[PATCH 4.14 113/193] target: fix null pointer regression in core_tmr_drain_tmr_list
From: Greg Kroah-Hartman
Date: Tue Nov 28 2017 - 05:48:11 EST
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: tangwenji <tang.wenji@xxxxxxxxxx>
commit 88fb2fa7db7510bf1078226ab48d162d9854f3d4 upstream.
The target system kernel crash when the initiator executes
the sg_persist -A command,because of the second argument to
be set to NULL when core_tmr_lun_reset is called in
core_scsi3_pro_preempt function.
This fixes a regression originally introduced by:
commit 51ec502a32665fed66c7f03799ede4023b212536
Author: Bart Van Assche <bart.vanassche@xxxxxxxxxxx>
Date: Tue Feb 14 16:25:54 2017 -0800
target: Delete tmr from list before processing
Signed-off-by: tangwenji <tang.wenji@xxxxxxxxxx>
Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/target/target_core_tmr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/target/target_core_tmr.c
+++ b/drivers/target/target_core_tmr.c
@@ -217,7 +217,8 @@ static void core_tmr_drain_tmr_list(
* LUN_RESET tmr..
*/
spin_lock_irqsave(&dev->se_tmr_lock, flags);
- list_del_init(&tmr->tmr_list);
+ if (tmr)
+ list_del_init(&tmr->tmr_list);
list_for_each_entry_safe(tmr_p, tmr_pp, &dev->dev_tmr_list, tmr_list) {
cmd = tmr_p->task_cmd;
if (!cmd) {