tcmu: fix cmd user after free
authorMike Christie <mchristi@redhat.com>
Mon, 15 Jan 2018 20:37:59 +0000 (14:37 -0600)
committerNicholas Bellinger <nab@linux-iscsi.org>
Thu, 18 Jan 2018 09:21:23 +0000 (01:21 -0800)
If we are failing the command due to a qfull timeout we are
also freeing the tcmu command, so we cannot access it later
to get the se_cmd.

Note: The clearing of cmd->se_cmd is not needed. We do not check
it later for something like determining if the command was failed
due to a timeout. As a result I am dropping it.

Signed-off-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
drivers/target/target_core_user.c

index 511168b..3096257 100644 (file)
@@ -1152,6 +1152,7 @@ static int tcmu_check_expired_cmd(int id, void *p, void *data)
                return 0;
 
        is_running = list_empty(&cmd->cmdr_queue_entry);
+       se_cmd = cmd->se_cmd;
 
        if (is_running) {
                /*
@@ -1177,8 +1178,6 @@ static int tcmu_check_expired_cmd(int id, void *p, void *data)
        pr_debug("Timing out cmd %u on dev %s that is %s.\n",
                 id, udev->name, is_running ? "inflight" : "queued");
 
-       se_cmd = cmd->se_cmd;
-       cmd->se_cmd = NULL;
        target_complete_cmd(se_cmd, scsi_status);
        return 0;
 }