Commit 60d44861 authored by Mark Rustad's avatar Mark Rustad Committed by Ben Hutchings

tcm_fc: Fix crash seen with aborts and large reads

commit 3cc5d2a6 upstream.

This patch fixes a crash seen when large reads have their exchange
aborted by either timing out or being reset. Because the exchange
abort results in the seq pointer being set to NULL, because the
sequence is no longer valid, it must not be dereferenced. This
patch changes the function ft_get_task_tag to return ~0 if it is
unable to get the tag for this reason. Because the get_task_tag
interface provides no means of returning an error, this seems
like the best way to fix this issue at the moment.
Signed-off-by: default avatarMark Rustad <mark.d.rustad@intel.com>
Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent df437286
...@@ -249,6 +249,8 @@ u32 ft_get_task_tag(struct se_cmd *se_cmd) ...@@ -249,6 +249,8 @@ u32 ft_get_task_tag(struct se_cmd *se_cmd)
{ {
struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd); struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd);
if (cmd->aborted)
return ~0;
return fc_seq_exch(cmd->seq)->rxid; return fc_seq_exch(cmd->seq)->rxid;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment