>
>> hello!
>> we found tgtd happen core dump and fix it。
[...]
>On a second though, I think a conditional list_del(&task->c_hlist) in
>iscsi_free_task is good enough,
Hi Anton Kovalenko:
we also consiger you idea,in iscsi_free_task, do task unlinking from
session->cmd_list(list_del(&task->c_hlist) ),but we must know,such as
ISCSI_OP_NOOP_OUT, ISCSI_OP_SCSI_TMFUNC, ISCSI_OP_LOGOUT type task,
they don‘t add to session->cmd_list, To solve the problem, we offer
patch<v2-0001-iscsi-fix-segfault-at-conn_close>。
in addition:after we carefully consideration: you below patch still
may happen some task unlinking from session->cmd_list, when there is
only one task in session->cmd_list,now task->c_hlist.next and
task->c_hlist.prev is equal, according to you patch logic, this task
will not do list_del。
diff --git a/usr/iscsi/iscsid.c b/usr/iscsi/iscsid.c
index b7ee0ad..dbb80a7 100644
--- a/usr/iscsi/iscsid.c
+++ b/usr/iscsi/iscsid.c
@@ -1225,6 +1225,12 @@ void iscsi_free_task(struct iscsi_task *task)
list_del(&task->c_siblings);
+ if (task->c_hlist.next != task->c_hlist.prev) {
+ eprintf("task on c_hlist: %p %p %p\n",
+ task, task->c_hlist.prev, task->c_hlist.next);
+ list_del(&task->c_hlist);
+ }
+
conn->tp->free_data_buf(conn, scsi_get_in_buffer(&task->scmd));
conn->tp->free_data_buf(conn, scsi_get_out_buffer(&task->scmd));
2016-07-25 16:11 GMT+08:00 Anton Kovalenko <anton.kovalenko@xxxxxxxxxxx>:
> Anton Kovalenko <anton.kovalenko@xxxxxxxxxxx> writes:
>
>>
>>> hello!
>>> we found tgtd happen core dump and fix it。
>
> [...]
>
>> I'm attaching my own version of a preliminary fix, that avoids examining
>> the entire cmd_list on each task deallocation.
>
> On a second though, I think a conditional list_del(&task->c_hlist) in
> iscsi_free_task is good enough, but then we'd probably get rid of the
> *unconditional* list_del in iscsi_free_cmd_task, making iscsi_free_task
> responsible for task unlinking from c_hlist (it *is* responsible for
> unlinking from c_siblings anyway).
>
> What bothers me now is that a task removed from cmdlist, being a SCSI
> command, is probably not supposed to be freed without calling
> target_cmd_done (or is it?). I'm unsure if it might cause a resource
> leak of some kind.
>
>
> --
> Regards, Anton Kovalenko | +7(916)345-34-02 | Elektrostal' MO, Russia
>
> --
> To unsubscribe from this list: send the line "unsubscribe stgt" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
v2-0001-iscsi-fix-segfault-at-conn_close.patch
Description: Binary data
