Fix a possible dereference of crypt io caused of wrong use
pending operation.

kcryptd_crypt_write_convert
  crypt_convert
    kcrypt_async_done (async mode callback)
    ..
    crypt_endio -> dec_pending(io) -> free(io) 
..
crypt_inc_pending(bad io)

crypt_dec_pending must be called before the crypt_convert
can fire async callback.

Signed-off-by: Milan Broz <mbroz@redhat.com>
---
 drivers/md/dm-crypt.c |    9 ++++-----
 1 files changed, 4 insertions(+), 5 deletions(-)

Index: linux/drivers/md/dm-crypt.c
===================================================================
--- linux.orig/drivers/md/dm-crypt.c	2008-08-04 14:40:08.000000000 +0100
+++ linux/drivers/md/dm-crypt.c	2008-08-04 14:40:10.000000000 +0100
@@ -685,10 +685,8 @@ static void kcryptd_crypt_write_io_submi
 
 	if (async)
 		kcryptd_queue_io(io);
-	else {
-		crypt_inc_pending(io);
+	else
 		generic_make_request(clone);
-	}
 }
 
 static void kcryptd_crypt_write_convert(struct dm_crypt_io *io)
@@ -720,6 +718,8 @@ static void kcryptd_crypt_write_convert(
 
 		remaining -= clone->bi_size;
 
+		crypt_inc_pending(io);
+
 		r = crypt_convert(cc, &io->ctx);
 
 		if (atomic_dec_and_test(&io->ctx.pending)) {
@@ -727,8 +727,7 @@ static void kcryptd_crypt_write_convert(
 			kcryptd_crypt_write_io_submit(io, r, 0);
 			if (unlikely(r < 0))
 				break;
-		} else
-			crypt_inc_pending(io);
+		}
 
 		/* out of memory -> run queues */
 		if (unlikely(remaining)) {