net: Fix use after free by removing length arg from sk_data_ready callbacks.

[linux.git] / drivers / scsi / iscsi_tcp.c

diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c
index add6d1566ec8331aa5e27963e13fefa74a117ffd..11854845393bf9cc13688ff3895339997822fa61 100644 (file)
--- a/drivers/scsi/iscsi_tcp.c
+++ b/drivers/scsi/iscsi_tcp.c
@@ -125,7 +125,7 @@ static inline int iscsi_sw_sk_state_check(struct sock *sk)
        return 0;
 }
 
-static void iscsi_sw_tcp_data_ready(struct sock *sk, int flag)
+static void iscsi_sw_tcp_data_ready(struct sock *sk)
 {
        struct iscsi_conn *conn;
        struct iscsi_tcp_conn *tcp_conn;
@@ -593,9 +593,9 @@ static void iscsi_sw_tcp_release_conn(struct iscsi_conn *conn)
        iscsi_sw_tcp_conn_restore_callbacks(conn);
        sock_put(sock->sk);
 
-       spin_lock_bh(&session->lock);
+       spin_lock_bh(&session->frwd_lock);
        tcp_sw_conn->sock = NULL;
-       spin_unlock_bh(&session->lock);
+       spin_unlock_bh(&session->frwd_lock);
        sockfd_put(sock);
 }
 
@@ -663,10 +663,10 @@ iscsi_sw_tcp_conn_bind(struct iscsi_cls_session *cls_session,
        if (err)
                goto free_socket;
 
-       spin_lock_bh(&session->lock);
+       spin_lock_bh(&session->frwd_lock);
        /* bind iSCSI connection and socket */
        tcp_sw_conn->sock = sock;
-       spin_unlock_bh(&session->lock);
+       spin_unlock_bh(&session->frwd_lock);
 
        /* setup Socket parameters */
        sk = sock->sk;
@@ -726,14 +726,14 @@ static int iscsi_sw_tcp_conn_get_param(struct iscsi_cls_conn *cls_conn,
        switch(param) {
        case ISCSI_PARAM_CONN_PORT:
        case ISCSI_PARAM_CONN_ADDRESS:
-               spin_lock_bh(&conn->session->lock);
+               spin_lock_bh(&conn->session->frwd_lock);
                if (!tcp_sw_conn || !tcp_sw_conn->sock) {
-                       spin_unlock_bh(&conn->session->lock);
+                       spin_unlock_bh(&conn->session->frwd_lock);
                        return -ENOTCONN;
                }
                rc = kernel_getpeername(tcp_sw_conn->sock,
                                        (struct sockaddr *)&addr, &len);
-               spin_unlock_bh(&conn->session->lock);
+               spin_unlock_bh(&conn->session->frwd_lock);
                if (rc)
                        return rc;
 
@@ -759,23 +759,26 @@ static int iscsi_sw_tcp_host_get_param(struct Scsi_Host *shost,
 
        switch (param) {
        case ISCSI_HOST_PARAM_IPADDRESS:
-               spin_lock_bh(&session->lock);
+               if (!session)
+                       return -ENOTCONN;
+
+               spin_lock_bh(&session->frwd_lock);
                conn = session->leadconn;
                if (!conn) {
-                       spin_unlock_bh(&session->lock);
+                       spin_unlock_bh(&session->frwd_lock);
                        return -ENOTCONN;
                }
                tcp_conn = conn->dd_data;
 
                tcp_sw_conn = tcp_conn->dd_data;
                if (!tcp_sw_conn->sock) {
-                       spin_unlock_bh(&session->lock);
+                       spin_unlock_bh(&session->frwd_lock);
                        return -ENOTCONN;
                }
 
                rc = kernel_getsockname(tcp_sw_conn->sock,
                                        (struct sockaddr *)&addr, &len);
-               spin_unlock_bh(&session->lock);
+               spin_unlock_bh(&session->frwd_lock);
                if (rc)
                        return rc;