[stgt] [PATCH] iscsi: fix segfault at iscsi_scsi_cmd_done()
FUJITA Tomonori
fujita.tomonori at lab.ntt.co.jp
Sat Mar 22 12:57:26 CET 2014
On Tue, 18 Mar 2014 12:27:24 +0900
Ryusuke Konishi <konishi.ryusuke at lab.ntt.co.jp> wrote:
> When enabling ping-nop of iscsi by setting valid values to
> nop_interval and nop_count parameters, tgtd crashed with the following
> segmentation fault at iscsi_scsi_cmd_done() function:
>
> Program terminated with signal 11, Segmentation fault.
> #0 __list_add (nid=<value optimized out>, result=<value optimized out>,
> scmd=0x980f20) at ./list.h:67
> 67 prev->next = new;
> (gdb) bt
> #0 __list_add (nid=<value optimized out>, result=<value optimized out>,
> scmd=0x980f20) at ./list.h:67
> #1 list_add_tail (nid=<value optimized out>, result=<value optimized out>,
> scmd=0x980f20) at ./list.h:77
> #2 iscsi_scsi_cmd_done (nid=<value optimized out>,
> result=<value optimized out>, scmd=0x980f20) at iscsi/iscsid.c:1270
> #3 0x000000000042b69d in bs_sig_request_done (fd=<value optimized out>,
> events=<value optimized out>, data=<value optimized out>) at bs.c:212
> #4 0x0000000000414231 in event_loop () at tgtd.c:432
> #5 0x000000000041490a in main (argc=<value optimized out>,
> argv=<value optimized out>) at tgtd.c:620
>
> This segfault is caused by forcible destruction of tcp connection
> using iscsi_tcp_release() within iscsi_tcp_nop_work_handler().
>
> This patch fixes it by closing connection cleanly there with
> conn_close() function.
>
> Signed-off-by: Ryusuke Konishi <konishi.ryusuke at lab.ntt.co.jp>
> ---
> usr/iscsi/iscsi_tcp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied, thanks a lot for another good catch!
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the stgt
mailing list