github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 15:42:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
de540b704e
linux/drivers/target
History
Nicholas Bellinger 8c9c9dfcd1 target: Fix double-free of se_cmd in target_complete_tmr_failure 
commit e13d5fef88 upstream.

Fabric drivers currently expect to internally release se_cmd in the event
of a TMR failure during target_submit_tmr(), which means the immediate call
to transport_generic_free_cmd() after TFO->queue_tm_rsp() from within
target_complete_tmr_failure() workqueue context is wrong.

This is done as some fabrics expect TMR operations to be acknowledged
before releasing the descriptor, so the assumption that core is releasing
se_cmd associated TMR memory is incorrect.  This fixes a OOPs where
transport_generic_free_cmd() was being called more than once.

This bug was originally observed with tcm_qla2xxx fabric ports.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Andy Grover <agrover@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-05 09:50:42 +01:00
..
iscsi iscsi-target: Bump defaults for nopin_timeout + nopin_response_timeout values 2012-10-21 09:27:58 -07:00
loopback loopback: Fix transport_generic_allocate_tasks error handling 2012-03-17 18:07:27 -07:00
tcm_fc tcm_fc: Fix crash seen with aborts and large reads 2012-07-29 08:04:18 -07:00
Kconfig iscsi-target: Add iSCSI fabric support for target v4.1 2011-07-26 09:16:43 +00:00
Makefile target: remove the ->transport_split_cdb callback in se_cmd 2011-10-24 03:21:15 +00:00
target_core_alua.c target: Return error to initiator if SET TARGET PORT GROUPS emulation fails 2012-06-22 11:37:17 -07:00
target_core_alua.h target: pass the se_task to the CDB emulation callback 2011-11-04 08:00:17 +00:00
target_core_cdb.c target: Check number of unmap descriptors against our limit 2012-08-15 08:10:32 -07:00
target_core_configfs.c target: fix return code in target_core_init_configfs error path 2012-10-21 09:27:58 -07:00
target_core_device.c target: remove obvious warnings 2012-03-15 19:16:09 -07:00
target_core_fabric_configfs.c target: Use array_zalloc for device_list 2012-03-15 19:15:51 -07:00
target_core_fabric_lib.c target: remove useless casts 2011-12-14 11:28:07 +00:00
target_core_file.c target: Fix bug in handling of FILEIO + block_device resize ops 2012-05-17 12:02:43 -07:00
target_core_file.h target: make the ->get_cdb method optional 2011-10-24 03:21:11 +00:00
target_core_hba.c target: header reshuffle, part2 2011-12-14 11:26:05 +00:00
target_core_iblock.c target: increase iblock task sizes 2012-02-25 14:37:46 -08:00
target_core_iblock.h target: increase iblock task sizes 2012-02-25 14:37:46 -08:00
target_core_internal.h target: Untangle front-end and back-end meanings of max_sectors attribute 2012-02-25 14:37:49 -08:00
target_core_pr.c target: Clean up returning errors in PR handling code 2012-07-29 08:04:18 -07:00
target_core_pr.h target: Move core_scsi3_check_cdb_abort_and_preempt 2011-12-14 11:27:34 +00:00
target_core_pscsi.c target/pscsi: fix PHV_VIRUTAL_HOST_ID typo 2012-02-25 14:37:50 -08:00
target_core_pscsi.h target/pscsi: fix PHV_VIRUTAL_HOST_ID typo 2012-02-25 14:37:50 -08:00
target_core_rd.c target: use \n as a separator for configuration 2011-12-14 11:27:23 +00:00
target_core_rd.h target: make the ->get_cdb method optional 2011-10-24 03:21:11 +00:00
target_core_stat.c target: remove obvious warnings 2012-03-15 19:16:09 -07:00
target_core_tmr.c target: Add TMR_ABORT_TASK task management support 2012-02-25 14:37:49 -08:00
target_core_tpg.c target: Drop incorrect se_lun_acl release for dynamic -> explict ACL conversion 2012-05-11 14:55:19 -07:00
target_core_transport.c target: Fix double-free of se_cmd in target_complete_tmr_failure 2012-11-05 09:50:42 +01:00
target_core_ua.c target: Use array_zalloc for device_list 2012-03-15 19:15:51 -07:00
target_core_ua.h