linux_dsm_epyc7002/drivers
Roland Dreier 72b59d6ee8 target: Fix use-after-free in LUN RESET handling
If a backend IO takes a really long then an initiator might abort a
command, and then when it gives up on the abort, send a LUN reset too,
all before we process any of the original command or the abort.  (The
abort will wait for the backend IO to complete too)

When the backend IO final completes (or fails), the abort handling
will proceed and queue up a "return aborted status" operation.  Then,
while that's still pending, the LUN reset might find the original
command still on the LUN's list of commands and try to return aborted
status again, which leads to a use-after free when the first
se_tfo->queue_status call frees the command and then the second
se_tfo->queue_status call runs.

Fix this by removing a command from the LUN state_list when we first
are about to queue aborted status; we shouldn't do anything
LUN-related after we've started returning status, so this seems like
the correct thing to do.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2013-01-10 21:00:35 -08:00
..
accessibility
acpi Merge branch 'x86-acpi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-14 10:03:23 -08:00
amba Merge tag 'tegra-for-3.8-fixes-for-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/swarren/linux-tegra into fixes 2012-12-17 10:04:27 -08:00
ata 1) More ACPI fixes 2012-12-15 12:37:18 -08:00
atm solos-pci: double lock in geos_gpio_store() 2012-12-21 13:14:00 -08:00
auxdisplay
base vfs: turn is_dir argument to kern_path_create into a lookup_flags arg 2012-12-20 18:50:02 -05:00
bcma MTD pull for 3.8 2012-12-19 12:47:41 -08:00
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2012-12-20 14:00:13 -08:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-12-12 18:07:07 -08:00
bus ARM: OMAP: Fix drivers to depend on omap for internal devices 2012-12-16 15:23:37 -08:00
cdrom
char Some nice cleanups, and even a patch my wife did as a "live" demo for 2012-12-20 08:37:05 -08:00
clk MTD pull for 3.8 2012-12-19 12:47:41 -08:00
clocksource ARM: arm-soc: Updates for Marvell mvebu/kirkwood 2012-12-14 14:54:26 -08:00
connector
cpufreq ACPI and power management updates for 3.8-rc1 2012-12-11 12:45:35 -08:00
cpuidle ARM: arm-soc: SoC updates for 3.8 2012-12-12 12:05:15 -08:00
crypto Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-12-18 09:58:09 -08:00
dca
devfreq Merge branch 'pm-devfreq' 2012-12-07 23:13:36 +01:00
dio
dma dmatest: check for dma mapping error 2012-12-17 17:15:13 -08:00
edac Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-12-14 14:27:45 -08:00
eisa
extcon
firewire Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
firmware drivers/firmware/dmi_scan.c: fetch dmi version from SMBIOS if it exists 2012-12-20 17:40:19 -08:00
gpio gpio/mvebu-gpio: Make mvebu-gpio depend on OF_CONFIG 2012-12-19 22:15:14 +00:00
gpu Revert "drm: tegra: protect DC register access with mutex" 2012-12-30 21:58:20 +10:00
hid Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-12-13 19:22:22 -08:00
hsi
hv
hwmon hwmon: (emc6w201) Fix DIV_ROUND_CLOSEST problem with unsigned divisors 2012-12-22 02:16:40 -08:00
hwspinlock hwspinlock: remove use of __devexit 2012-11-28 11:41:36 -08:00
i2c i2c: remove __dev* attributes from subsystem 2012-12-22 20:13:45 +01:00
ide
idle
iio This is the MFD patch set for the 3.8 merge window. 2012-12-16 18:55:20 -08:00
infiniband Second batch of InfiniBand/RDMA changes for 3.8: 2012-12-21 16:40:26 -08:00
input Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-19 12:56:42 -08:00
iommu IOMMU Updates for Linux v3.8 2012-12-20 10:07:25 -08:00
ipack TTY/Serial merge for 3.8-rc1 2012-12-11 14:08:47 -08:00
