Dmitry Fomichev a86a75865f scsi: target: tcmu: avoid use-after-free after command timeout ... In tcmu_handle_completion() function, the variable called read_len is always initialized with a value taken from se_cmd structure. If this function is called to complete an expired (timed out) out command, the session command pointed by se_cmd is likely to be already deallocated by the target core at that moment. As the result, this access triggers a use-after-free warning from KASAN. This patch fixes the code not to touch se_cmd when completing timed out TCMU commands. It also resets the pointer to se_cmd at the time when the TCMU_CMD_BIT_EXPIRED flag is set because it is going to become invalid after calling target_complete_cmd() later in the same function, tcmu_check_expired_cmd(). Signed-off-by: Dmitry Fomichev <dmitry.fomichev@wdc.com> Acked-by: Mike Christie <mchristi@redhat.com> Reviewed-by: Damien Le Moal <damien.lemoal@wdc.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>		2019-08-14 21:58:55 -04:00
..
iscsi	scsi: target: cxgbit: add support for IEEE_8021QAZ_APP_SEL_STREAM selector	2019-07-22 17:04:20 -04:00
loopback	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
sbp	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
tcm_fc	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335	2019-06-05 17:37:06 +02:00
Kconfig	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
Makefile
target_core_alua.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_alua.h
target_core_configfs.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157	2019-05-30 11:26:37 -07:00
target_core_device.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_fabric_configfs.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157	2019-05-30 11:26:37 -07:00
target_core_fabric_lib.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_file.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_file.h
target_core_hba.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_iblock.c	SCSI fixes on 20190705	2019-07-06 09:56:20 -07:00
target_core_iblock.h
target_core_internal.h
target_core_pr.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_pr.h	scsi: target/core: Rework the SPC-2 reservation handling code	2019-04-12 20:20:05 -04:00
target_core_pscsi.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_pscsi.h
target_core_rd.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_rd.h
target_core_sbc.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_spc.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_stat.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_tmr.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_tpg.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_transport.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_ua.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
target_core_ua.h
target_core_user.c	scsi: target: tcmu: avoid use-after-free after command timeout	2019-08-14 21:58:55 -04:00
target_core_xcopy.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157	2019-05-30 11:26:37 -07:00
target_core_xcopy.h