* Patch "target: Drop incorrect ABORT_TASK put for completed commands" has been added to the 3.14-stable tree
@ 2016-03-18 21:27 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-03-18 21:27 UTC (permalink / raw)
To: nab, agrover, dracodan, gregkh, hare, hch, himanshu.madhani,
mchristi, quinn.tran, sagig
Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
target: Drop incorrect ABORT_TASK put for completed commands
to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
target-drop-incorrect-abort_task-put-for-completed-commands.patch
and it can be found in the queue-3.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 7f54ab5ff52fb0b91569bc69c4a6bc5cac1b768d Mon Sep 17 00:00:00 2001
From: Nicholas Bellinger <nab@linux-iscsi.org>
Date: Sat, 5 Mar 2016 20:00:12 -0800
Subject: target: Drop incorrect ABORT_TASK put for completed commands
From: Nicholas Bellinger <nab@linux-iscsi.org>
commit 7f54ab5ff52fb0b91569bc69c4a6bc5cac1b768d upstream.
This patch fixes a recent ABORT_TASK regression associated
with commit febe562c, where a left-over target_put_sess_cmd()
would still be called when __target_check_io_state() detected
a command has already been completed, and explicit ABORT must
be avoided.
Note commit febe562c dropped the local kref_get_unless_zero()
check in core_tmr_abort_task(), but did not drop this extra
corresponding target_put_sess_cmd() in the failure path.
So go ahead and drop this now bogus target_put_sess_cmd(),
and avoid this potential use-after-free.
Reported-by: Dan Lane <dracodan@gmail.com>
Cc: Quinn Tran <quinn.tran@qlogic.com>
Cc: Himanshu Madhani <himanshu.madhani@qlogic.com>
Cc: Sagi Grimberg <sagig@mellanox.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Andy Grover <agrover@redhat.com>
Cc: Mike Christie <mchristi@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/target/target_core_tmr.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/target/target_core_tmr.c
+++ b/drivers/target/target_core_tmr.c
@@ -181,7 +181,6 @@ void core_tmr_abort_task(
if (!__target_check_io_state(se_cmd, se_sess, 0)) {
spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags);
- target_put_sess_cmd(se_sess, se_cmd);
goto out;
}
Patches currently in stable-queue which might be from nab@linux-iscsi.org are
queue-3.14/target-drop-incorrect-abort_task-put-for-completed-commands.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-03-18 21:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-18 21:27 Patch "target: Drop incorrect ABORT_TASK put for completed commands" has been added to the 3.14-stable tree gregkh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.