From 6ac1564eaf22f6020e16fef557c423e3c3c50f64 Mon Sep 17 00:00:00 2001 From: Nicholas Bellinger Date: Thu, 29 May 2014 12:36:43 -0700 Subject: [PATCH] iscsi-target: Fix incorrect buffer usage in non-leading connection login This patch fixes a bug in non-leading connection login processing where iscsi_login_non_zero_tsih_s2() was incorrectly using the login request header as a temporary buffer for setting TargetPortalGroupTag. This bug was manifesting itself as login failures with non-leading login requests in multiple connection per session (MC/S) operation, and has been present since the initial v3.1 merge of iscsi-target code. However, the bug has only been able to trigger since the v3.10 changes in commit baa4d64b1 where included to support iser-target. Reported-by: Santosh Kulkarni Cc: stable@vger.kernel.org # 3.1+ Signed-off-by: Nicholas Bellinger --- drivers/target/iscsi/iscsi_target_login.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c index ca31fa1b8a4b..bb76197c495b 100644 --- a/drivers/target/iscsi/iscsi_target_login.c +++ b/drivers/target/iscsi/iscsi_target_login.c @@ -550,13 +550,14 @@ static int iscsi_login_non_zero_tsih_s1( */ static int iscsi_login_non_zero_tsih_s2( struct iscsi_conn *conn, - unsigned char *buf) + unsigned char *p) { struct iscsi_portal_group *tpg = conn->tpg; struct iscsi_session *sess = NULL, *sess_p = NULL; struct se_portal_group *se_tpg = &tpg->tpg_se_tpg; struct se_session *se_sess, *se_sess_tmp; - struct iscsi_login_req *pdu = (struct iscsi_login_req *)buf; + struct iscsi_login_req *pdu = (struct iscsi_login_req *)p; + unsigned char buf[32]; bool iser = false; spin_lock_bh(&se_tpg->session_lock); -- 2.39.5