[SCSI] fix for bidi use after free
When ending a bi-directionional SCSI request, blk_finish_request() cleans up and frees the request, but scsi_release_bidi_buffers() tries to indirect through the request to find it's data buffers. This causes a panic due to a null pointer dereference. Move the call to scsi_release_bidi_buffers() before the call to blk_finish_request(). Signed-off-by: NDaniel Gryniewicz <dang@linuxbox.com> Reviewed-by: NWebb Scales <webbnh@hp.com> Signed-off-by: NChristoph Hellwig <hch@lst.de> Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>
Showing
想要评论请 注册 或 登录