linux/drivers/target
Nicholas Bellinger 0ed6e189e3 target: Fix NULL pointer dereference for XCOPY in target_put_sess_cmd
This patch fixes a NULL pointer dereference regression bug that was
introduced with:

commit 1e1110c43b
Author: Mikulas Patocka <mpatocka@redhat.com>
Date:   Sat May 17 06:49:22 2014 -0400

    target: fix memory leak on XCOPY

Now that target_put_sess_cmd() -> kref_put_spinlock_irqsave() is
called with a valid se_cmd->cmd_kref, a NULL pointer dereference
is triggered because the XCOPY passthrough commands don't have
an associated se_session pointer.

To address this bug, go ahead and checking for a NULL se_sess pointer
within target_put_sess_cmd(), and call se_cmd->se_tfo->release_cmd()
to release the XCOPY's xcopy_pt_cmd memory.

Reported-by: Thomas Glanzmann <thomas@glanzmann.de>
Cc: Thomas Glanzmann <thomas@glanzmann.de>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org # 3.12+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2014-06-12 12:45:02 -07:00
..
iscsi Target/iscsi: Fix sendtargets response pdu for iser transport 2014-06-11 11:52:39 -07:00
loopback TARGET/sbc,loopback: Adjust command data length in case pi exists on the wire 2014-06-11 13:06:50 -07:00
sbp target: Pass in transport supported PI at session initialization 2014-04-07 01:48:54 -07:00
tcm_fc tcm_fc: Generate TASK_SET_FULL status for response failures 2014-06-06 14:20:51 -07:00
Kconfig target/iblock: Add blk_integrity + BIP passthrough support 2014-01-18 10:14:22 +00:00
Makefile target: Add support for EXTENDED_COPY copy offload emulation 2013-09-10 16:48:43 -07:00
target_core_alua.c target: silence GCC warning in target_alua_state_check 2014-03-13 12:02:05 -07:00
target_core_alua.h target_core_alua: Referrals configfs integration 2014-01-09 21:48:35 -08:00
target_core_configfs.c target: Add TFO->abort_task for aborted task resources release 2014-04-07 01:48:51 -07:00
target_core_device.c target: Don't allow setting WC emulation if device doesn't support 2014-05-15 17:09:17 -07:00
target_core_fabric_configfs.c target: Fix sizeof in kmalloc for some default_groups arrays 2013-12-16 12:42:20 -08:00
target_core_fabric_lib.c target: Update copyright ownership/year information to 2013 2013-09-10 20:23:36 -07:00
target_core_file.c Target/file: place escape values for protection information format 2014-04-07 01:48:39 -07:00
target_core_file.h Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-01-31 15:31:23 -08:00
target_core_hba.c target: Update copyright ownership/year information to 2013 2013-09-10 20:23:36 -07:00
target_core_iblock.c target/iblock: Fix double bioset_integrity_free bug 2014-04-07 01:48:54 -07:00
target_core_iblock.h target: kill struct se_subsystem_dev 2012-11-06 20:55:43 -08:00
target_core_internal.h target/configfs: Expose protection device attributes 2014-01-18 09:57:47 +00:00
target_core_pr.c target: Fix free-after-use regression in PR unregister 2014-02-12 15:11:01 -08:00
target_core_pr.h drivers: target: Move prototype declaration of function to header file target_core_pr.h 2014-01-09 21:48:36 -08:00
target_core_pscsi.c target/pscsi: fix return value check 2013-10-25 10:42:09 -07:00
target_core_pscsi.h target: kill struct se_subsystem_dev 2012-11-06 20:55:43 -08:00
target_core_rd.c target/rd: T10-Dif: RAM disk is allocating more space than required. 2014-04-07 01:48:53 -07:00
target_core_rd.h target/rd: Add support for protection SGL setup + release 2014-01-19 02:22:05 +00:00
target_core_sbc.c TARGET/sbc,loopback: Adjust command data length in case pi exists on the wire 2014-06-11 13:06:50 -07:00
target_core_spc.c target: Report correct response length for some commands 2014-06-11 12:15:30 -07:00
target_core_stat.c target: Convert se_device statistics to atomic_long_t 2013-11-13 18:34:55 -08:00
target_core_tmr.c target: Add check to prevent Abort Task from aborting itself 2014-04-11 15:27:15 -07:00
target_core_tpg.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-01-31 15:31:23 -08:00
target_core_transport.c target: Fix NULL pointer dereference for XCOPY in target_put_sess_cmd 2014-06-12 12:45:02 -07:00
target_core_ua.c target: Remove unused ua_dev_list member in struct se_ua 2013-12-16 12:39:04 -08:00
target_core_ua.h target core: rename (ex,im)plict -> (ex,im)plicit 2013-11-20 11:24:40 -08:00
target_core_xcopy.c target: cleanup some boolean tests 2014-06-06 14:21:01 -07:00
target_core_xcopy.h target: Add support for EXTENDED_COPY copy offload emulation 2013-09-10 16:48:43 -07:00