id i7-20020a198c47000000b00513cb8a59a7mr341780lfj.2.1710791415821; Mon, 18 Mar 2024 12:50:15 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710791415; cv=pass; d=google.com; s=arc-20160816; b=R7uz4ICjDrdgj5BHoAwxvfWp/AN6zO7Y/gNoWrwOo/GSeFX0HLXmIb+/CKrPHOOJYc G3uSDTEXT8bSlUUMZnkaWw7QLhlRxV0z30B+1kWritfUN4L8vxIn4jtTAvEbcQ5PclRd Z86NmSfWzUtdnSSUMeTzc1SeWbA6qE46C3Z8WEQ9YQXguJCggIJHAhTfFN3iVc2/mmjE uC/grqFWzWxdPw+C0blyAsxqnAsuDVfuYH2lG+zAeyGREWJ+T2u6m+Ovox8wHp8HrI+b d0iRv5VN2p0pEKvJx1qx8eppHSHAund8wNWKwcyin9t9JBmDDpjpe3E05Zpmun0kls+A nZTw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=zn9nLMkX+9ot7mpB5JfFnXrn3aoEdcb9jRXTQzDWKlU=; fh=gfCzQ/gxjQq/EnC4y3ovmbwmerWd7ZBhgW/gj1iiv2g=; b=MNAb7nk6OVWIVNPYLRGkYS0t/oWP1fvPihbDYdU0g47jP4RLRNUn8wiAOWGkJrgD4V S7WsW7bJaJONdEkIOBd2hn+TJvm0wrTGdpjXVOG1SpIVeJBRcGHgQpCPel1LbYe2yrr7 LN3uQRQEc88m+bIN18puif36aRCFu47nnxRO0wJ689wUUlipwvQ9g7m3R3ehLzOApT6L AmRDktFegyVufHSZL23wzwtCR6S4SSFZgSdHI+uRPjwqstI3t7jVLb9ltfzHxn2euKaU xcb1s/jlPJTazjN8eSdkLlr18oglOOUgXkipGJZxmhxYYSAixGdmSwORGhhmCFW29epK jnNA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=I2QrNSjt; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-106578-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-106578-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id bg14-20020a170906a04e00b00a46a94c6927si2380098ejb.410.2024.03.18.12.50.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Mar 2024 12:50:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-106578-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=I2QrNSjt; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-106578-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-106578-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 8830B1F223CF for ; Mon, 18 Mar 2024 19:50:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 73FE457336; Mon, 18 Mar 2024 19:50:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="I2QrNSjt" Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 47CC056464 for ; Mon, 18 Mar 2024 19:50:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.180 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710791405; cv=none; b=IDdThUUSvJj7eFsdS4m3PxoaHKtgcbc1at8TWP6BWCzi8yOfZCecdb9TU8mmQx5mlePwdg+GUYYMhCYpQNF680HuQIjDWVCMayPq3SQe6bdf4XtRMY6qcnKW1EY30upDXZy2eBIwHebtKFnwvWCR3dKs4vApcStgUypzBcNSFj8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710791405; c=relaxed/simple; bh=nbS5LGN2ouWURiMV3g1XD5IvjDaRV44oVY5u9CjawzI=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=EdZWeo6Yxn8z28yVI8R4YAaHSNbS42KLIc+jXtoiiEa653ow5M/pZ2ZdLIBzQDeEBNe3AHv7abMU2kvWoaM52Hv5oJ5Sev89AhxPfQT3zoLtJoN/KkS7371bo+glkuU10UD0HZ1yqVzx323kF/kfQBfqlodnid2a45U11DF6DVc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=I2QrNSjt; arc=none smtp.client-ip=209.85.215.