[PATCH 3.16.y-ckt 063/144] target: Fix reference leak in target_get_sess_cmd() error path

[Luis Henriques]

3.16.7-ckt10 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bart Van Assche <bart.vanassche at sandisk.com>

commit 7544e597343e2166daba3f32e4708533aa53c233 upstream.

This patch fixes a se_cmd->cmd_kref leak buf when se_sess->sess_tearing_down
is true within target_get_sess_cmd() submission path code.

This se_cmd reference leak can occur during active session shutdown when
ack_kref=1 is passed by target_submit_cmd_[map_sgls,tmr]() callers.

Signed-off-by: Bart Van Assche <bart.vanassche at sandisk.com>
Signed-off-by: Nicholas Bellinger <nab at linux-iscsi.org>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 drivers/target/target_core_transport.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
index a9c77b5116e3..83b0d08c9d5b 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -2392,6 +2392,10 @@ int target_get_sess_cmd(struct se_session *se_sess, struct se_cmd *se_cmd,
 	list_add_tail(&se_cmd->se_cmd_list, &se_sess->sess_cmd_list);
 out:
 	spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags);
+
+	if (ret && ack_kref)
+		target_put_sess_cmd(se_sess, se_cmd);
+
 	return ret;
 }
 EXPORT_SYMBOL(target_get_sess_cmd);