summaryrefslogtreecommitdiffstats
path: root/drivers/scsi/iscsi_tcp.c
diff options
context:
space:
mode:
authorOlaf Kirch <olaf.kirch@oracle.com>2007-12-13 12:43:36 -0600
committerJames Bottomley <James.Bottomley@HansenPartnership.com>2008-01-11 18:28:43 -0600
commit03766a1d4e4520066d3ed2097bfdf6e606aba828 (patch)
tree56757a1710b8f1f2e0b243a5d727c7e24de6f210 /drivers/scsi/iscsi_tcp.c
parenta8ac6311cc21d78fa284cd43f56df2063f536bf1 (diff)
downloadlinux-03766a1d4e4520066d3ed2097bfdf6e606aba828.tar.gz
linux-03766a1d4e4520066d3ed2097bfdf6e606aba828.tar.bz2
linux-03766a1d4e4520066d3ed2097bfdf6e606aba828.zip
[SCSI] iscsi_tcp: stop leaking r2t_info's when the incoming R2T is bad
iscsi_r2t_rsp checks the incoming R2T for sanity, and if it thinks it's fishy, it will drop it silently. In this case, we leaked an r2t_info object. If we do this often enough, we run into a BUG_ON some time later. Removed r2t wrappers and update patch by Mike Christie Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com> Signed-off-by: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Diffstat (limited to 'drivers/scsi/iscsi_tcp.c')
-rw-r--r--drivers/scsi/iscsi_tcp.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c
index 7212fe95a66d..ecba606e6521 100644
--- a/drivers/scsi/iscsi_tcp.c
+++ b/drivers/scsi/iscsi_tcp.c
@@ -658,6 +658,8 @@ iscsi_r2t_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
r2t->data_length = be32_to_cpu(rhdr->data_length);
if (r2t->data_length == 0) {
printk(KERN_ERR "iscsi_tcp: invalid R2T with zero data len\n");
+ __kfifo_put(tcp_ctask->r2tpool.queue, (void*)&r2t,
+ sizeof(void*));
spin_unlock(&session->lock);
return ISCSI_ERR_DATALEN;
}
@@ -669,10 +671,12 @@ iscsi_r2t_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
r2t->data_offset = be32_to_cpu(rhdr->data_offset);
if (r2t->data_offset + r2t->data_length > scsi_bufflen(ctask->sc)) {
- spin_unlock(&session->lock);
printk(KERN_ERR "iscsi_tcp: invalid R2T with data len %u at "
"offset %u and total length %d\n", r2t->data_length,
r2t->data_offset, scsi_bufflen(ctask->sc));
+ __kfifo_put(tcp_ctask->r2tpool.queue, (void*)&r2t,
+ sizeof(void*));
+ spin_unlock(&session->lock);
return ISCSI_ERR_DATALEN;
}