target/pscsi: Fix bug with REPORT_LUNs handling for SCSI passthrough

This patch fixes a regression bug in pscsi_transport_complete() callback
code where *pt was being NULL dereferenced during REPORT_LUNS handling,
that was introduced with the spc/sbc refactoring in:

commit 1fd032ee10d2816c947f5d5b9abda95e728f0a8f
Author: Christoph Hellwig <hch@infradead.org>
Date:   Sun May 20 11:59:15 2012 -0400

    target: move code for CDB emulation

As this is a special case for pscsi_parse_cdb() to call spc_parse_cdb() to
allow TCM to handle REPORT_LUN emulation, pscsi_plugin_task will have not
been allocated..

So now in pscsi_transport_complete() just check for existence of *pt and
return for this special case.

Reported-by: Alex Elsayed <eternaleye+usenet@gmail.com>
Cc: Alex Elsayed <eternaleye+usenet@gmail.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

diff --git a/drivers/target/target_core_pscsi.c b/drivers/target/target_core_pscsi.c
index 6e32ff6f2fa0ce4ead43073d87bedc77d3ffee2c..5552fa7426bc9b317da906dec2e395bbf854ae78 100644 (file)
--- a/drivers/target/target_core_pscsi.c
+++ b/drivers/target/target_core_pscsi.c
@@ -673,8 +673,15 @@ static int pscsi_transport_complete(struct se_cmd *cmd, struct scatterlist *sg)
        struct scsi_device *sd = pdv->pdv_sd;
        int result;
        struct pscsi_plugin_task *pt = cmd->priv;
-       unsigned char *cdb = &pt->pscsi_cdb[0];
+       unsigned char *cdb;
+       /*
+        * Special case for REPORT_LUNs handling where pscsi_plugin_task has
+        * not been allocated because TCM is handling the emulation directly.
+        */
+       if (!pt)
+               return 0;
 
+       cdb = &pt->pscsi_cdb[0];
        result = pt->pscsi_result;
        /*
         * Hack to make sure that Write-Protect modepage is set if R/O mode is