[Open-FCoE] [RFC v1 PATCH 13/14] TCM Core : Fix for NULL pointer deference in LUN Reset codepath

Kiran Patil Tue, 08 Mar 2011 10:52:56 -0800

From: Kiran Patil <[email protected]>

Problem:  When initiator send TMR request (LUN Reset), it causes NULL pointer 
access
in function core_tmr_release_req because "tmr->tmr_dev" is NULL.


Fix: In function "transport_device_setup_cmd", if cmd->se_tmr_req is valid, then
setup "se_tmr_req->tmr_dev" to be same as "cmd->se_dev"

Notes/Dependencies: This bug was found when initiator was unable to complete IO 
and caused
LUN Reset (TMR) command being sent to target. Processing of LUN Reset caused 
NULL pointer.
This bug was also reproduced when explicit LUn Reset command was issued from 
initiator.
    e.g. sg_reset -d <LUN device e,g. /dev/sdc>

Signed-off-by: Kiran Patil <[email protected]>
---

 drivers/target/target_core_transport.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/drivers/target/target_core_transport.c 
b/drivers/target/target_core_transport.c
index 28b6292..ce69ca7 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1796,6 +1796,8 @@ static int transport_generic_cmd_sequencer(struct se_cmd 
*, unsigned char *);
 void transport_device_setup_cmd(struct se_cmd *cmd)
 {
        cmd->se_dev = SE_LUN(cmd)->lun_se_dev;
+       if (cmd->se_tmr_req)
+               cmd->se_tmr_req->tmr_dev = cmd->se_dev;
 }
 EXPORT_SYMBOL(transport_device_setup_cmd);
 

_______________________________________________
devel mailing list
[email protected]
https://lists.open-fcoe.org/mailman/listinfo/devel

[Open-FCoE] [RFC v1 PATCH 13/14] TCM Core : Fix for NULL pointer deference in LUN Reset codepath

Reply via email to