From 40be67f4c588fe2f3e2dbd60ae1f470abc5b6ad8 Mon Sep 17 00:00:00 2001 From: Nicholas Bellinger Date: Wed, 30 Nov 2011 00:41:20 -0800 Subject: [PATCH] target: Fix possible NULL pointer with __transport_execute_tasks This patch makes __transport_execute_tasks() use a local *se_dev reference to prevent direct se_cmd->se_dev access after transport_cmd_check_stop() -> transport_add_tasks_from_cmd() has been called, as in the current implementation we can expect __transport_execute_tasks() may be called from another context that may have already completed the I/O. Cc: Christoph Hellwig Signed-off-by: Nicholas Bellinger --- drivers/target/target_core_transport.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c index e4389d40c057..1cc7e920ab0b 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -2076,6 +2076,7 @@ static inline int transport_execute_task_attr(struct se_cmd *cmd) static int transport_execute_tasks(struct se_cmd *cmd) { int add_tasks; + struct se_device *se_dev = cmd->se_dev; if (se_dev_check_online(cmd->se_dev) != 0) { cmd->scsi_sense_reason = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; @@ -2108,7 +2109,7 @@ static int transport_execute_tasks(struct se_cmd *cmd) * storage object. */ execute_tasks: - __transport_execute_tasks(cmd->se_dev); + __transport_execute_tasks(se_dev); return 0; }