Re: [PATCH] scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
Varun, > mbp pointer is passed to csio_hw_validate_caps() so call > mempool_free() after calling csio_hw_validate_caps(). Applied to 4.12/scsi-fixes. Thank you! -- Martin K. Petersen Oracle Linux Engineering
Re: [PATCH] scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
On 05/17/2017 05:00 PM, Varun Prakash wrote:
> mbp pointer is passed to csio_hw_validate_caps() so call
> mempool_free() after calling csio_hw_validate_caps().
>
> Signed-off-by: Varun Prakash
> ---
Fixes: 541c571fa2fd ("csiostor:Use firmware version from
cxgb4/t4fw_version.h")
Reviewed-by: Johannes Thumshirn
Thanks,
Johannes
--
Johannes Thumshirn Storage
jthumsh...@suse.de+49 911 74053 689
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
Key fingerprint = EC38 9CAB C2C4 F25D 8600 D0D0 0393 969D 2D76 0850
[PATCH] scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
mbp pointer is passed to csio_hw_validate_caps() so call
mempool_free() after calling csio_hw_validate_caps().
Signed-off-by: Varun Prakash
---
drivers/scsi/csiostor/csio_hw.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/csiostor/csio_hw.c b/drivers/scsi/csiostor/csio_hw.c
index 5ca4099..c6e1814 100644
--- a/drivers/scsi/csiostor/csio_hw.c
+++ b/drivers/scsi/csiostor/csio_hw.c
@@ -1780,7 +1780,6 @@ csio_hw_use_fwconfig(struct csio_hw *hw, int reset, u32
*fw_cfg_param)
goto bye;
}
- mempool_free(mbp, hw->mb_mempool);
if (finicsum != cfcsum) {
csio_warn(hw,
"Config File checksum mismatch: csum=%#x, computed=%#x\n",
@@ -1791,6 +1790,10 @@ csio_hw_use_fwconfig(struct csio_hw *hw, int reset, u32
*fw_cfg_param)
rv = csio_hw_validate_caps(hw, mbp);
if (rv != 0)
goto bye;
+
+ mempool_free(mbp, hw->mb_mempool);
+ mbp = NULL;
+
/*
* Note that we're operating with parameters
* not supplied by the driver, rather than from hard-wired
--
2.0.2
