aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/target/iscsi
diff options
context:
space:
mode:
authorNicholas Bellinger <nab@linux-iscsi.org>2014-05-01 16:44:56 -0400
committerNicholas Bellinger <nab@linux-iscsi.org>2014-05-15 20:09:11 -0400
commit7cbfcc953789ff864c2bf8365a82a3fba4869649 (patch)
tree395eb47a69b0dcebf0354bc9f9a6767f71085027 /drivers/target/iscsi
parent14f4b54fe38f3a8f8392a50b951c8aa43b63687a (diff)
iscsi-target: Change BUG_ON to REJECT in iscsit_process_nop_out
This patch changes an incorrect use of BUG_ON to instead generate a REJECT + PROTOCOL_ERROR in iscsit_process_nop_out() code. This case can occur with traditional TCP where a flood of zeros in the data stream can reach this block for what is presumed to be a NOP-OUT with a solicited reply, but without a valid iscsi_cmd pointer. This incorrect BUG_ON was introduced during the v3.11-rc timeframe with the following commit: commit 778de368964c5b7e8100cde9f549992d521e9c89 Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Fri Jun 14 16:07:47 2013 -0700 iscsi/isert-target: Refactor ISCSI_OP_NOOP RX handling Reported-by: Arshad Hussain <arshad.hussain@calsoftinc.com> Cc: stable@vger.kernel.org # 3.11+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'drivers/target/iscsi')
-rw-r--r--drivers/target/iscsi/iscsi_target.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index 78cab13bbb1b..46588c85d39b 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -1593,7 +1593,9 @@ int iscsit_process_nop_out(struct iscsi_conn *conn, struct iscsi_cmd *cmd,
1593 * Initiator is expecting a NopIN ping reply.. 1593 * Initiator is expecting a NopIN ping reply..
1594 */ 1594 */
1595 if (hdr->itt != RESERVED_ITT) { 1595 if (hdr->itt != RESERVED_ITT) {
1596 BUG_ON(!cmd); 1596 if (!cmd)
1597 return iscsit_add_reject(conn, ISCSI_REASON_PROTOCOL_ERROR,
1598 (unsigned char *)hdr);
1597 1599
1598 spin_lock_bh(&conn->cmd_lock); 1600 spin_lock_bh(&conn->cmd_lock);
1599 list_add_tail(&cmd->i_conn_node, &conn->conn_cmd_list); 1601 list_add_tail(&cmd->i_conn_node, &conn->conn_cmd_list);
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-22 09:17:10 -0400