diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-06-29 16:59:45 +0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-06-29 16:59:45 +0800 |
commit | 5b607ba862f30364aef0b0d40cab8afccf339616 (patch) | |
tree | 076c30d6e954178b922dce2ecde278e2587c2255 | |
parent | 9dda12b6fa0eba6b1fd32399b599d05765893dae (diff) | |
parent | 240b4cc8fd5db138b675297d4226ec46594d9b3b (diff) |
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fix from James Bottomley:
"One simple fix for a driver use after free"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
-rw-r--r-- | drivers/scsi/vmw_pvscsi.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/drivers/scsi/vmw_pvscsi.c b/drivers/scsi/vmw_pvscsi.c index ecee4b3ff073..377b07b2feeb 100644 --- a/drivers/scsi/vmw_pvscsi.c +++ b/drivers/scsi/vmw_pvscsi.c @@ -763,6 +763,7 @@ static int pvscsi_queue_lck(struct scsi_cmnd *cmd, void (*done)(struct scsi_cmnd struct pvscsi_adapter *adapter = shost_priv(host); struct pvscsi_ctx *ctx; unsigned long flags; + unsigned char op; spin_lock_irqsave(&adapter->hw_lock, flags); @@ -775,13 +776,14 @@ static int pvscsi_queue_lck(struct scsi_cmnd *cmd, void (*done)(struct scsi_cmnd } cmd->scsi_done = done; + op = cmd->cmnd[0]; dev_dbg(&cmd->device->sdev_gendev, - "queued cmd %p, ctx %p, op=%x\n", cmd, ctx, cmd->cmnd[0]); + "queued cmd %p, ctx %p, op=%x\n", cmd, ctx, op); spin_unlock_irqrestore(&adapter->hw_lock, flags); - pvscsi_kick_io(adapter, cmd->cmnd[0]); + pvscsi_kick_io(adapter, op); return 0; } |