summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristof Schmitt <christof.schmitt@de.ibm.com>2009-04-17 15:08:03 +0200
committerJames Bottomley <James.Bottomley@HansenPartnership.com>2009-04-27 10:07:25 -0500
commitada81b748b768eb5b75567fd1db5e87ba5c98bf0 (patch)
tree6bc538ce5f1b7ba1da6514f68ecabef455f3cdc3
parent306b6edcdd7b6cc5fee50d48fc398201fa3df841 (diff)
downloadlwn-ada81b748b768eb5b75567fd1db5e87ba5c98bf0.tar.gz
lwn-ada81b748b768eb5b75567fd1db5e87ba5c98bf0.zip
[SCSI] zfcp: Dont call zfcp_fsf_req_free on NULL pointer
Fix problem that zfcp_fsf_exchange_config_data_sync and zfcp_fsf_exchange_config_data_sync could try to call zfcp_fsf_req_free with a NULL pointer. Reviewed-by: Martin Petermann <martin@linux.vnet.ibm.com> Signed-off-by: Christof Schmitt <christof.schmitt@de.ibm.com> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r--drivers/s390/scsi/zfcp_fsf.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c
index fa896dc600bf..a8e84065d006 100644
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -1254,13 +1254,13 @@ int zfcp_fsf_exchange_config_data_sync(struct zfcp_adapter *adapter,
spin_lock_bh(&adapter->req_q_lock);
if (zfcp_fsf_req_sbal_get(adapter))
- goto out;
+ goto out_unlock;
req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_CONFIG_DATA,
0, NULL);
if (IS_ERR(req)) {
retval = PTR_ERR(req);
- goto out;
+ goto out_unlock;
}
sbale = zfcp_qdio_sbale_req(req);
@@ -1279,14 +1279,16 @@ int zfcp_fsf_exchange_config_data_sync(struct zfcp_adapter *adapter,
zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT);
retval = zfcp_fsf_req_send(req);
-out:
spin_unlock_bh(&adapter->req_q_lock);
if (!retval)
wait_event(req->completion_wq,
req->status & ZFCP_STATUS_FSFREQ_COMPLETED);
zfcp_fsf_req_free(req);
+ return retval;
+out_unlock:
+ spin_unlock_bh(&adapter->req_q_lock);
return retval;
}
@@ -1353,13 +1355,13 @@ int zfcp_fsf_exchange_port_data_sync(struct zfcp_adapter *adapter,
spin_lock_bh(&adapter->req_q_lock);
if (zfcp_fsf_req_sbal_get(adapter))
- goto out;
+ goto out_unlock;
req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_PORT_DATA, 0,
NULL);
if (IS_ERR(req)) {
retval = PTR_ERR(req);
- goto out;
+ goto out_unlock;
}
if (data)
@@ -1372,14 +1374,18 @@ int zfcp_fsf_exchange_port_data_sync(struct zfcp_adapter *adapter,
req->handler = zfcp_fsf_exchange_port_data_handler;
zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT);
retval = zfcp_fsf_req_send(req);
-out:
spin_unlock_bh(&adapter->req_q_lock);
+
if (!retval)
wait_event(req->completion_wq,
req->status & ZFCP_STATUS_FSFREQ_COMPLETED);
zfcp_fsf_req_free(req);
return retval;
+
+out_unlock:
+ spin_unlock_bh(&adapter->req_q_lock);
+ return retval;
}
static void zfcp_fsf_open_port_handler(struct zfcp_fsf_req *req)