scsi: lpfc: Fix use after free in lpfc_els_free_iocb
There are several code paths where the following sequence occurs:
- An ndlp pointer is assigned to an iocb via a nlp_get()
- An attempt is made to issue the iocb, but it fails
- The failure case does a put on the ndlp then calls lpfc_els_free_iocb()
The put may free the ndlp structure, but the els_free_iocb may reference
the now-stale ndlp pointer and cause a crash.
Fix by ensuring that the lpfc_els_free_iocb() occurs before the
lpfc_nlp_put().
While fixing, refactor the code to better ensure this calling sequence.
Link: https://lore.kernel.org/r/20210301171821.3427-11-jsmart2021@gmail.com
Co-developed-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>