scsi: libcxgbi: fix skb use after free
authorVarun Prakash <varun@chelsio.com>
Tue, 16 May 2017 13:53:44 +0000 (19:23 +0530)
committerMartin K. Petersen <martin.petersen@oracle.com>
Wed, 24 May 2017 02:39:14 +0000 (22:39 -0400)
commit75b61250bf687c686ba6850c34eccc1303b0b827
treeadf54de459a66c5a251df5bb5bcd6bd72da132d2
parentb19775e4785996503b106e59d9d3a8839e677afd
scsi: libcxgbi: fix skb use after free

skb->data is assigned to task->hdr in cxgbi_conn_alloc_pdu(),
skb gets freed after tx but task->hdr is still dereferenced in
iscsi_tcp_task_xmit() to avoid this call skb_get() after allocating skb
and free the skb in cxgbi_cleanup_task() or before allocating new skb in
cxgbi_conn_alloc_pdu().

Signed-off-by: Varun Prakash <varun@chelsio.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/cxgbi/libcxgbi.c
drivers/scsi/cxgbi/libcxgbi.h