diff options
| author | Xiubo Li <xiubli@redhat.com> | 2019-01-22 18:10:51 +0800 |
|---|---|---|
| committer | Martin K. Petersen <martin.petersen@oracle.com> | 2019-01-22 20:54:00 -0500 |
| commit | 40d883b091758472c79b81fa1c0e0347e24a9cff (patch) | |
| tree | ad7689cc55e8afca8e011ca842958d1da2804a10 /drivers/target | |
| parent | fe35a40e675473eb65f2f5462b82770f324b5689 (diff) | |
| download | linux-40d883b091758472c79b81fa1c0e0347e24a9cff.tar.gz | |
scsi: tcmu: fix use after free
Fixes: a94a2572b977 ("scsi: tcmu: avoid cmd/qfull timers updated whenever a new cmd comes")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Mike Christie <mchristi@redhat.com>
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/target')
| -rw-r--r-- | drivers/target/target_core_user.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c index c34c88ef3319..5831e0eecea1 100644 --- a/drivers/target/target_core_user.c +++ b/drivers/target/target_core_user.c @@ -1317,12 +1317,13 @@ static int tcmu_check_expired_cmd(int id, void *p, void *data) * target_complete_cmd will translate this to LUN COMM FAILURE */ scsi_status = SAM_STAT_CHECK_CONDITION; + list_del_init(&cmd->queue_entry); } else { + list_del_init(&cmd->queue_entry); idr_remove(&udev->commands, id); tcmu_free_cmd(cmd); scsi_status = SAM_STAT_TASK_SET_FULL; } - list_del_init(&cmd->queue_entry); pr_debug("Timing out cmd %u on dev %s that is %s.\n", id, udev->name, is_running ? "inflight" : "queued"); |