From: Heiko Carstens <heiko.carstens@de.ibm.com>
Date: Thu, 20 Dec 2007 11:30:22 +0000 (+0100)
Subject: [SCSI] zfcp: fix use after free bug.
X-Git-Tag: v2.6.25-rc1~1230^2~87
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1ad09db2fd551d49d65ef040591cb9298e70fb6;p=pandora-kernel.git

[SCSI] zfcp: fix use after free bug.

zfcp_erp_strategy_check_fsfreq() checks if it is safe to access the
fsf_req associated with the erp_action that gets passed. To test if
it is safe it accesses the fsf_req in order to get its index into
the hash list. This is broken since the fsf_req might be freed already
and the read index has no meaning. It could lead to memory corruption.
Fix this by introducing a new zfcp_reqlist_find_safe() method which
just checks if addresses are equal. This is slower, but only gets
called in case of error recovery.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Christof Schmitt <christof.schmitt@de.ibm.com>
Signed-off-by: Martin Peschke <mp3@de.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---

Reading git-diff-tree failed