• Nicholas Bellinger's avatar
    target: Fix NULL pointer dereference for XCOPY in target_put_sess_cmd · 0ed6e189
    Nicholas Bellinger authored
    This patch fixes a NULL pointer dereference regression bug that was
    introduced with:
    
    commit 1e1110c4
    Author: Mikulas Patocka <mpatocka@redhat.com>
    Date:   Sat May 17 06:49:22 2014 -0400
    
        target: fix memory leak on XCOPY
    
    Now that target_put_sess_cmd() -> kref_put_spinlock_irqsave() is
    called with a valid se_cmd->cmd_kref, a NULL pointer dereference
    is triggered because the XCOPY passthrough commands don't have
    an associated se_session pointer.
    
    To address this bug, go ahead and checking for a NULL se_sess pointer
    within target_put_sess_cmd(), and call se_cmd->se_tfo->release_cmd()
    to release the XCOPY's xcopy_pt_cmd memory.
    Reported-by: default avatarThomas Glanzmann <thomas@glanzmann.de>
    Cc: Thomas Glanzmann <thomas@glanzmann.de>
    Cc: Mikulas Patocka <mpatocka@redhat.com>
    Cc: stable@vger.kernel.org # 3.12+
    Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
    0ed6e189
target_core_transport.c 79.5 KB