review.tizen.org Git - platform/adaptation/renesas_rcar/renesas

author	Paolo Bonzini <pbonzini@redhat.com>
	Wed, 5 Sep 2012 15:09:15 +0000 (17:09 +0200)
committer	Nicholas Bellinger <nab@linux-iscsi.org>
	Thu, 6 Sep 2012 00:20:28 +0000 (17:20 -0700)
commit	d5829eac5f7cfff89c6d1cf11717eee97cf030d0
tree	9acff1b99c654235b5ad4534735fdaf03a9c5a45	tree \| snapshot
parent	27a2709912ac19c755d34c79fe11994b0bf8082b	commit \| diff

target: fix use-after-free with PSCSI sense data

The pointer to the sense buffer is fetched by transport_get_sense_data,
but this is called by target_complete_ok_work long after pscsi_req_done
has freed the struct that contains it.

Pass instead the fabric's sense buffer to transport_complete,
and copy the data to it directly in transport_complete. Setting
SCF_TRANSPORT_TASK_SENSE also becomes a duty of transport_complete.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

drivers/target/target_core_pscsi.c		diff \| blob \| history
drivers/target/target_core_transport.c		diff \| blob \| history
include/target/target_core_backend.h		diff \| blob \| history