[SCSI] zfcp: returning an ERR_PTR where a NULL value is expected

Aborting a SCSI cmnd might requrie to send a abort_fsf_cmnd. If the
creation of this fsf_req fails an ERR_PTR is returned where a NULL
value would be expected as an error indicator. This ERR_PTR is
dereferenced as valid fsf_req in succeeding processing leading to
an error.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Signed-off-by: Christof Schmitt <christof.schmitt@de.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c
index 48bfd30492448639ea3136ab00503ca1bef9905e..0343d881babda412f40e9fdc97ce118245252ff3 100644 (file)
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -930,8 +930,10 @@ struct zfcp_fsf_req *zfcp_fsf_abort_fcp_command(unsigned long old_req_id,
                goto out;
        req = zfcp_fsf_req_create(adapter, FSF_QTCB_ABORT_FCP_CMND,
                                  req_flags, adapter->pool.fsf_req_abort);
-       if (IS_ERR(req))
+       if (IS_ERR(req)) {
+               req = NULL;
                goto out;
+       }
 
        if (unlikely(!(atomic_read(&unit->status) &
                       ZFCP_STATUS_COMMON_UNBLOCKED)))
@@ -2443,8 +2445,10 @@ struct zfcp_fsf_req *zfcp_fsf_send_fcp_ctm(struct zfcp_adapter *adapter,
                goto out;
        req = zfcp_fsf_req_create(adapter, FSF_QTCB_FCP_CMND, req_flags,
                                  adapter->pool.fsf_req_scsi);
-       if (IS_ERR(req))
+       if (IS_ERR(req)) {
+               req = NULL;
                goto out;
+       }
 
        req->status |= ZFCP_STATUS_FSFREQ_TASK_MANAGEMENT;
        req->data = unit;