From: Andrew Vasquez <andrew.vasquez@qlogic.com>
Date: Thu, 18 Feb 2010 18:07:26 +0000 (-0800)
Subject: [SCSI] qla2xxx: Correct use-after-free issue in terminate_rport_io callback.
X-Git-Tag: v2.6.34-rc1~284^2~9
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=715848ca6fffeb6362a50887d9c26245bd5dfba9;p=pandora-kernel.git

[SCSI] qla2xxx: Correct use-after-free issue in terminate_rport_io callback.

The explicit logout (LOGO) issued at the end of the callback will
flush (via normal scsi_cmnd->done()) any outstanding commands
(FCP2) the firmware is holding.  While iterating through the
outstanding_cmnd array in qla2x00_abort_fcport_cmds(), locking
and unlocking of the hardware spinlock, opens-up the driver to
cases where the processed SRB (sp) could be used after the
command completed from interrupt context.

Cc: stable@kernel.org
Signed-off-by: Andrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: Giridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
---

Reading git-diff-tree failed