From 77039d1eafbbc192df71ee84b157b8973766737d Mon Sep 17 00:00:00 2001 From: Nicholas Bellinger Date: Thu, 29 Sep 2011 01:01:35 -0700 Subject: target: Fix transport_cmd_finish_abort queue removal bug This patch fixes a bug in LUN_RESET operation with transport_cmd_finish_abort() where transport_remove_cmd_from_queue() was incorrectly being called, causing descriptors with t_state == TRANSPORT_FREE_CMD_INTR to be incorrectly removed from qobj->qobj_list during process context release. This change ensures the descriptor is only removed via transport_remove_cmd_from_queue() when doing a direct release via transport_generic_remove(). Cc: stable@kernel.org Signed-off-by: Nicholas Bellinger --- drivers/target/target_core_transport.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c index 046da7f3823..009547b3557 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -593,13 +593,14 @@ check_lun: void transport_cmd_finish_abort(struct se_cmd *cmd, int remove) { - transport_remove_cmd_from_queue(cmd, &cmd->se_dev->dev_queue_obj); transport_lun_remove_cmd(cmd); if (transport_cmd_check_stop_to_fabric(cmd)) return; - if (remove) + if (remove) { + transport_remove_cmd_from_queue(cmd, &cmd->se_dev->dev_queue_obj); transport_generic_remove(cmd, 0); + } } void transport_cmd_finish_abort_tmr(struct se_cmd *cmd) -- cgit v1.2.3-18-g5258