Patchwork [3.5.y.z,extended,stable] Patch "sbp-target: fix error path in sbp_make_tpg()" has been added to staging queue

login
register
mail settings
Submitter Herton Ronaldo Krzesinski
Date Jan. 7, 2013, 8:38 p.m.
Message ID <1357591128-22475-1-git-send-email-herton.krzesinski@canonical.com>
Download mbox | patch
Permalink /patch/210222/
State New
Headers show

Comments

Herton Ronaldo Krzesinski - Jan. 7, 2013, 8:38 p.m.
This is a note to let you know that I have just added a patch titled

    sbp-target: fix error path in sbp_make_tpg()

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Herton

------

From b1e801616c6542e0393b72599048b8789f3bb96a Mon Sep 17 00:00:00 2001
From: Chris Boot <bootc@bootc.net>
Date: Tue, 11 Dec 2012 21:58:48 +0000
Subject: [PATCH] sbp-target: fix error path in sbp_make_tpg()

commit e1fe2060d7e8f58a69374135e32e90f0bb79a7fd upstream.

If the TPG memory is allocated successfully, but we fail further along
in the function, a dangling pointer to freed memory is left in the TPort
structure. This is mostly harmless, but does prevent re-trying the
operation without first removing the TPort altogether.

Reported-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Chris Boot <bootc@bootc.net>
Cc: Andy Grover <agrover@redhat.com>
Cc: Nicholas A. Bellinger <nab@linux-iscsi.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
---
 drivers/target/sbp/sbp_target.c |   17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

--
1.7.9.5

Patch

diff --git a/drivers/target/sbp/sbp_target.c b/drivers/target/sbp/sbp_target.c
index 7e6136e..e935aaa 100644
--- a/drivers/target/sbp/sbp_target.c
+++ b/drivers/target/sbp/sbp_target.c
@@ -2221,20 +2221,23 @@  static struct se_portal_group *sbp_make_tpg(
 	tport->mgt_agt = sbp_management_agent_register(tport);
 	if (IS_ERR(tport->mgt_agt)) {
 		ret = PTR_ERR(tport->mgt_agt);
-		kfree(tpg);
-		return ERR_PTR(ret);
+		goto out_free_tpg;
 	}

 	ret = core_tpg_register(&sbp_fabric_configfs->tf_ops, wwn,
 			&tpg->se_tpg, (void *)tpg,
 			TRANSPORT_TPG_TYPE_NORMAL);
-	if (ret < 0) {
-		sbp_management_agent_unregister(tport->mgt_agt);
-		kfree(tpg);
-		return ERR_PTR(ret);
-	}
+	if (ret < 0)
+		goto out_unreg_mgt_agt;

 	return &tpg->se_tpg;
+
+out_unreg_mgt_agt:
+	sbp_management_agent_unregister(tport->mgt_agt);
+out_free_tpg:
+	tport->tpg = NULL;
+	kfree(tpg);
+	return ERR_PTR(ret);
 }

 static void sbp_drop_tpg(struct se_portal_group *se_tpg)