git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1ba9555)
IB/srp: Fix use-after-free in srp_reset_req()
authorBart Van Assche <bvanassche@acm.org>
Fri, 24 Aug 2012 10:27:54 +0000 (10:27 +0000)
committerBen Hutchings <ben@decadent.org.uk>
Wed, 17 Oct 2012 02:49:18 +0000 (03:49 +0100)
commit 9b796d06d5d1b1e85ae2316a283ea11dd739ef96 upstream.

srp_free_req() uses the scsi_cmnd structure contents to unmap
buffers, so we must invoke srp_free_req() before we release
ownership of that structure.

Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: David Dillow <dillowda@ornl.gov>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
drivers/infiniband/ulp/srp/ib_srp.c patch | blob | history

diff --cc drivers/infiniband/ulp/srp/ib_srp.c
Simple merge
Pandora Kernel Repository