diff options
| author | Christof Schmitt <christof.schmitt@de.ibm.com> | 2009-04-17 09:08:03 -0400 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2009-04-27 11:07:25 -0400 |
| commit | ada81b748b768eb5b75567fd1db5e87ba5c98bf0 (patch) | |
| tree | 6bc538ce5f1b7ba1da6514f68ecabef455f3cdc3 | |
| parent | 306b6edcdd7b6cc5fee50d48fc398201fa3df841 (diff) | |
[SCSI] zfcp: Dont call zfcp_fsf_req_free on NULL pointer
Fix problem that zfcp_fsf_exchange_config_data_sync and
zfcp_fsf_exchange_config_data_sync could try to call zfcp_fsf_req_free
with a NULL pointer.
Reviewed-by: Martin Petermann <martin@linux.vnet.ibm.com>
Signed-off-by: Christof Schmitt <christof.schmitt@de.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
| -rw-r--r-- | drivers/s390/scsi/zfcp_fsf.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c index fa896dc600bf..a8e84065d006 100644 --- a/drivers/s390/scsi/zfcp_fsf.c +++ b/drivers/s390/scsi/zfcp_fsf.c | |||
| @@ -1254,13 +1254,13 @@ int zfcp_fsf_exchange_config_data_sync(struct zfcp_adapter *adapter, | |||
| 1254 | 1254 | ||
| 1255 | spin_lock_bh(&adapter->req_q_lock); | 1255 | spin_lock_bh(&adapter->req_q_lock); |
| 1256 | if (zfcp_fsf_req_sbal_get(adapter)) | 1256 | if (zfcp_fsf_req_sbal_get(adapter)) |
| 1257 | goto out; | 1257 | goto out_unlock; |
| 1258 | 1258 | ||
| 1259 | req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_CONFIG_DATA, | 1259 | req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_CONFIG_DATA, |
| 1260 | 0, NULL); | 1260 | 0, NULL); |
| 1261 | if (IS_ERR(req)) { | 1261 | if (IS_ERR(req)) { |
| 1262 | retval = PTR_ERR(req); | 1262 | retval = PTR_ERR(req); |
| 1263 | goto out; | 1263 | goto out_unlock; |
| 1264 | } | 1264 | } |
| 1265 | 1265 | ||
| 1266 | sbale = zfcp_qdio_sbale_req(req); | 1266 | sbale = zfcp_qdio_sbale_req(req); |
| @@ -1279,14 +1279,16 @@ int zfcp_fsf_exchange_config_data_sync(struct zfcp_adapter *adapter, | |||
| 1279 | 1279 | ||
| 1280 | zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT); | 1280 | zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT); |
| 1281 | retval = zfcp_fsf_req_send(req); | 1281 | retval = zfcp_fsf_req_send(req); |
| 1282 | out: | ||
| 1283 | spin_unlock_bh(&adapter->req_q_lock); | 1282 | spin_unlock_bh(&adapter->req_q_lock); |
| 1284 | if (!retval) | 1283 | if (!retval) |
| 1285 | wait_event(req->completion_wq, | 1284 | wait_event(req->completion_wq, |
| 1286 | req->status & ZFCP_STATUS_FSFREQ_COMPLETED); | 1285 | req->status & ZFCP_STATUS_FSFREQ_COMPLETED); |
| 1287 | 1286 | ||
| 1288 | zfcp_fsf_req_free(req); | 1287 | zfcp_fsf_req_free(req); |
| 1288 | return retval; | ||
| 1289 | 1289 | ||
| 1290 | out_unlock: | ||
| 1291 | spin_unlock_bh(&adapter->req_q_lock); | ||
| 1290 | return retval; | 1292 | return retval; |
| 1291 | } | 1293 | } |
| 1292 | 1294 | ||
| @@ -1353,13 +1355,13 @@ int zfcp_fsf_exchange_port_data_sync(struct zfcp_adapter *adapter, | |||
| 1353 | 1355 | ||
| 1354 | spin_lock_bh(&adapter->req_q_lock); | 1356 | spin_lock_bh(&adapter->req_q_lock); |
| 1355 | if (zfcp_fsf_req_sbal_get(adapter)) | 1357 | if (zfcp_fsf_req_sbal_get(adapter)) |
| 1356 | goto out; | 1358 | goto out_unlock; |
| 1357 | 1359 | ||
| 1358 | req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_PORT_DATA, 0, | 1360 | req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_PORT_DATA, 0, |
| 1359 | NULL); | 1361 | NULL); |
| 1360 | if (IS_ERR(req)) { | 1362 | if (IS_ERR(req)) { |
| 1361 | retval = PTR_ERR(req); | 1363 | retval = PTR_ERR(req); |
| 1362 | goto out; | 1364 | goto out_unlock; |
| 1363 | } | 1365 | } |
| 1364 | 1366 | ||
| 1365 | if (data) | 1367 | if (data) |
| @@ -1372,14 +1374,18 @@ int zfcp_fsf_exchange_port_data_sync(struct zfcp_adapter *adapter, | |||
| 1372 | req->handler = zfcp_fsf_exchange_port_data_handler; | 1374 | req->handler = zfcp_fsf_exchange_port_data_handler; |
| 1373 | zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT); | 1375 | zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT); |
| 1374 | retval = zfcp_fsf_req_send(req); | 1376 | retval = zfcp_fsf_req_send(req); |
| 1375 | out: | ||
| 1376 | spin_unlock_bh(&adapter->req_q_lock); | 1377 | spin_unlock_bh(&adapter->req_q_lock); |
| 1378 | |||
| 1377 | if (!retval) | 1379 | if (!retval) |
| 1378 | wait_event(req->completion_wq, | 1380 | wait_event(req->completion_wq, |
| 1379 | req->status & ZFCP_STATUS_FSFREQ_COMPLETED); | 1381 | req->status & ZFCP_STATUS_FSFREQ_COMPLETED); |
| 1380 | zfcp_fsf_req_free(req); | 1382 | zfcp_fsf_req_free(req); |
| 1381 | 1383 | ||
| 1382 | return retval; | 1384 | return retval; |
| 1385 | |||
| 1386 | out_unlock: | ||
| 1387 | spin_unlock_bh(&adapter->req_q_lock); | ||
| 1388 | return retval; | ||
| 1383 | } | 1389 | } |
| 1384 | 1390 | ||
| 1385 | static void zfcp_fsf_open_port_handler(struct zfcp_fsf_req *req) | 1391 | static void zfcp_fsf_open_port_handler(struct zfcp_fsf_req *req) |