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-5e42b4bbfa4so2946530a12.1 for ; Mon, 18 Mar 2024 12:50:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1710791404; x=1711396204; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=zn9nLMkX+9ot7mpB5JfFnXrn3aoEdcb9jRXTQzDWKlU=; b=I2QrNSjtQm+xVQ8RihOlJZ2xu3A7seG3YeOIRwS6FGVo2F2s5QS9l8CWic+An39gn5 ov+6mC8CBDMC7XJ2RoWDmcXghaI2IEtqbt2vpTOVOjllTHGcydZ9cqLSZ1wn3BK3358U +l/RACjrb8T4UIBd1rTCk2a7Z95eSQyt51EV8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710791404; x=1711396204; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zn9nLMkX+9ot7mpB5JfFnXrn3aoEdcb9jRXTQzDWKlU=; b=c3tGB9a0sRvXbiC4BTilpW4qhclLgM+68ldRGiiCPK00aRjup2LTLP7EsEprB1AJAY yteiBoNTRIgDDAgrn3VfRPXt8nAJk5ptiIWTBxizqdkj5NDAi8LqGU5BzUtpYx4JcWUs zl5LQ43lCKjkNJRt+Z80Y/MQy15M95uRAsco18V1O24+Uee69NM2ezzSLgGCkWcspuVU DiXLEklXeadc78hUi2SOQmn6bgrbG+fmkSN1Uel8W71ZPMtiEwTMw82MZKr9CSmYQrrd sr44deLimP0jHnEaFBMdZvNmNUYqBa+4W0yBveucVsctBH/4rQIYPFa2utlfpzclfXA3 DLlQ== X-Forwarded-Encrypted: i=1; AJvYcCWbPbcLNkdSNTjbEpYA9omC7B8WdCeEF0qY72XOQG9MmmWTQ2wjoxkZFMOklaKkbdiTf0qcGvELwO4kSasj6zTaRxWN4E+ZUQ+qvaW7 X-Gm-Message-State: AOJu0YyoaK2EiheZU/io97F7C4GnQkU/wWAMdNQW5odJ1WUNUrFWdDl/ i07JHhanC94Aj1N3S+G51uQNY2Sk7hfsGkcIaNHh5E6qCrqHkD/1uRApa7e3wA== X-Received: by 2002:a17:902:ecc9:b0:1de:f3bf:a47a with SMTP id a9-20020a170902ecc900b001def3bfa47amr13050726plh.9.1710791403740; Mon, 18 Mar 2024 12:50:03 -0700 (PDT) Received: from khazhy-linux.svl.corp.google.com ([2620:15c:2a3:200:5620:6f64:dfac:61dc]) by smtp.gmail.com with ESMTPSA id k4-20020a170902c40400b001defa98b03fsm6476916plk.101.2024.03.18.12.50.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Mar 2024 12:50:02 -0700 (PDT) From: Khazhismel Kumykov X-Google-Original-From: Khazhismel Kumykov To: Lee Duncan , Chris Leech , Mike Christie , "James E . J . Bottomley" , "Martin K . Petersen" Cc: open-iscsi@googlegroups.com, linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, Khazhismel Kumykov Subject: [PATCH 1/2] iscsi_tcp: do not bind sockets that already have extra callbacks Date: Mon, 18 Mar 2024 12:49:01 -0700 Message-ID: <20240318194902.3290795-1-khazhy@google.com> X-Mailer: git-send-email 2.44.0.291.gc1ea87d7ee-goog Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This attempts to avoid a situation where a misbehaving iscsi daemon passes a socket for a different iSCSI connection to BIND_CONN - which would result in infinite recursion and stack overflow. This will also prevent passing *other* sockets which had sk_user_data overridden, but that wouldn't have been safe anyways - since we throw away that pointer anyways. This does not cover all hypothetical scenarios where we pass bad sockets to BIND_CONN. This also papers over a different bug - we allow a daemon to call BIND_CONN twice for the same connection - which would result in, at the least, failing to uninitialize/teardown the previous socket, which will be addressed separately. Signed-off-by: Khazhismel Kumykov --- drivers/scsi/iscsi_tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c index 8e14cea15f98..e8ed60b777c6 100644 --- a/drivers/scsi/iscsi_tcp.c +++ b/drivers/scsi/iscsi_tcp.c @@ -725,7 +725,7 @@ iscsi_sw_tcp_conn_bind(struct iscsi_cls_session *cls_session, } err = -EINVAL; - if (!sk_is_tcp(sock->sk)) + if (!sk_is_tcp(sock->sk) || sock->sk->sk_user_data) goto free_socket; err = iscsi_conn_bind(cls_session, cls_conn, is_leading); -- 2.44.0.291.gc1ea87d7ee-goog