Nicholas Bellinger 8c9c9dfcd1 target: Fix double-free of se_cmd in target_complete_tmr_failure ... commit e13d5fef88 upstream. Fabric drivers currently expect to internally release se_cmd in the event of a TMR failure during target_submit_tmr(), which means the immediate call to transport_generic_free_cmd() after TFO->queue_tm_rsp() from within target_complete_tmr_failure() workqueue context is wrong. This is done as some fabrics expect TMR operations to be acknowledged before releasing the descriptor, so the assumption that core is releasing se_cmd associated TMR memory is incorrect. This fixes a OOPs where transport_generic_free_cmd() was being called more than once. This bug was originally observed with tcm_qla2xxx fabric ports. Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Christoph Hellwig <hch@lst.de> Cc: Roland Dreier <roland@purestorage.com> Cc: Andy Grover <agrover@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2012-11-05 09:50:42 +01:00
..
iscsi	iscsi-target: Bump defaults for nopin_timeout + nopin_response_timeout values	2012-10-21 09:27:58 -07:00
loopback
tcm_fc	tcm_fc: Fix crash seen with aborts and large reads	2012-07-29 08:04:18 -07:00
Kconfig
Makefile
target_core_alua.c
target_core_alua.h
target_core_cdb.c	target: Check number of unmap descriptors against our limit	2012-08-15 08:10:32 -07:00
target_core_configfs.c	target: fix return code in target_core_init_configfs error path	2012-10-21 09:27:58 -07:00
target_core_device.c
target_core_fabric_configfs.c
target_core_fabric_lib.c
target_core_file.c
target_core_file.h
target_core_hba.c
target_core_iblock.c
target_core_iblock.h
target_core_internal.h
target_core_pr.c
target_core_pr.h
target_core_pscsi.c
target_core_pscsi.h
target_core_rd.c
target_core_rd.h
target_core_stat.c
target_core_tmr.c
target_core_tpg.c
target_core_transport.c	target: Fix double-free of se_cmd in target_complete_tmr_failure	2012-11-05 09:50:42 +01:00
target_core_ua.c
target_core_ua.h