mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-14 04:26:45 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/target
History
Bodo Stroesser 95ea51b269 scsi: target: tcmu: Userspace must not complete queued commands 
[ Upstream commit 61fb248221 ]

When tcmu queues a new command - no matter whether in command ring or in
qfull_queue - a cmd_id from IDR udev->commands is assigned to the command.

If userspace sends a wrong command completion containing the cmd_id of a
command on the qfull_queue, tcmu_handle_completions() finds the command in
the IDR and calls tcmu_handle_completion() for it. This might do some nasty
things because commands in qfull_queue do not have a valid dbi list.

To fix this bug, we no longer add queued commands to the idr.  Instead the
cmd_id is assign when a command is written to the command ring.

Due to this change I had to adapt the source code at several places where
up to now an idr_for_each had been done.

[mkp: fix checkpatch warnings]

Link: https://lore.kernel.org/r/20200518164833.12775-1-bstroesser@ts.fujitsu.com
Acked-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-06-24 17:50:30 +02:00
..
iscsi scsi: target: fix hang when multiple threads try to destroy the same iscsi session 2020-04-21 09:05:04 +02:00
loopback scsi: target: loopback: Fix READ with data and sensebytes 2020-06-24 17:50:25 +02:00
sbp
tcm_fc mm: introduce page_size() 2019-09-24 15:54:08 -07:00
Kconfig
Makefile
target_core_alua.c
target_core_alua.h
target_core_configfs.c
target_core_device.c scsi: target: core: Do not overwrite CDB byte 1 2019-10-17 21:40:25 -04:00
target_core_fabric_configfs.c
target_core_fabric_lib.c scsi: target: fix PR IN / READ FULL STATUS for FC 2020-05-02 08:48:56 +02:00
target_core_file.c
target_core_file.h
target_core_hba.c
target_core_iblock.c scsi: target/iblock: fix WRITE SAME zeroing 2020-05-06 08:15:14 +02:00
target_core_iblock.h
target_core_internal.h
target_core_pr.c
target_core_pr.h
target_core_pscsi.c
target_core_pscsi.h
target_core_rd.c
target_core_rd.h
target_core_sbc.c
target_core_spc.c
target_core_stat.c
target_core_tmr.c
target_core_tpg.c
target_core_transport.c scsi: target: Put lun_ref at end of tmr processing 2020-05-27 17:46:40 +02:00
target_core_ua.c
target_core_ua.h
target_core_user.c scsi: target: tcmu: Userspace must not complete queued commands 2020-06-24 17:50:30 +02:00
target_core_xcopy.c
target_core_xcopy.h