| From 082f58ac4a48d3f5cb4597232cb2ac6823a96f43 Mon Sep 17 00:00:00 2001 |
| From: Quinn Tran <quinn.tran@qlogic.com> |
| Date: Thu, 25 Sep 2014 06:22:28 -0400 |
| Subject: target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE |
| |
| From: Quinn Tran <quinn.tran@qlogic.com> |
| |
| commit 082f58ac4a48d3f5cb4597232cb2ac6823a96f43 upstream. |
| |
| During temporary resource starvation at lower transport layer, command |
| is placed on queue full retry path, which expose this problem. The TCM |
| queue full handling of SCF_TRANSPORT_TASK_SENSE currently sends the same |
| cmd twice to lower layer. The 1st time led to cmd normal free path. |
| The 2nd time cause Null pointer access. |
| |
| This regression bug was originally introduced v3.1-rc code in the |
| following commit: |
| |
| commit e057f53308a5f071556ee80586b99ee755bf07f5 |
| Author: Christoph Hellwig <hch@infradead.org> |
| Date: Mon Oct 17 13:56:41 2011 -0400 |
| |
| target: remove the transport_qf_callback se_cmd callback |
| |
| Signed-off-by: Quinn Tran <quinn.tran@qlogic.com> |
| Signed-off-by: Saurav Kashyap <saurav.kashyap@qlogic.com> |
| Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/target/target_core_transport.c | 3 +-- |
| 1 file changed, 1 insertion(+), 2 deletions(-) |
| |
| --- a/drivers/target/target_core_transport.c |
| +++ b/drivers/target/target_core_transport.c |
| @@ -1877,8 +1877,7 @@ static void transport_complete_qf(struct |
| if (cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) { |
| trace_target_cmd_complete(cmd); |
| ret = cmd->se_tfo->queue_status(cmd); |
| - if (ret) |
| - goto out; |
| + goto out; |
| } |
| |
| switch (cmd->data_direction) { |
