From: Dan Carpenter Date: Mon, 24 Aug 2020 08:59:33 +0000 (+0300) Subject: scsi: libcxgbi: Fix a use after free in cxgbi_conn_xmit_pdu() X-Git-Tag: v5.15~2812^2~19 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=38660389a7697ae6dd56edfac5d87754374f217a;p=platform%2Fkernel%2Flinux-starfive.git scsi: libcxgbi: Fix a use after free in cxgbi_conn_xmit_pdu() We accidentally move this logging printk after the free, but that leads to a use after free. Link: https://lore.kernel.org/r/20200824085933.GD208317@mwanda Fixes: e33c2482289b ("scsi: cxgb4i: Add support for iSCSI segmentation offload") Signed-off-by: Dan Carpenter Signed-off-by: Martin K. Petersen --- diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c index 71aebaf..0e8621a 100644 --- a/drivers/scsi/cxgbi/libcxgbi.c +++ b/drivers/scsi/cxgbi/libcxgbi.c @@ -2457,10 +2457,10 @@ int cxgbi_conn_xmit_pdu(struct iscsi_task *task) return err; } - __kfree_skb(skb); log_debug(1 << CXGBI_DBG_ISCSI | 1 << CXGBI_DBG_PDU_TX, "itt 0x%x, skb 0x%p, len %u/%u, xmit err %d.\n", task->itt, skb, skb->len, skb->data_len, err); + __kfree_skb(skb); iscsi_conn_printk(KERN_ERR, task->conn, "xmit err %d.\n", err); iscsi_conn_failure(task->conn, ISCSI_ERR_XMIT_FAILED); return err;