[SCSI] zfcp: returning an ERR_PTR where a NULL value is expected

Aborting a SCSI cmnd might requrie to send a abort_fsf_cmnd. If the
creation of this fsf_req fails an ERR_PTR is returned where a NULL
value would be expected as an error indicator. This ERR_PTR is
dereferenced as valid fsf_req in succeeding processing leading to
an error.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Signed-off-by: Christof Schmitt <christof.schmitt@de.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

1 files changed, 6 insertions, 2 deletions

diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c
index 48bfd3049244..0343d881babd 100644
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -930,8 +930,10 @@ struct zfcp_fsf_req *zfcp_fsf_abort_fcp_command(unsigned long old_req_id,
                 goto out;
         req = zfcp_fsf_req_create(adapter, FSF_QTCB_ABORT_FCP_CMND,
                                   req_flags, adapter->pool.fsf_req_abort);
-        if (IS_ERR(req))
+        if (IS_ERR(req)) {
+                req = NULL;
                 goto out;
+        }
 
         if (unlikely(!(atomic_read(&unit->status) &
                        ZFCP_STATUS_COMMON_UNBLOCKED)))
@@ -2443,8 +2445,10 @@ struct zfcp_fsf_req *zfcp_fsf_send_fcp_ctm(struct zfcp_adapter *adapter,
                 goto out;
         req = zfcp_fsf_req_create(adapter, FSF_QTCB_FCP_CMND, req_flags,
                                   adapter->pool.fsf_req_scsi);
-        if (IS_ERR(req))
+        if (IS_ERR(req)) {
+                req = NULL;
                 goto out;
+        }
 
         req->status |= ZFCP_STATUS_FSFREQ_TASK_MANAGEMENT;
         req->data = unit;