mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-15 01:24:33 +00:00
ib_srpt: Fix srpt_handle_cmd send_ioctx->ioctx_kref leak on exception
This patch addresses a bug in srpt_handle_cmd() failure handling where send_ioctx->kref is being leaked with the local extra reference after init, causing the expected kref_put() in srpt_handle_send_comp() to not be the final call to invoke srpt_put_send_ioctx_kref() -> transport_generic_free_cmd() and perform se_cmd descriptor memory release. It also fixes a SCF_SCSI_RESERVATION_CONFLICT handling bug where this code is incorrectly falling through to transport_handle_cdb_direct() after invoking srpt_queue_status() to send SAM_STAT_RESERVATION_CONFLICT status. Note this patch is for >= v3.3 mainline code, and current lio-core.git code has already been converted to target_submit_cmd() + se_cmd->cmd_kref usage, and internal ioctx->kref usage has been removed. I'm including this patch now into target-pending/for-next with a CC' for v3.3 stable. Cc: Bart Van Assche <bvanassche@acm.org> Cc: Roland Dreier <roland@purestorage.com> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
This commit is contained in:
parent
ee9b866a36
commit
187e70a554
@ -1757,6 +1757,7 @@ static int srpt_handle_cmd(struct srpt_rdma_ch *ch,
|
|||||||
srp_cmd->tag);
|
srp_cmd->tag);
|
||||||
cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
|
cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
|
||||||
cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
|
cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD;
|
||||||
|
kref_put(&send_ioctx->kref, srpt_put_send_ioctx_kref);
|
||||||
goto send_sense;
|
goto send_sense;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1764,15 +1765,19 @@ static int srpt_handle_cmd(struct srpt_rdma_ch *ch,
|
|||||||
cmd->data_direction = dir;
|
cmd->data_direction = dir;
|
||||||
unpacked_lun = srpt_unpack_lun((uint8_t *)&srp_cmd->lun,
|
unpacked_lun = srpt_unpack_lun((uint8_t *)&srp_cmd->lun,
|
||||||
sizeof(srp_cmd->lun));
|
sizeof(srp_cmd->lun));
|
||||||
if (transport_lookup_cmd_lun(cmd, unpacked_lun) < 0)
|
if (transport_lookup_cmd_lun(cmd, unpacked_lun) < 0) {
|
||||||
|
kref_put(&send_ioctx->kref, srpt_put_send_ioctx_kref);
|
||||||
goto send_sense;
|
goto send_sense;
|
||||||
|
}
|
||||||
ret = transport_generic_allocate_tasks(cmd, srp_cmd->cdb);
|
ret = transport_generic_allocate_tasks(cmd, srp_cmd->cdb);
|
||||||
if (cmd->se_cmd_flags & SCF_SCSI_RESERVATION_CONFLICT)
|
if (ret < 0) {
|
||||||
srpt_queue_status(cmd);
|
kref_put(&send_ioctx->kref, srpt_put_send_ioctx_kref);
|
||||||
else if (cmd->se_cmd_flags & SCF_SCSI_CDB_EXCEPTION)
|
if (cmd->se_cmd_flags & SCF_SCSI_RESERVATION_CONFLICT) {
|
||||||
goto send_sense;
|
srpt_queue_status(cmd);
|
||||||
else
|
return 0;
|
||||||
WARN_ON_ONCE(ret);
|
} else
|
||||||
|
goto send_sense;
|
||||||
|
}
|
||||||
|
|
||||||
transport_handle_cdb_direct(cmd);
|
transport_handle_cdb_direct(cmd);
|
||||||
return 0;
|
return 0;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user