lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 10 May 2023 13:09:18 -0700
From: michael.christie@...cle.com
To: Chris Leech <cleech@...hat.com>, Lee Duncan <lduncan@...e.com>,
        linux-scsi@...r.kernel.org, open-iscsi@...glegroups.com,
        netdev@...r.kernel.org
Subject: Re: [PATCH 11/11] iscsi: force destroy sesions when a network
 namespace exits

On 5/6/23 4:29 PM, Chris Leech wrote:
> The namespace is gone, so there is no userspace to clean up.
> Force close all the sessions.
> 
> This should be enough for software transports, there's no implementation
> of migrating physical iSCSI hosts between network namespaces currently.
> 
> Reviewed-by: Hannes Reinecke <hare@...e.de>
> Signed-off-by: Chris Leech <cleech@...hat.com>
> ---
>  drivers/scsi/scsi_transport_iscsi.c | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
> 
> diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
> index 15d28186996d..10e9414844d8 100644
> --- a/drivers/scsi/scsi_transport_iscsi.c
> +++ b/drivers/scsi/scsi_transport_iscsi.c
> @@ -5235,9 +5235,25 @@ static int __net_init iscsi_net_init(struct net *net)
>  
>  static void __net_exit iscsi_net_exit(struct net *net)
>  {
> +	struct iscsi_cls_session *session, *tmp;
>  	struct iscsi_net *isn;
> +	unsigned long flags;
> +	LIST_HEAD(sessions);
>  
>  	isn = net_generic(net, iscsi_net_id);
> +
> +	spin_lock_irqsave(&isn->sesslock, flags);
> +	list_replace_init(&isn->sesslist, &sessions);
> +	spin_unlock_irqrestore(&isn->sesslock, flags);
> +
> +	/* force session destruction, there is no userspace anymore */
> +	list_for_each_entry_safe(session, tmp, &sessions, sess_list) {
> +		device_for_each_child(&session->dev, NULL,
> +				      iscsi_iter_force_destroy_conn_fn);
> +		flush_work(&session->destroy_work);

I think if this flush_work actually flushed, then we would be doing a use
after free because the running work would free the session from under us.

We should never have a running destroy_work and be ale to see it on the sesslist
right? Maybe a WARN_ON or something else so it doesn't look like a possible
bug.


> +		__iscsi_destroy_session(&session->destroy_work);
> +	}
> +
>  	netlink_kernel_release(isn->nls);
>  	isn->nls = NULL;
>  }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