scsi: libcxgbi: Fix a use after free in cxgbi_conn_xmit_pdu()

We accidentally move this logging printk after the free, but that leads to
a use after free.

Link: https://lore.kernel.org/r/20200824085933.GD208317@mwanda
Fixes: e33c2482289b ("scsi: cxgb4i: Add support for iSCSI segmentation offload")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c
index 71aebaf533ea543dd4ec701aab5166036ed020bc..0e8621a6956dcc6d3bf325e760ec4cc217f210fd 100644 (file)
--- a/drivers/scsi/cxgbi/libcxgbi.c
+++ b/drivers/scsi/cxgbi/libcxgbi.c
@@ -2457,10 +2457,10 @@ int cxgbi_conn_xmit_pdu(struct iscsi_task *task)
                return err;
        }
 
-       __kfree_skb(skb);
        log_debug(1 << CXGBI_DBG_ISCSI | 1 << CXGBI_DBG_PDU_TX,
                  "itt 0x%x, skb 0x%p, len %u/%u, xmit err %d.\n",
                  task->itt, skb, skb->len, skb->data_len, err);
+       __kfree_skb(skb);
        iscsi_conn_printk(KERN_ERR, task->conn, "xmit err %d.\n", err);
        iscsi_conn_failure(task->conn, ISCSI_ERR_XMIT_FAILED);
        return err;