From: Kiran Patil <[email protected]>
Problem: When initiator send TMR request (LUN Reset), it causes NULL pointer
access
in function core_tmr_release_req because "tmr->tmr_dev" is NULL.
Fix: In function "transport_device_setup_cmd", if cmd->se_tmr_req is valid, then
setup "se_tmr_req->tmr_dev" to be same as "cmd->se_dev"
Notes/Dependencies: This bug was found when initiator was unable to complete IO
and caused
LUN Reset (TMR) command being sent to target. Processing of LUN Reset caused
NULL pointer.
This bug was also reproduced when explicit LUn Reset command was issued from
initiator.
e.g. sg_reset -d <LUN device e,g. /dev/sdc>
Signed-off-by: Kiran Patil <[email protected]>
---
drivers/target/target_core_transport.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/drivers/target/target_core_transport.c
b/drivers/target/target_core_transport.c
index bf6aa8a..724b3ca 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1818,6 +1818,8 @@ static int transport_generic_cmd_sequencer(struct se_cmd
*, unsigned char *);
void transport_device_setup_cmd(struct se_cmd *cmd)
{
cmd->se_dev = SE_LUN(cmd)->lun_se_dev;
+ if (cmd->se_tmr_req)
+ cmd->se_tmr_req->tmr_dev = cmd->se_dev;
}
EXPORT_SYMBOL(transport_device_setup_cmd);
_______________________________________________
devel mailing list
[email protected]
https://lists.open-fcoe.org/mailman/listinfo/devel
