Hi Saurav,
Apologies for the delayed response, comments are below.
On Thu, 2014-09-25 at 06:22 -0400, Saurav Kashyap wrote:
> From: Quinn Tran <quinn.tran@xxxxxxxxxx>
>
> During temporary resource starvation at lower transport layer, command
> is placed on queue full retry path, which expose this problem. The TCM
> Qfull handling send the same cmd twice to lower layer. The 1st time
> led to cmd normal free path. The 2nd time cause Null pointer access.
>
> Signed-off-by: Quinn Tran <quinn.tran@xxxxxxxxxx>
> Signed-off-by: Saurav Kashyap <saurav.kashyap@xxxxxxxxxx>
> ---
> drivers/target/target_core_transport.c | 3 +--
> 1 files changed, 1 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
> index 7fa62fc..ab61014 100644
> --- a/drivers/target/target_core_transport.c
> +++ b/drivers/target/target_core_transport.c
> @@ -1877,8 +1877,7 @@ static void transport_complete_qf(struct se_cmd *cmd)
> if (cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) {
> trace_target_cmd_complete(cmd);
> ret = cmd->se_tfo->queue_status(cmd);
> - if (ret)
> - goto out;
> + goto out;
> }
>
> switch (cmd->data_direction) {
Applied to target-pending/for-next with a CC' to v3.1 stable, as the bug
was introduced as a regression in:
commit e057f53308a5f071556ee80586b99ee755bf07f5
Author: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Mon Oct 17 13:56:41 2011 -0400
Thank you,
--nab
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
