mbox series

[v2,0/2] scsi: iscsi: host ipaddress UAF fixes

Message ID 20230117193937.21244-1-michael.christie@oracle.com
Headers show
Series scsi: iscsi: host ipaddress UAF fixes | expand

Message

Mike Christie Jan. 17, 2023, 7:39 p.m. UTC
The following patches made apply over Martin's or Linus's trees. They
fix 2 use after free bugs caused by iscsi_tcp using the session's socket
to export the local IP address on the iscsi host to emulate the host's
local IP address.

Note that the naming is not great because the libiscsi session removal
and freeing functions are close to the iSCSI class's names. That will be
fixed in a separate patch for the 6.3 or 6.4 kernel (depending on when
this is merged) because it was a pretty big change fix up all the naming.

v2:
- Fix bug reproducer example in git commit message.

Comments

Ding Hui Jan. 18, 2023, 12:54 a.m. UTC | #1
On 2023/1/18 3:39, Mike Christie wrote:
> The following patches made apply over Martin's or Linus's trees. They
> fix 2 use after free bugs caused by iscsi_tcp using the session's socket
> to export the local IP address on the iscsi host to emulate the host's
> local IP address.
> 
> Note that the naming is not great because the libiscsi session removal
> and freeing functions are close to the iSCSI class's names. That will be
> fixed in a separate patch for the 6.3 or 6.4 kernel (depending on when
> this is merged) because it was a pretty big change fix up all the naming.
> 
> v2:
> - Fix bug reproducer example in git commit message.
> 

It looks good to me.

Thanks for your work on this.
Lee Duncan Jan. 18, 2023, 5:26 p.m. UTC | #2
On 1/17/23 11:39, Mike Christie wrote:
> The following patches made apply over Martin's or Linus's trees. They
> fix 2 use after free bugs caused by iscsi_tcp using the session's socket
> to export the local IP address on the iscsi host to emulate the host's
> local IP address.
> 
> Note that the naming is not great because the libiscsi session removal
> and freeing functions are close to the iSCSI class's names. That will be
> fixed in a separate patch for the 6.3 or 6.4 kernel (depending on when
> this is merged) because it was a pretty big change fix up all the naming.
> 
> v2:
> - Fix bug reproducer example in git commit message.
> 
> 
> 

Both patches look good to me.

Reviewed-by: Lee Duncan <lduncan@suse.com>
Martin K. Petersen Jan. 19, 2023, 12:47 a.m. UTC | #3
Mike,

> The following patches made apply over Martin's or Linus's trees. They
> fix 2 use after free bugs caused by iscsi_tcp using the session's socket
> to export the local IP address on the iscsi host to emulate the host's
> local IP address.
>
> Note that the naming is not great because the libiscsi session removal
> and freeing functions are close to the iSCSI class's names. That will be
> fixed in a separate patch for the 6.3 or 6.4 kernel (depending on when
> this is merged) because it was a pretty big change fix up all the naming.

Applied to 6.2/scsi-fixes, thanks!