iscsi-scst: Fix a use-after-free

Avoid that KASAN reports the following complaint:

BUG: KASAN: slab-out-of-bounds in f/0xdc4 [iscsi_scst]
Read of size 8 at addr ffff888be35fd0ec by task iscsiwr0_71/3289

CPU: 42 PID: 3289 Comm: iscsiwr0_71 Tainted: G
sos.debug #1
Hardware name: To be filled by O.E.M.
Call Trace:
 dump_stack+0x8e/0xc8
 print_address_description+0x73/0x238
 kasan_report+0x228/0x251
 check_memory_region+0x126/0x12c
 __asan_loadN+0xf/0x11
 write_data+0x5df/0xdc4 [iscsi_scst]
 iscsi_do_send+0x20/0x67 [iscsi_scst]
 iscsi_send+0x1f0/0x574 [iscsi_scst]
 scst_do_job_wr+0x2ef/0x549 [iscsi_scst]
 istwr+0x366/0x4a2 [iscsi_scst]
 kthread+0x1df/0x1ef
 ret_from_fork+0x3a/0x50

Allocated by task 3063:
 save_stack_trace+0x1b/0x1d
 kasan_kmalloc.part.1+0x62/0xee
 kasan_kmalloc+0x7f/0x8b
 kasan_slab_alloc+0x12/0x14
 kmem_cache_alloc+0x13d/0x27a
 mempool_alloc_slab+0x15/0x17
 mempool_alloc+0xdb/0x1f3
 scst_alloc_aen+0x96/0x223 [scst]
 scst_gen_aen_or_ua+0x16b/0x3d2 [scst]
 scst_capacity_data_changed+0x147/0x1cd [scst]
 vdev_size_process_store+0x1b5/0x1f4 [scst_vdisk]
 scst_process_sysfs_works+0x187/0x2a1 [scst]
 sysfs_work_thread_fn+0x301/0x42b [scst]
 kthread+0x1df/0x1ef
 ret_from_fork+0x3a/0x50

Reported-by: Marc Smith <msmith626@gmail.com>



git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@8056 d57e44dd-8a1f-0410-8b47-8ef2f437770f

iscsi-scst/kernel/nthread.c

@@ -1189,7 +1189,8 @@ retry:
 
 	sock = conn->sock;
 
-	if ((write_cmnd->parent_req->scst_cmd != NULL) &&
+	if (write_cmnd->parent_req->scst_cmd &&
+	    write_cmnd->parent_req->scst_state != ISCSI_CMD_STATE_AEN &&
 	    scst_cmd_get_dh_data_buff_alloced(write_cmnd->parent_req->scst_cmd))
 		sock_sendpage = sock_no_sendpage;
 	else