irqchip ARM: arm-soc: Device-tree updates, take 2 2012-12-14 14:42:53 -08:00
isdn mISDN: fix race in timer canceling on module unloading 2012-12-14 13:14:07 -05:00
leds leds: leds-gpio: set devm_gpio_request_one() flags param correctly 2013-01-02 17:58:41 -08:00
lguest lguest: fix typo 2012-12-18 15:19:06 +10:30
macintosh Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-12-18 09:58:09 -08:00
md Miscellaneous device-mapper fixes, cleanups and performance improvements. 2012-12-21 17:08:06 -08:00
media ARM: arm-soc: late cleanups for omap 2012-12-30 09:59:21 -08:00
memory
memstick
message drivers/message/fusion/mptscsih.c: missing break 2012-12-18 15:02:12 -08:00
mfd ARM: arm-soc fixes for 3.8 2012-12-20 07:21:54 -08:00
misc Merge git://www.linux-watchdog.org/linux-watchdog 2012-12-21 17:10:29 -08:00
mmc This is the MFD patch set for the 3.8 merge window. 2012-12-16 18:55:20 -08:00
mtd Nothing exciting, just clean-ups and nicification. Oh, and one small 2012-12-20 07:39:03 -08:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-12-27 10:40:30 -08:00
nfc
nubus
of of: Fix export of of_find_matching_node_and_match() 2012-12-19 10:58:53 +00:00
oprofile
parisc
parport
pci PCI: Reduce Ricoh 0xe822 SD card reader base clock frequency to 50MHz 2012-12-26 10:43:06 -07:00
pcmcia ARM: arm-soc: Header cleanups 2012-12-12 11:45:16 -08:00
pinctrl pinctrl: exynos5440/samsung: Staticize pcfgs 2012-12-18 19:00:25 -08:00
platform Corentin has moved 2012-12-17 17:15:14 -08:00
pnp Driver core updates for 3.8-rc1 2012-12-11 13:13:55 -08:00
power ARM: arm-soc: late cleanups for omap 2012-12-30 09:59:21 -08:00
pps
ps3
ptp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-12-12 18:07:07 -08:00
pwm pwm: Changes for v3.8-rc1 2012-12-19 08:19:07 -08:00
rapidio Driver core updates for 3.8-rc1 2012-12-11 13:13:55 -08:00
regulator Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
remoteproc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
rpmsg virtio: rpmsg: make it clear that virtqueue_add_buf() no longer returns > 0 2012-12-18 15:20:36 +10:30
rtc revert "rtc: recycle id when unloading a rtc driver" 2012-12-20 17:40:20 -08:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2012-12-13 14:20:19 -08:00
sbus
scsi Second batch of InfiniBand/RDMA changes for 3.8: 2012-12-21 16:40:26 -08:00
sfi
sh
sn
spi spi/sh-hspi: fix return value check in hspi_probe(). 2012-12-19 15:11:41 +00:00
ssb Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-12-14 14:27:45 -08:00
staging Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-12-17 15:44:47 -08:00
target target: Fix use-after-free in LUN RESET handling 2013-01-10 21:00:35 -08:00
tc
thermal Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
tty Merge branch 'omap-for-v3.8/fixes-for-merge-window' into omap-for-v3.8/fixes-for-merge-window-v2 2012-12-16 11:28:10 -08:00
uio ARM: arm-soc: SoC updates for 3.8 2012-12-12 12:05:15 -08:00
usb usb: musb: use io{read,write}*_rep accessors 2012-12-17 17:15:13 -08:00
uwb
vfio vfio-pci: Enable device before attempting reset 2012-12-07 13:43:51 -07:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2012-12-15 14:25:10 -08:00
video backlight: locomolcd: fix checkpatch error and warning 2012-12-18 15:02:11 -08:00
virt Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2012-12-18 09:58:09 -08:00
virtio Some nice cleanups, and even a patch my wife did as a "live" demo for 2012-12-20 08:37:05 -08:00
vlynq
vme
w1 ARM: OMAP: Fix drivers to depend on omap for internal devices 2012-12-16 15:23:37 -08:00
watchdog watchdog: twl4030_wdt: add DT support 2013-01-02 12:07:05 +01:00
xen Feature: 2012-12-16 17:39:14 -08:00
zorro
Kconfig
Makefile