aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/s390/scsi
diff options
context:
space:
mode:
authorSwen Schillig <swen@vnet.ibm.com>2008-11-26 12:07:37 -0500
committerJames Bottomley <James.Bottomley@HansenPartnership.com>2008-12-01 11:17:14 -0500
commit633528c304f20b5c2e3e04d48f620548ce08b12e (patch)
tree07bf82b8ad982066cdd9525db7c4859de2859bac /drivers/s390/scsi
parent1c1cba17a9078c83a80a099bc207b208d664a13a (diff)
[SCSI] zfcp: returning an ERR_PTR where a NULL value is expected
Aborting a SCSI cmnd might requrie to send a abort_fsf_cmnd. If the creation of this fsf_req fails an ERR_PTR is returned where a NULL value would be expected as an error indicator. This ERR_PTR is dereferenced as valid fsf_req in succeeding processing leading to an error. Signed-off-by: Swen Schillig <swen@vnet.ibm.com> Signed-off-by: Christof Schmitt <christof.schmitt@de.ibm.com> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Diffstat (limited to 'drivers/s390/scsi')
-rw-r--r--drivers/s390/scsi/zfcp_fsf.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c
index 48bfd304924..0343d881bab 100644
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -930,8 +930,10 @@ struct zfcp_fsf_req *zfcp_fsf_abort_fcp_command(unsigned long old_req_id,
930 goto out; 930 goto out;
931 req = zfcp_fsf_req_create(adapter, FSF_QTCB_ABORT_FCP_CMND, 931 req = zfcp_fsf_req_create(adapter, FSF_QTCB_ABORT_FCP_CMND,
932 req_flags, adapter->pool.fsf_req_abort); 932 req_flags, adapter->pool.fsf_req_abort);
933 if (IS_ERR(req)) 933 if (IS_ERR(req)) {
934 req = NULL;
934 goto out; 935 goto out;
936 }
935 937
936 if (unlikely(!(atomic_read(&unit->status) & 938 if (unlikely(!(atomic_read(&unit->status) &
937 ZFCP_STATUS_COMMON_UNBLOCKED))) 939 ZFCP_STATUS_COMMON_UNBLOCKED)))
@@ -2443,8 +2445,10 @@ struct zfcp_fsf_req *zfcp_fsf_send_fcp_ctm(struct zfcp_adapter *adapter,
2443 goto out; 2445 goto out;
2444 req = zfcp_fsf_req_create(adapter, FSF_QTCB_FCP_CMND, req_flags, 2446 req = zfcp_fsf_req_create(adapter, FSF_QTCB_FCP_CMND, req_flags,
2445 adapter->pool.fsf_req_scsi); 2447 adapter->pool.fsf_req_scsi);
2446 if (IS_ERR(req)) 2448 if (IS_ERR(req)) {
2449 req = NULL;
2447 goto out; 2450 goto out;
2451 }
2448 2452
2449 req->status |= ZFCP_STATUS_FSFREQ_TASK_MANAGEMENT; 2453 req->status |= ZFCP_STATUS_FSFREQ_TASK_MANAGEMENT;
2450 req->data = unit; 2454 req->data = unit;