aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/target/iscsi
diff options
context:
space:
mode:
authorNicholas Bellinger <nab@linux-iscsi.org>2013-07-03 06:11:48 -0400
committerNicholas Bellinger <nab@linux-iscsi.org>2013-07-07 01:01:23 -0400
commit186a9647019587b3784694894c4d136fd00cfd7b (patch)
tree47864da1726666d59bfa20a9b346b06d4b948218 /drivers/target/iscsi
parent561bf15892375597ee59d473a704a3e634c4f311 (diff)
iscsi-target: Fix ISCSI_OP_SCSI_TMFUNC handling for iser
This patch adds target_get_sess_cmd reference counting for iscsit_handle_task_mgt_cmd(), and adds a target_put_sess_cmd() for the failure case. It also fixes a bug where ISCSI_OP_SCSI_TMFUNC type commands where leaking iscsi_cmd->i_conn_node and eventually triggering an OOPs during struct isert_conn shutdown. Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'drivers/target/iscsi')
-rw-r--r--drivers/target/iscsi/iscsi_target.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index 4319dad7d919..c30ec1d5756e 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -1737,8 +1737,8 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd,
1737 struct se_tmr_req *se_tmr; 1737 struct se_tmr_req *se_tmr;
1738 struct iscsi_tmr_req *tmr_req; 1738 struct iscsi_tmr_req *tmr_req;
1739 struct iscsi_tm *hdr; 1739 struct iscsi_tm *hdr;
1740 int out_of_order_cmdsn = 0; 1740 int out_of_order_cmdsn = 0, ret;
1741 int ret; 1741 bool sess_ref = false;
1742 u8 function; 1742 u8 function;
1743 1743
1744 hdr = (struct iscsi_tm *) buf; 1744 hdr = (struct iscsi_tm *) buf;
@@ -1794,6 +1794,9 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd,
1794 conn->sess->se_sess, 0, DMA_NONE, 1794 conn->sess->se_sess, 0, DMA_NONE,
1795 MSG_SIMPLE_TAG, cmd->sense_buffer + 2); 1795 MSG_SIMPLE_TAG, cmd->sense_buffer + 2);
1796 1796
1797 target_get_sess_cmd(conn->sess->se_sess, &cmd->se_cmd, true);
1798 sess_ref = true;
1799
1797 switch (function) { 1800 switch (function) {
1798 case ISCSI_TM_FUNC_ABORT_TASK: 1801 case ISCSI_TM_FUNC_ABORT_TASK:
1799 tcm_function = TMR_ABORT_TASK; 1802 tcm_function = TMR_ABORT_TASK;
@@ -1931,6 +1934,11 @@ attach:
1931 * For connection recovery, this is also the default action for 1934 * For connection recovery, this is also the default action for
1932 * TMR TASK_REASSIGN. 1935 * TMR TASK_REASSIGN.
1933 */ 1936 */
1937 if (sess_ref) {
1938 pr_debug("Handle TMR, using sess_ref=true check\n");
1939 target_put_sess_cmd(conn->sess->se_sess, &cmd->se_cmd);
1940 }
1941
1934 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state); 1942 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
1935 return 0; 1943 return 0;
1936} 1944}
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-20 13:53:10 -0500