iscsi-target: Fix residual count hanlding + remove iscsi_cmd->residual_count
authorNicholas Bellinger <nab@linux-iscsi.org>
Wed, 16 Nov 2011 07:59:00 +0000 (23:59 -0800)
committerGreg Kroah-Hartman <gregkh@suse.de>
Wed, 21 Dec 2011 20:58:29 +0000 (12:58 -0800)
commit43dd6e6faffcacc6d8d9d12f15d6aa5f2f4fa351
tree617a22e736a737abeb979aaf202cf7ba99f9c159
parent1c9c1ada7ee0b4b42e451d35153dff3735b28cac
iscsi-target: Fix residual count hanlding + remove iscsi_cmd->residual_count

commit 7e46cf02687e40197ae07c623e660be2a2720064 upstream.

This patch fixes iscsi-target handling of underflow where residual data is
causing an OOPs by using the incorrect iscsi_cmd_t->data_length initially
assigned in iscsit_allocate_se_cmd().  It resets iscsi_cmd_t->data_length
from se_cmd_t->data_length after transport_generic_allocate_tasks()
has been invoked in iscsit_handle_scsi_cmd() RX context, and converts
iscsi_cmd->residual_count usage to access iscsi_cmd->se_cmd.residual_count
to get the proper residual count set by target-core.

Reported-by: <lists@internyc.net>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/target/iscsi/iscsi_target.c
drivers/target/iscsi/iscsi_target_core.h