summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Rustad <mark.d.rustad@intel.com>2012-07-13 18:18:04 -0700
committerNicholas Bellinger <nab@linux-iscsi.org>2012-07-14 15:17:29 -0700
commit3cc5d2a6b9a2fd1bf024aa5e52dd22961eecaf13 (patch)
treebd6f7671abd342573227645906031719978e71ef
parent4f1d0f1971ba37010603a3a5c763f398b888d2f4 (diff)
downloadlwn-3cc5d2a6b9a2fd1bf024aa5e52dd22961eecaf13.tar.gz
lwn-3cc5d2a6b9a2fd1bf024aa5e52dd22961eecaf13.zip
tcm_fc: Fix crash seen with aborts and large reads
This patch fixes a crash seen when large reads have their exchange aborted by either timing out or being reset. Because the exchange abort results in the seq pointer being set to NULL, because the sequence is no longer valid, it must not be dereferenced. This patch changes the function ft_get_task_tag to return ~0 if it is unable to get the tag for this reason. Because the get_task_tag interface provides no means of returning an error, this seems like the best way to fix this issue at the moment. Signed-off-by: Mark Rustad <mark.d.rustad@intel.com> Cc: <stable@vger.kernel.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-rw-r--r--drivers/target/tcm_fc/tfc_cmd.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/target/tcm_fc/tfc_cmd.c b/drivers/target/tcm_fc/tfc_cmd.c
index f03fb9730f5b..5b65f33939a8 100644
--- a/drivers/target/tcm_fc/tfc_cmd.c
+++ b/drivers/target/tcm_fc/tfc_cmd.c
@@ -230,6 +230,8 @@ u32 ft_get_task_tag(struct se_cmd *se_cmd)
{
struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd);
+ if (cmd->aborted)
+ return ~0;
return fc_seq_exch(cmd->seq)->rxid;
}