From f18009c7acc4efa72c6bb36f8be1db8b08582dd9 Mon Sep 17 00:00:00 2001
From: =?utf8?q?J=C3=B6rn=20Engel?= <joern@logfs.org>
Date: Wed, 15 Feb 2012 16:51:32 -0500
Subject: [PATCH] target: fix use after free in target_report_luns

commit 382436f8804fe1cb20b9a2a811a10eb2d8554721 upstream.

Fix possible NULL pointer dereference in target_report_luns failure path.

Signed-off-by: Joern Engel <joern@logfs.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/target/target_core_device.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
index 19f8aca08098..097178b83b3a 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -696,12 +696,12 @@ int target_report_luns(struct se_task *se_task)
 	 * See SPC3 r07, page 159.
 	 */
 done:
-	transport_kunmap_data_sg(se_cmd);
 	lun_count *= 8;
 	buf[0] = ((lun_count >> 24) & 0xff);
 	buf[1] = ((lun_count >> 16) & 0xff);
 	buf[2] = ((lun_count >> 8) & 0xff);
 	buf[3] = (lun_count & 0xff);
+	transport_kunmap_data_sg(se_cmd);
 
 	se_task->task_scsi_status = GOOD;
 	transport_complete_task(se_task, 1);
-- 
2.39.2