• Nicholas Bellinger's avatar
    target: Fix caw_sem leak in transport_generic_request_failure · fd2f928b
    Nicholas Bellinger authored
    With the recent addition of transport_check_aborted_status() within
    transport_generic_request_failure() to avoid sending a SCSI status
    exception after CMD_T_ABORTED w/ TAS=1 has occured, it introduced
    a COMPARE_AND_WRITE early failure regression.
    
    Namely when COMPARE_AND_WRITE fails and se_device->caw_sem has
    been taken by sbc_compare_and_write(), if the new check for
    transport_check_aborted_status() returns true and exits,
    cmd->transport_complete_callback() -> compare_and_write_post()
    is skipped never releasing se_device->caw_sem.
    
    This regression was originally introduced by:
    
      commit e3b88ee9
      Author: Bart Van Assche <bart.vanassche@sandisk.com>
      Date:   Tue Feb 14 16:25:45 2017 -0800
    
          target: Fix handling of aborted failed commands
    
    To address this bug, move the transport_check_aborted_status()
    call after transport_complete_task_attr() and
    cmd->transport_complete_callback().
    
    Cc: Mike Christie <mchristi@redhat.com>
    Cc: Hannes Reinecke <hare@suse.com>
    Cc: Bart Van Assche <bart.vanassche@sandisk.com>
    Cc: stable@vger.kernel.org # 4.11+
    Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
    fd2f928b
target_core_transport.c 92.2 KB