Hi Nick, Dne 22.9.2015 v 8:20 Nicholas A. Bellinger napsal(a): > Hi Martin, > > On Mon, 2015-09-21 at 17:26 +0200, Martin Svec wrote: <SNIP> > Thanks for this detailed bug report. > > This is < v4.2 RCU se_node_acl->device_list[] NULL pointer dereference > regression that is effecting v4.1.y specific code. > > Here's a compile tested patch to add NULL ->device_list[] sanity checks > in UNIT_ATTENTION and PR non holder path code, which AFAICT should get > EXTENDED_COPY I/O functioning on v4.1.y. > > Please verify. Verified, VAAI XCOPY migration succeeds now. Tested with v4.1.6 plus both XCOPY patches from this thread. Thank you for the patch. Martin > > From 4e43c61ff27d558af316afc8ff80d29e5babbf86 Mon Sep 17 00:00:00 2001 > From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx> > Date: Mon, 21 Sep 2015 23:03:56 -0700 > Subject: [PATCH] target: Fix v4.1 se_node_acl->device_list[] NULL pointer bug > > Reported-by: Martin Svec <martin,svec@xxxxxxxx> > Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx> > --- > drivers/target/target_core_pr.c | 3 +++ > drivers/target/target_core_ua.c | 8 ++++---- > 2 files changed, 7 insertions(+), 4 deletions(-) > > diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c > index a15411c..08aa7cc 100644 > --- a/drivers/target/target_core_pr.c > +++ b/drivers/target/target_core_pr.c > @@ -328,6 +328,9 @@ static int core_scsi3_pr_seq_non_holder( > int legacy = 0; /* Act like a legacy device and return > * RESERVATION CONFLICT on some CDBs */ > > + if (!se_sess->se_node_acl->device_list) > + return; > + > se_deve = se_sess->se_node_acl->device_list[cmd->orig_fe_lun]; > /* > * Determine if the registration should be ignored due to > diff --git a/drivers/target/target_core_ua.c b/drivers/target/target_core_ua.c > index 1738b16..9fc33e8 100644 > --- a/drivers/target/target_core_ua.c > +++ b/drivers/target/target_core_ua.c > @@ -48,7 +48,7 @@ target_scsi3_ua_check(struct se_cmd *cmd) > return 0; > > nacl = sess->se_node_acl; > - if (!nacl) > + if (!nacl || !nacl->device_list) > return 0; > > deve = nacl->device_list[cmd->orig_fe_lun]; > @@ -90,7 +90,7 @@ int core_scsi3_ua_allocate( > /* > * PASSTHROUGH OPS > */ > - if (!nacl) > + if (!nacl || !nacl->device_list) > return -EINVAL; > > ua = kmem_cache_zalloc(se_ua_cache, GFP_ATOMIC); > @@ -208,7 +208,7 @@ void core_scsi3_ua_for_check_condition( > return; > > nacl = sess->se_node_acl; > - if (!nacl) > + if (!nacl || !nacl->device_list) > return; > > spin_lock_irq(&nacl->device_list_lock); > @@ -276,7 +276,7 @@ int core_scsi3_ua_clear_for_request_sense( > return -EINVAL; > > nacl = sess->se_node_acl; > - if (!nacl) > + if (!nacl || !nacl->device_list) > return -EINVAL; > > spin_lock_irq(&nacl->device_list_lock); > -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
