HomeFreeBSD

iscsi: Always free a cdw before its associated ctl_io.

Description

iscsi: Always free a cdw before its associated ctl_io.

cxgbei stores state about a target transfer in the ctl_private[] array
of a ctl_io that is freed when a target transfer (represented by the
cdw) is freed. As such, freeing a ctl_io before a cdw that references
it can result in a use after free in cxgbei. Two of the four places
freed the cdw first, and the other two freed the ctl_io first. Fix
the latter two places to free the cdw first.

Reported by: Jithesh Arakkan @ Chelsio
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D30270

(cherry picked from commit 71e3d1b3a0ee4080c53615167bde4d93efe103fe)

Details

Provenance
jhbAuthored on May 20 2021, 4:58 PM
Reviewer
mav
Differential Revision
D30270: iscsi: Always free a cdw before its associated ctl_io.
Parents
rG4aa41b1e7685: cxgbei: Add tunable sysctls for the FirstBurstLength and MaxBurstLength.
Branches
Unknown
Tags
Unknown