This is a note to let you know that I've just added the patch titled
target: fix null pointer regression in core_tmr_drain_tmr_list
to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: target-fix-null-pointer-regression-in-core_tmr_drain_tmr_list.patch and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From 88fb2fa7db7510bf1078226ab48d162d9854f3d4 Mon Sep 17 00:00:00 2001
From: tangwenji tang.wenji@zte.com.cn Date: Wed, 16 Aug 2017 16:39:00 +0800 Subject: target: fix null pointer regression in core_tmr_drain_tmr_list
From: tangwenji tang.wenji@zte.com.cn
commit 88fb2fa7db7510bf1078226ab48d162d9854f3d4 upstream.
The target system kernel crash when the initiator executes the sg_persist -A command,because of the second argument to be set to NULL when core_tmr_lun_reset is called in core_scsi3_pro_preempt function.
This fixes a regression originally introduced by:
commit 51ec502a32665fed66c7f03799ede4023b212536 Author: Bart Van Assche bart.vanassche@sandisk.com Date: Tue Feb 14 16:25:54 2017 -0800
target: Delete tmr from list before processing
Signed-off-by: tangwenji tang.wenji@zte.com.cn Signed-off-by: Nicholas Bellinger nab@linux-iscsi.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/target/target_core_tmr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/target/target_core_tmr.c +++ b/drivers/target/target_core_tmr.c @@ -217,7 +217,8 @@ static void core_tmr_drain_tmr_list( * LUN_RESET tmr.. */ spin_lock_irqsave(&dev->se_tmr_lock, flags); - list_del_init(&tmr->tmr_list); + if (tmr) + list_del_init(&tmr->tmr_list); list_for_each_entry_safe(tmr_p, tmr_pp, &dev->dev_tmr_list, tmr_list) { cmd = tmr_p->task_cmd; if (!cmd) {
Patches currently in stable-queue which might be from tang.wenji@zte.com.cn are
queue-4.14/target-fix-null-pointer-regression-in-core_tmr_drain_tmr_list.patch queue-4.14/target-fix-buffer-offset-in-core_scsi3_pri_read_full_status.patch