Skip to content

Commit

Permalink
target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE
Browse files Browse the repository at this point in the history 
During temporary resource starvation at lower transport layer, command
is placed on queue full retry path, which expose this problem.  The TCM
queue full handling of SCF_TRANSPORT_TASK_SENSE currently sends the same
cmd twice to lower layer.  The 1st time led to cmd normal free path.
The 2nd time cause Null pointer access.

This regression bug was originally introduced v3.1-rc code in the
following commit:

commit e057f53
Author: Christoph Hellwig <hch@infradead.org>
Date:   Mon Oct 17 13:56:41 2011 -0400

    target: remove the transport_qf_callback se_cmd callback

Signed-off-by: Quinn Tran <quinn.tran@qlogic.com>
Signed-off-by: Saurav Kashyap <saurav.kashyap@qlogic.com>
Cc: <stable@vger.kernel.org> # v3.1+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
  • Loading branch information
Quinn Tran authored and Nicholas Bellinger committed Oct 1, 2014
1 parent db3a99b commit 082f58a
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions drivers/target/target_core_transport.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1871,8 +1871,7 @@ static void transport_complete_qf(struct se_cmd *cmd)
if (cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) {
trace_target_cmd_complete(cmd);
ret = cmd->se_tfo->queue_status(cmd);
if (ret)
goto out;
goto out;
}

switch (cmd->data_direction) {
Expand Down

0 comments on commit 082f58a

Please sign in to comment.