From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
This patch addresses a bug in srpt_handle_cmd() failure handling where
send_ioctx->kref is being leaked with the local extra reference after init,
causing the expected kref_put() in srpt_handle_send_comp() to not be the final
call to invoke srpt_put_send_ioctx_kref() -> transport_generic_free_cmd() and
perform se_cmd descriptor memory release.
It also fixes a SCF_SCSI_RESERVATION_CONFLICT handling bug where this code
is incorrectly falling through to transport_handle_cdb_direct() after
invoking srpt_queue_status() to send SAM_STAT_RESERVATION_CONFLICT
status.
Note this patch is for >= v3.3 mainline code, and current lio-core.git code has
already been converted to target_submit_cmd() + se_cmd->cmd_kref usage, and
internal ioctx->kref usage has been removed. I'm including this patch now into
target-pending/for-next with a CC' for v3.3 stable.
Cc: Bart Van Assche <bvanassche@xxxxxxx>
Cc: Roland Dreier <roland@xxxxxxxxxxxxxxx>
Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
---
drivers/infiniband/ulp/srpt/ib_srpt.c | 19 ++++++++++++-------
1 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c
index 6735b63..c3cb907 100644
--- a/drivers/infiniband/ulp/srpt/ib_srpt.c
+++ b/drivers/infiniband/ulp/srpt/ib_srpt.c
@@ -1757,6 +1757,7 @@ static int srpt_handle_cmd(struct srpt_rdma_ch *ch,
srp_cmd->tag);
cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
+ kref_put(&send_ioctx->kref, srpt_put_send_ioctx_kref);
goto send_sense;
}
@@ -1764,15 +1765,19 @@ static int srpt_handle_cmd(struct srpt_rdma_ch *ch,
cmd->data_direction = dir;
unpacked_lun = srpt_unpack_lun((uint8_t *)&srp_cmd->lun,
sizeof(srp_cmd->lun));
- if (transport_lookup_cmd_lun(cmd, unpacked_lun) < 0)
+ if (transport_lookup_cmd_lun(cmd, unpacked_lun) < 0) {
+ kref_put(&send_ioctx->kref, srpt_put_send_ioctx_kref);
goto send_sense;
+ }
ret = transport_generic_allocate_tasks(cmd, srp_cmd->cdb);
- if (cmd->se_cmd_flags & SCF_SCSI_RESERVATION_CONFLICT)
- srpt_queue_status(cmd);
- else if (cmd->se_cmd_flags & SCF_SCSI_CDB_EXCEPTION)
- goto send_sense;
- else
- WARN_ON_ONCE(ret);
+ if (ret < 0) {
+ kref_put(&send_ioctx->kref, srpt_put_send_ioctx_kref);
+ if (cmd->se_cmd_flags & SCF_SCSI_RESERVATION_CONFLICT) {
+ srpt_queue_status(cmd);
+ return 0;
+ } else
+ goto send_sense;
+ }
transport_handle_cdb_direct(cmd);
return 0;
--
1.7.2.5
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
