mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
874fc85921
commit 9547308bda296b6f69876c840a0291fcfbeddbb8 upstream. Make sure all non-READ SCSI commands get targ_xfer_tag initialized to 0xffffffff, not just WRITEs. Double-free of a TUR cmd object occurs under the following scenario: 1. TUR received (targ_xfer_tag is uninitialized and left at 0) 2. TUR status sent 3. First unsolicited NOPIN is sent to initiator (gets targ_xfer_tag of 0) 4. NOPOUT for NOPIN (with TTT=0) arrives - its ExpStatSN acks TUR status, TUR is queued for removal - LIO tries to find NOPIN with TTT=0, but finds the same TUR instead, TUR is queued for removal for the 2nd time (Drop unbalanced conditional bracket usage - nab) Signed-off-by: Alexei Potashnik <alexei@purestorage.com> Signed-off-by: Spencer Baugh <sbaugh@catern.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> [lizf: Backported to 3.4: - adjust context - leave the braces as it is] Signed-off-by: Zefan Li <lizefan@huawei.com> |
||
|---|---|---|
| .. | ||
| iscsi | ||
| loopback | ||
| tcm_fc | ||
| Kconfig | ||
| Makefile | ||
| target_core_alua.c | ||
| target_core_alua.h | ||
| target_core_cdb.c | ||
| target_core_configfs.c | ||
| target_core_device.c | ||
| target_core_fabric_configfs.c | ||
| target_core_fabric_lib.c | ||
| target_core_file.c | ||
| target_core_file.h | ||
| target_core_hba.c | ||
| target_core_iblock.c | ||
| target_core_iblock.h | ||
| target_core_internal.h | ||
| target_core_pr.c | ||
| target_core_pr.h | ||
| target_core_pscsi.c | ||
| target_core_pscsi.h | ||
| target_core_rd.c | ||
| target_core_rd.h | ||
| target_core_stat.c | ||
| target_core_tmr.c | ||
| target_core_tpg.c | ||
| target_core_transport.c | ||
| target_core_ua.c | ||
| target_core_ua.h | ||