Bug 106251

Summary: there exists a wrong return value of function iscsi_if_recv_msg() when iscsi_lookup_endpoint() fails
Product: SCSI Drivers Reporter: RUC_Soft_Sec (rucsoftsec)
Component: OtherAssignee: scsi_drivers-other
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 4.2 Subsystem:
Regression: No Bisected commit-id:

Description RUC_Soft_Sec 2015-10-19 14:17:48 UTC 
In function iscsi_if_recv_msg() at drivers/scsi/scsi_transport_iscsi.c:3491, the call to iscsi_lookup_endpoint() in line 3575 may fail, and thus function iscsi_if_recv_msg() will return the value of variable 'err'. And, the function iscsi_if_recv_msg() will return 0 at last when it runs well. So the function iscsi_if_recv_msg() will return 0 to its caller functions when it runs error because of the failing call to iscsi_lookup_endpoint(), leading to a wrong return value in function iscsi_if_recv_msg().
The related code snippets in iscsi_if_recv_msg() are as following.
iscsi_if_recv_msg @@ drivers/scsi/scsi_transport_iscsi.c:3491
3491 static int
3492 iscsi_if_recv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, uint32_t *group)
3493 {
3494         int err = 0;
                     ......
3575                 ep = iscsi_lookup_endpoint(ev->u.b_conn.transport_eph);
3576                 if (ep) {
3577                         ep->conn = conn;
3578 
3579                         mutex_lock(&conn->ep_mutex);
3580                         conn->ep = ep;
3581                         mutex_unlock(&conn->ep_mutex);
3582                 } else
3583                         iscsi_cls_conn_printk(KERN_ERR, conn,
3584                                               "Could not set ep conn "
3585                                               "binding\n");
3586                 break;
                     ......
3679         return err;
3680 }


Generally, the return value of caller functions which call function iscsi_lookup_endpoint() shall be set to a negative number when the call to iscsi_lookup_endpoint() fails, like the following codes in another file.
beiscsi_conn_bind @@ drivers/scsi/be2iscsi/be_iscsi.c:195
195 int beiscsi_conn_bind(struct iscsi_cls_session *cls_session,
196                       struct iscsi_cls_conn *cls_conn,
197                       u64 transport_fd, int is_leading)
198 {
            ......
208         ep = iscsi_lookup_endpoint(transport_fd);
209         if (!ep)
210                 return -EINVAL;
            ......
238 }

Thank you

RUC_Soft_Sec