diff options
| author | Mike Christie <mchristi@redhat.com> | 2018-01-15 14:37:59 -0600 |
|---|---|---|
| committer | Nicholas Bellinger <nab@linux-iscsi.org> | 2018-01-18 01:21:23 -0800 |
| commit | 45dc488c0ee19ba5cba7a67be473aeaf88a7447e (patch) | |
| tree | a37b736ecadc936992f4fca4500ff2d1afc14e87 /drivers/target | |
| parent | c82b59e7c3f81059b1d280e21028c7ac8451dd52 (diff) | |
| download | linux-rpi3-45dc488c0ee19ba5cba7a67be473aeaf88a7447e.tar.gz linux-rpi3-45dc488c0ee19ba5cba7a67be473aeaf88a7447e.tar.bz2 linux-rpi3-45dc488c0ee19ba5cba7a67be473aeaf88a7447e.zip | |
tcmu: fix cmd user after free
If we are failing the command due to a qfull timeout we are
also freeing the tcmu command, so we cannot access it later
to get the se_cmd.
Note: The clearing of cmd->se_cmd is not needed. We do not check
it later for something like determining if the command was failed
due to a timeout. As a result I am dropping it.
Signed-off-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'drivers/target')
| -rw-r--r-- | drivers/target/target_core_user.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c index 511168bec159..3096257a00d9 100644 --- a/drivers/target/target_core_user.c +++ b/drivers/target/target_core_user.c @@ -1152,6 +1152,7 @@ static int tcmu_check_expired_cmd(int id, void *p, void *data) return 0; is_running = list_empty(&cmd->cmdr_queue_entry); + se_cmd = cmd->se_cmd; if (is_running) { /* @@ -1177,8 +1178,6 @@ static int tcmu_check_expired_cmd(int id, void *p, void *data) pr_debug("Timing out cmd %u on dev %s that is %s.\n", id, udev->name, is_running ? "inflight" : "queued"); - se_cmd = cmd->se_cmd; - cmd->se_cmd = NULL; target_complete_cmd(se_cmd, scsi_status); return 0; } |