scsi: csiostor: fix use after free in csio_hw_use_fwconfig()

mbp pointer is passed to csio_hw_validate_caps() so call mempool_free() after calling csio_hw_validate_caps(). Signed-off-by: Varun Prakash <varun@chelsio.com> Fixes: 541c571fa2fd ("csiostor:Use firmware version from cxgb4/t4fw_version.h") Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
author: Varun Prakash <varun@chelsio.com> 2017-05-17 11:00:43 -0400
committer: Martin K. Petersen <martin.petersen@oracle.com> 2017-05-18 21:37:27 -0400
commit: a351e40b6de550049423a26f7ded7b639e363d89 (patch)
tree: b15bb3bc32b9721c0425115b5166ae3d7fc1ccab
parent: 463f620b1256e0488d932088e04a372817e8c42e (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/drivers/scsi/csiostor/csio_hw.c b/drivers/scsi/csiostor/csio_hw.c
index 622bdabc8894..dab195f04da7 100644
--- a/drivers/scsi/csiostor/csio_hw.c
+++ b/drivers/scsi/csiostor/csio_hw.c
@@ -1769,7 +1769,6 @@ csio_hw_use_fwconfig(struct csio_hw *hw, int reset, u32 *fw_cfg_param)
                goto bye;
        }
-        mempool_free(mbp, hw->mb_mempool);
        if (finicsum != cfcsum) {
                csio_warn(hw,
                      "Config File checksum mismatch: csum=%#x, computed=%#x\n",
@@ -1780,6 +1779,10 @@ csio_hw_use_fwconfig(struct csio_hw *hw, int reset, u32 *fw_cfg_param)
        rv = csio_hw_validate_caps(hw, mbp);
        if (rv != 0)
                goto bye;
+        mempool_free(mbp, hw->mb_mempool);
+        mbp = NULL;
        /*
         * Note that we're operating with parameters
         * not supplied by the driver, rather than from hard-wired
author	Varun Prakash <varun@chelsio.com>	2017-05-17 11:00:43 -0400
committer	Martin K. Petersen <martin.petersen@oracle.com>	2017-05-18 21:37:27 -0400
commit	a351e40b6de550049423a26f7ded7b639e363d89 (patch)
tree	b15bb3bc32b9721c0425115b5166ae3d7fc1ccab
parent	463f620b1256e0488d932088e04a372817e8c42e (diff)