From 90485f0c9784ee9ecc50c0bc48b91eca44d4940c Mon Sep 17 00:00:00 2001 From: Gleb Chesnokov Date: Tue, 28 Jun 2022 02:46:40 +0300 Subject: [PATCH] iscsi-scst: Fix up the error handling to avoid crash This patch should fix the following bug: iscsi-scst: ***ERROR***: Sending data failed: initiator ..., write_size 0, write_state 1, res 0 iscsi-scst: ***CRITICAL ERROR***: 0 6 31 ------------[ cut here ]------------ kernel BUG at /usr/src/packages/BUILD/scst-3.7.0.8695/iscsi-scst/kernel/nthread.c:1517! invalid opcode: 0000 [#1] SMP NOPTI CPU: 12 PID: 997595 Comm: iscsiwr0_14 ... ... RIP: 0010:iscsi_send+0x877/0x8b0 [iscsi_scst] Call Trace: istwr+0x123/0x3b0 [iscsi_scst] kthread+0x120/0x136 ret_from_fork+0x24/0x36 ------------------------------------- What happens: - istwr() calls scst_do_job_wr(). - scst_do_job_wr() calls iscsi_send(). - iscsi_send() sets the 'res' variable to 0 during error in one of three possible places: iscsi_do_send(), tx_padding(), tx_ddigest(). - All of these functions call exit_tx() which sets conn->write_state to TX_END. - After iscsi_send() has completed for the current iteration, the next time it processes iscsi_conn with conn->write_state == TX_END, which will call BUG() in the switch default case. Therefore, remove the res == 0 check in iscsi_send() to handle TX_END state. Fixes: https://github.com/SCST-project/scst/issues/12 --- iscsi-scst/kernel/nthread.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/iscsi-scst/kernel/nthread.c b/iscsi-scst/kernel/nthread.c index 5709a0e9c..5d4626d14 100644 --- a/iscsi-scst/kernel/nthread.c +++ b/iscsi-scst/kernel/nthread.c @@ -1511,9 +1511,6 @@ int iscsi_send(struct iscsi_conn *conn) sBUG(); } - if (res == 0) - goto out; - if (conn->write_state != TX_END) goto out;