[SCSI] zfcp: Dont call zfcp_fsf_req_free on NULL pointer
authorChristof Schmitt <christof.schmitt@de.ibm.com>
Fri, 17 Apr 2009 13:08:03 +0000 (15:08 +0200)
committerJames Bottomley <James.Bottomley@HansenPartnership.com>
Mon, 27 Apr 2009 15:07:25 +0000 (10:07 -0500)
Fix problem that zfcp_fsf_exchange_config_data_sync and
zfcp_fsf_exchange_config_data_sync could try to call zfcp_fsf_req_free
with a NULL pointer.

Reviewed-by: Martin Petermann <martin@linux.vnet.ibm.com>
Signed-off-by: Christof Schmitt <christof.schmitt@de.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
drivers/s390/scsi/zfcp_fsf.c

index fa896dc600bf2d38e6dc813aa59bc63fc2f2f3be..a8e84065d006c1a6711599fb3c803a8639f8d8d4 100644 (file)
@@ -1254,13 +1254,13 @@ int zfcp_fsf_exchange_config_data_sync(struct zfcp_adapter *adapter,
 
        spin_lock_bh(&adapter->req_q_lock);
        if (zfcp_fsf_req_sbal_get(adapter))
-               goto out;
+               goto out_unlock;
 
        req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_CONFIG_DATA,
                                  0, NULL);
        if (IS_ERR(req)) {
                retval = PTR_ERR(req);
-               goto out;
+               goto out_unlock;
        }
 
        sbale = zfcp_qdio_sbale_req(req);
@@ -1279,14 +1279,16 @@ int zfcp_fsf_exchange_config_data_sync(struct zfcp_adapter *adapter,
 
        zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT);
        retval = zfcp_fsf_req_send(req);
-out:
        spin_unlock_bh(&adapter->req_q_lock);
        if (!retval)
                wait_event(req->completion_wq,
                           req->status & ZFCP_STATUS_FSFREQ_COMPLETED);
 
        zfcp_fsf_req_free(req);
+       return retval;
 
+out_unlock:
+       spin_unlock_bh(&adapter->req_q_lock);
        return retval;
 }
 
@@ -1353,13 +1355,13 @@ int zfcp_fsf_exchange_port_data_sync(struct zfcp_adapter *adapter,
 
        spin_lock_bh(&adapter->req_q_lock);
        if (zfcp_fsf_req_sbal_get(adapter))
-               goto out;
+               goto out_unlock;
 
        req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_PORT_DATA, 0,
                                  NULL);
        if (IS_ERR(req)) {
                retval = PTR_ERR(req);
-               goto out;
+               goto out_unlock;
        }
 
        if (data)
@@ -1372,14 +1374,18 @@ int zfcp_fsf_exchange_port_data_sync(struct zfcp_adapter *adapter,
        req->handler = zfcp_fsf_exchange_port_data_handler;
        zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT);
        retval = zfcp_fsf_req_send(req);
-out:
        spin_unlock_bh(&adapter->req_q_lock);
+
        if (!retval)
                wait_event(req->completion_wq,
                           req->status & ZFCP_STATUS_FSFREQ_COMPLETED);
        zfcp_fsf_req_free(req);
 
        return retval;
+
+out_unlock:
+       spin_unlock_bh(&adapter->req_q_lock);
+       return retval;
 }
 
 static void zfcp_fsf_open_port_handler(struct zfcp_fsf_req *req)