projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e1dfb21)
target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
authorBart Van Assche <bart.vanassche@wdc.com>
Tue, 31 Oct 2017 18:03:17 +0000 (11:03 -0700)
committerNicholas Bellinger <nab@linux-iscsi.org>
Sat, 4 Nov 2017 22:16:06 +0000 (15:16 -0700)
Avoid that cmd->se_cmd.se_tfo is read after a command has already been
freed.

Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Mike Christie <mchristi@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
drivers/target/iscsi/iscsi_target.c patch | blob | history

diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index 91fbada..541f66a 100644 (file)
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -833,6 +833,7 @@ static int iscsit_add_reject_from_cmd(
        unsigned char *buf)
 {
        struct iscsi_conn *conn;
+       const bool do_put = cmd->se_cmd.se_tfo != NULL;
 
        if (!cmd->conn) {
                pr_err("cmd->conn is NULL for ITT: 0x%08x\n",
@@ -863,7 +864,7 @@ static int iscsit_add_reject_from_cmd(
         * Perform the kref_put now if se_cmd has already been setup by
         * scsit_setup_scsi_cmd()
         */
-       if (cmd->se_cmd.se_tfo != NULL) {
+       if (do_put) {
                pr_debug("iscsi reject: calling target_put_sess_cmd >>>>>>\n");
                target_put_sess_cmd(&cmd->se_cmd);
        }