mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-05 00:20:32 +00:00
Code Issues Releases Wiki Activity

scsi: dpt_i2o: use after free in adpt_release()

Browse source 
The scsi_host_put() function frees "pHba" and then we dereference it on
the next line when we do "scsi_host_put(pHba->host);".

[mkp: included fix from hch]

Fixes: 38e09e3bb0 ("scsi: dpt_i2o: stop using scsi_unregister")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This commit is contained in:
Dan Carpenter 2018-03-19 13:33:03 +03:00 committed by Martin K. Petersen
parent 83c9f08e6c
commit 24268fd1ad
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
drivers/scsi/dpt_i2o.c
View file

@ -304,10 +304,12 @@ static int adpt_detect(struct scsi_host_template* sht)
static void adpt_release(adpt_hba *pHba)
{
scsi_remove_host(pHba->host);
struct Scsi_Host *shost = pHba->host;
scsi_remove_host(shost);
// adpt_i2o_quiesce_hba(pHba);
adpt_i2o_delete_hba(pHba);
scsi_host_put(pHba->host);
scsi_host_put(shost);
}