diff options
author | Christof Schmitt <christof.schmitt@de.ibm.com> | 2009-04-17 15:08:03 +0200 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2009-04-27 10:07:25 -0500 |
commit | ada81b748b768eb5b75567fd1db5e87ba5c98bf0 (patch) | |
tree | 6bc538ce5f1b7ba1da6514f68ecabef455f3cdc3 | |
parent | 306b6edcdd7b6cc5fee50d48fc398201fa3df841 (diff) | |
download | lwn-ada81b748b768eb5b75567fd1db5e87ba5c98bf0.tar.gz lwn-ada81b748b768eb5b75567fd1db5e87ba5c98bf0.zip |
[SCSI] zfcp: Dont call zfcp_fsf_req_free on NULL pointer
Fix problem that zfcp_fsf_exchange_config_data_sync and
zfcp_fsf_exchange_config_data_sync could try to call zfcp_fsf_req_free
with a NULL pointer.
Reviewed-by: Martin Petermann <martin@linux.vnet.ibm.com>
Signed-off-by: Christof Schmitt <christof.schmitt@de.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | drivers/s390/scsi/zfcp_fsf.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c index fa896dc600bf..a8e84065d006 100644 --- a/drivers/s390/scsi/zfcp_fsf.c +++ b/drivers/s390/scsi/zfcp_fsf.c @@ -1254,13 +1254,13 @@ int zfcp_fsf_exchange_config_data_sync(struct zfcp_adapter *adapter, spin_lock_bh(&adapter->req_q_lock); if (zfcp_fsf_req_sbal_get(adapter)) - goto out; + goto out_unlock; req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_CONFIG_DATA, 0, NULL); if (IS_ERR(req)) { retval = PTR_ERR(req); - goto out; + goto out_unlock; } sbale = zfcp_qdio_sbale_req(req); @@ -1279,14 +1279,16 @@ int zfcp_fsf_exchange_config_data_sync(struct zfcp_adapter *adapter, zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT); retval = zfcp_fsf_req_send(req); -out: spin_unlock_bh(&adapter->req_q_lock); if (!retval) wait_event(req->completion_wq, req->status & ZFCP_STATUS_FSFREQ_COMPLETED); zfcp_fsf_req_free(req); + return retval; +out_unlock: + spin_unlock_bh(&adapter->req_q_lock); return retval; } @@ -1353,13 +1355,13 @@ int zfcp_fsf_exchange_port_data_sync(struct zfcp_adapter *adapter, spin_lock_bh(&adapter->req_q_lock); if (zfcp_fsf_req_sbal_get(adapter)) - goto out; + goto out_unlock; req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_PORT_DATA, 0, NULL); if (IS_ERR(req)) { retval = PTR_ERR(req); - goto out; + goto out_unlock; } if (data) @@ -1372,14 +1374,18 @@ int zfcp_fsf_exchange_port_data_sync(struct zfcp_adapter *adapter, req->handler = zfcp_fsf_exchange_port_data_handler; zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT); retval = zfcp_fsf_req_send(req); -out: spin_unlock_bh(&adapter->req_q_lock); + if (!retval) wait_event(req->completion_wq, req->status & ZFCP_STATUS_FSFREQ_COMPLETED); zfcp_fsf_req_free(req); return retval; + +out_unlock: + spin_unlock_bh(&adapter->req_q_lock); + return retval; } static void zfcp_fsf_open_port_handler(struct zfcp_fsf_req *req) |