Commit 59b6986d authored by Bart Van Assche's avatar Bart Van Assche Committed by Nicholas Bellinger

target/iscsi: Fix iSCSI task reassignment handling

Allocate a task management request structure for all task management
requests, including task reassignment. This change avoids that the
se_tmr->response assignment dereferences an uninitialized se_tmr
pointer.
Reported-by: default avatarMoshe David <mdavid@infinidat.com>
Signed-off-by: default avatarBart Van Assche <bart.vanassche@sandisk.com>
Reviewed-by: default avatarHannes Reinecke <hare@suse.com>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
Cc: Moshe David <mdavid@infinidat.com>
Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
parent e381fe9e
...@@ -1951,7 +1951,7 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, ...@@ -1951,7 +1951,7 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd,
struct iscsi_tm *hdr; struct iscsi_tm *hdr;
int out_of_order_cmdsn = 0, ret; int out_of_order_cmdsn = 0, ret;
bool sess_ref = false; bool sess_ref = false;
u8 function; u8 function, tcm_function = TMR_UNKNOWN;
hdr = (struct iscsi_tm *) buf; hdr = (struct iscsi_tm *) buf;
hdr->flags &= ~ISCSI_FLAG_CMD_FINAL; hdr->flags &= ~ISCSI_FLAG_CMD_FINAL;
...@@ -1997,10 +1997,6 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, ...@@ -1997,10 +1997,6 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd,
* LIO-Target $FABRIC_MOD * LIO-Target $FABRIC_MOD
*/ */
if (function != ISCSI_TM_FUNC_TASK_REASSIGN) { if (function != ISCSI_TM_FUNC_TASK_REASSIGN) {
u8 tcm_function;
int ret;
transport_init_se_cmd(&cmd->se_cmd, &iscsi_ops, transport_init_se_cmd(&cmd->se_cmd, &iscsi_ops,
conn->sess->se_sess, 0, DMA_NONE, conn->sess->se_sess, 0, DMA_NONE,
TCM_SIMPLE_TAG, cmd->sense_buffer + 2); TCM_SIMPLE_TAG, cmd->sense_buffer + 2);
...@@ -2014,15 +2010,14 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd, ...@@ -2014,15 +2010,14 @@ iscsit_handle_task_mgt_cmd(struct iscsi_conn *conn, struct iscsi_cmd *cmd,
return iscsit_add_reject_cmd(cmd, return iscsit_add_reject_cmd(cmd,
ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf);
} }
}
ret = core_tmr_alloc_req(&cmd->se_cmd, cmd->tmr_req, ret = core_tmr_alloc_req(&cmd->se_cmd, cmd->tmr_req, tcm_function,
tcm_function, GFP_KERNEL); GFP_KERNEL);
if (ret < 0) if (ret < 0)
return iscsit_add_reject_cmd(cmd, return iscsit_add_reject_cmd(cmd,
ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf); ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf);
cmd->tmr_req->se_tmr_req = cmd->se_cmd.se_tmr_req; cmd->tmr_req->se_tmr_req = cmd->se_cmd.se_tmr_req;
}
cmd->iscsi_opcode = ISCSI_OP_SCSI_TMFUNC; cmd->iscsi_opcode = ISCSI_OP_SCSI_TMFUNC;
cmd->i_state = ISTATE_SEND_TASKMGTRSP; cmd->i_state = ISTATE_SEND_TASKMGTRSP;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment