p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

scsi: tcmu: fix use after free 

Fixes: a94a2572b9 ("scsi: tcmu: avoid cmd/qfull timers updated whenever a new cmd comes")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Mike Christie <mchristi@redhat.com>
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This commit is contained in:
Xiubo Li 2019-01-22 18:10:51 +08:00 committed by Martin K. Petersen
parent fe35a40e67
commit 40d883b091
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/target/target_core_user.c
View File

@ -1317,12 +1317,13 @@ static int tcmu_check_expired_cmd(int id, void *p, void *data)
* target_complete_cmd will translate this to LUN COMM FAILURE * target_complete_cmd will translate this to LUN COMM FAILURE
*/ */
scsi_status = SAM_STAT_CHECK_CONDITION; scsi_status = SAM_STAT_CHECK_CONDITION;
list_del_init(&cmd->queue_entry);
} else { } else {
list_del_init(&cmd->queue_entry);
idr_remove(&udev->commands, id); idr_remove(&udev->commands, id);
tcmu_free_cmd(cmd); tcmu_free_cmd(cmd);
scsi_status = SAM_STAT_TASK_SET_FULL; scsi_status = SAM_STAT_TASK_SET_FULL;
} }
list_del_init(&cmd->queue_entry);
pr_debug("Timing out cmd %u on dev %s that is %s.\n", pr_debug("Timing out cmd %u on dev %s that is %s.\n",
id, udev->name, is_running ? "inflight" : "queued"); id, udev->name, is_running ? "inflight" : "queued");