iser: fix segfault at iser_reg_mr

Hit segfault at iser_reg_mr during attaching disk with backtrace: #0 0x000055ace9635b0f in iser_reg_mr (iser_conn=0x55aceca33820) at iser.c:1060 #1 iser_connected_handler (cma_id=<optimized out>) at iser.c:1300 #2 iser_cma_handler (event=0x7f29ef1f7950, cma_id=<optimized out>, iser_conn=0x55aceca33820) at iser.c:1326 #3 cm_thread (arg=0x55aceca33820) at iser.c:1380 #4 0x00007f2e2c31c4a4 in start_thread (arg=0x7f29ef1f8700) at pthread_create.c:456 #5 0x00007f2e2c05ed0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 (gdb) p *iser_conn->tx_desc Cannot access memory at address 0x20 This issue can be reproduced easily by attaching several disks of iser protocol: # virsh attach-device stretch iser0.xml # virsh attach-device stretch iser1.xml ... Initialize instances with zero to avoid random value pointer. Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
2020-02-26 19:53:16 +08:00
parent d020bb003d
commit b4ba92094e
1 changed files with 2 additions and 2 deletions
--- a/lib/iser.c
+++ b/lib/iser.c
@@ -1036,7 +1036,7 @@ iser_reg_mr(struct iser_conn *iser_conn)

 	for (i = 0 ; i < NUM_MRS ; i++) {

-			tx_desc = iscsi_malloc(iscsi, sizeof(*tx_desc));
+			tx_desc = iscsi_zmalloc(iscsi, sizeof(*tx_desc));
 			if (tx_desc == NULL) {
 				iscsi_set_error(iscsi, "Out-Of-Memory, failed to allocate data buffer");
 				return -1;
@@ -1478,7 +1478,7 @@ static iscsi_transport iscsi_transport_iser = {
 void iscsi_init_iser_transport(struct iscsi_context *iscsi)
 {
 	iscsi->drv = &iscsi_transport_iser;
-	iscsi->opaque = iscsi_malloc(iscsi, sizeof(struct iser_conn));
+	iscsi->opaque = iscsi_zmalloc(iscsi, sizeof(struct iser_conn));
 	iscsi->transport = ISER_TRANSPORT;
 	/* Update iSCSI params as per iSER transport */
 	iscsi->initiator_max_recv_data_segment_length = ISCSI_DEF_MAX_RECV_SEG_LEN;