target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE
authorQuinn Tran <quinn.tran@qlogic.com>
Thu, 25 Sep 2014 10:22:28 +0000 (06:22 -0400)
committerNicholas Bellinger <nab@linux-iscsi.org>
Wed, 1 Oct 2014 21:39:30 +0000 (14:39 -0700)
commit082f58ac4a48d3f5cb4597232cb2ac6823a96f43
tree8a71ac3e9bc7102202e0a1cd5a1c8ff2410a4598
parentdb3a99b9921f27fe71ca8c0f218ee810e0e7fb69
target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE

During temporary resource starvation at lower transport layer, command
is placed on queue full retry path, which expose this problem.  The TCM
queue full handling of SCF_TRANSPORT_TASK_SENSE currently sends the same
cmd twice to lower layer.  The 1st time led to cmd normal free path.
The 2nd time cause Null pointer access.

This regression bug was originally introduced v3.1-rc code in the
following commit:

commit e057f53308a5f071556ee80586b99ee755bf07f5
Author: Christoph Hellwig <hch@infradead.org>
Date:   Mon Oct 17 13:56:41 2011 -0400

    target: remove the transport_qf_callback se_cmd callback

Signed-off-by: Quinn Tran <quinn.tran@qlogic.com>
Signed-off-by: Saurav Kashyap <saurav.kashyap@qlogic.com>
Cc: <stable@vger.kernel.org> # v3.1+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
drivers/target/target_core_transport.c