evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

target/iscsi: Fix iSCSI task reassignment handling

Browse source 
commit 59b6986dbfcdab96a971f9663221849de79a7556 upstream.

Allocate a task management request structure for all task management
requests, including task reassignment. This change avoids that the
se_tmr->response assignment dereferences an uninitialized se_tmr
pointer.

Reported-by: Moshe David <mdavid@infinidat.com>
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: Moshe David <mdavid@infinidat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Bart Van Assche 2017-01-05 12:39:57 +01:00 committed by Greg Kroah-Hartman
parent 7ecc076a5d
commit 4063c20933
2 changed files with 8 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
drivers/target/iscsi/iscsi_target.c
View file

@ -1759,7 +1759,7 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd,
struct iscsi_tm *hdr; struct iscsi_tm *hdr;
int out_of_order_cmdsn = 0, ret; int out_of_order_cmdsn = 0, ret;
bool sess_ref = false; bool sess_ref = false;
u8 function; u8 function, tcm_function = TMR_UNKNOWN;
hdr = (struct iscsi_tm *) buf; hdr = (struct iscsi_tm *) buf;
hdr->flags &= ~ISCSI_FLAG_CMD_FINAL; hdr->flags &= ~ISCSI_FLAG_CMD_FINAL;
@ -1805,10 +1805,6 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd,
* LIO-Target $FABRIC_MOD * LIO-Target $FABRIC_MOD
*/ */
if (function != ISCSI_TM_FUNC_TASK_REASSIGN) { if (function != ISCSI_TM_FUNC_TASK_REASSIGN) {
u8 tcm_function;
int ret;
transport_init_se_cmd(&cmd->se_cmd, &iscsi_ops, transport_init_se_cmd(&cmd->se_cmd, &iscsi_ops,
conn->sess->se_sess, 0, DMA_NONE, conn->sess->se_sess, 0, DMA_NONE,
TCM_SIMPLE_TAG, cmd->sense_buffer + 2); TCM_SIMPLE_TAG, cmd->sense_buffer + 2);
@ -1844,15 +1840,14 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd,
return iscsit_add_reject_cmd(cmd, return iscsit_add_reject_cmd(cmd,
ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf);
} }
}
ret = core_tmr_alloc_req(&cmd->se_cmd, cmd->tmr_req, ret = core_tmr_alloc_req(&cmd->se_cmd, cmd->tmr_req, tcm_function,
tcm_function, GFP_KERNEL); GFP_KERNEL);
if (ret < 0) if (ret < 0)
return iscsit_add_reject_cmd(cmd, return iscsit_add_reject_cmd(cmd,
ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf);
cmd->tmr_req->se_tmr_req = cmd->se_cmd.se_tmr_req; cmd->tmr_req->se_tmr_req = cmd->se_cmd.se_tmr_req;
}
cmd->iscsi_opcode = ISCSI_OP_SCSI_TMFUNC; cmd->iscsi_opcode = ISCSI_OP_SCSI_TMFUNC;
cmd->i_state = ISTATE_SEND_TASKMGTRSP; cmd->i_state = ISTATE_SEND_TASKMGTRSP;

1
include/target/target_core_base.h
View file

@ -199,6 +199,7 @@ enum tcm_tmreq_table {
TMR_LUN_RESET = 5, TMR_LUN_RESET = 5,
TMR_TARGET_WARM_RESET = 6, TMR_TARGET_WARM_RESET = 6,
TMR_TARGET_COLD_RESET = 7, TMR_TARGET_COLD_RESET = 7,
TMR_UNKNOWN = 0xff,
}; };
/* fabric independent task management response values */ /* fabric independent task management response values */