From patchwork Fri Oct 31 20:53:34 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kamal Mostafa X-Patchwork-Id: 405613 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id AEEB8140139; Sat, 1 Nov 2014 07:55:40 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1XkJEN-0004B1-JJ; Fri, 31 Oct 2014 20:55:35 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1XkJCT-00037r-A2 for kernel-team@lists.ubuntu.com; Fri, 31 Oct 2014 20:53:37 +0000 Received: from c-76-102-4-12.hsd1.ca.comcast.net ([76.102.4.12] helo=fourier) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1XkJCS-0000PK-3d; Fri, 31 Oct 2014 20:53:36 +0000 Received: from kamal by fourier with local (Exim 4.82) (envelope-from ) id 1XkJCQ-0002YQ-Bl; Fri, 31 Oct 2014 13:53:34 -0700 From: Kamal Mostafa To: Quinn Tran Subject: [3.13.y.z extended stable] Patch "target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE" has been added to staging queue Date: Fri, 31 Oct 2014 13:53:34 -0700 Message-Id: <1414788814-9787-1-git-send-email-kamal@canonical.com> X-Mailer: git-send-email 1.9.1 X-Extended-Stable: 3.13 Cc: Kamal Mostafa , Saurav Kashyap , kernel-team@lists.ubuntu.com, Nicholas Bellinger X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com This is a note to let you know that I have just added a patch titled target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue This patch is scheduled to be released in version 3.13.11.11. If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.13.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Kamal ------ From 9b7f87d7b6ca60f3f644a3c87aac7d8238143488 Mon Sep 17 00:00:00 2001 From: Quinn Tran Date: Thu, 25 Sep 2014 06:22:28 -0400 Subject: target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE commit 082f58ac4a48d3f5cb4597232cb2ac6823a96f43 upstream. During temporary resource starvation at lower transport layer, command is placed on queue full retry path, which expose this problem. The TCM queue full handling of SCF_TRANSPORT_TASK_SENSE currently sends the same cmd twice to lower layer. The 1st time led to cmd normal free path. The 2nd time cause Null pointer access. This regression bug was originally introduced v3.1-rc code in the following commit: commit e057f53308a5f071556ee80586b99ee755bf07f5 Author: Christoph Hellwig Date: Mon Oct 17 13:56:41 2011 -0400 target: remove the transport_qf_callback se_cmd callback Signed-off-by: Quinn Tran Signed-off-by: Saurav Kashyap Signed-off-by: Nicholas Bellinger Signed-off-by: Kamal Mostafa --- drivers/target/target_core_transport.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) -- 1.9.1 diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c index ea545f4..3acb125 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1817,8 +1817,7 @@ static void transport_complete_qf(struct se_cmd *cmd) if (cmd->se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) { trace_target_cmd_complete(cmd); ret = cmd->se_tfo->queue_status(cmd); - if (ret) - goto out; + goto out; } switch (cmd->data_direction) {