From: Christof Schmitt Date: Fri, 17 Apr 2009 13:08:03 +0000 (+0200) Subject: [SCSI] zfcp: Dont call zfcp_fsf_req_free on NULL pointer X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ada81b748b768eb5b75567fd1db5e87ba5c98bf0;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [SCSI] zfcp: Dont call zfcp_fsf_req_free on NULL pointer Fix problem that zfcp_fsf_exchange_config_data_sync and zfcp_fsf_exchange_config_data_sync could try to call zfcp_fsf_req_free with a NULL pointer. Reviewed-by: Martin Petermann Signed-off-by: Christof Schmitt Signed-off-by: James Bottomley --- diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c index fa896dc600bf..a8e84065d006 100644 --- a/drivers/s390/scsi/zfcp_fsf.c +++ b/drivers/s390/scsi/zfcp_fsf.c @@ -1254,13 +1254,13 @@ int zfcp_fsf_exchange_config_data_sync(struct zfcp_adapter *adapter, spin_lock_bh(&adapter->req_q_lock); if (zfcp_fsf_req_sbal_get(adapter)) - goto out; + goto out_unlock; req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_CONFIG_DATA, 0, NULL); if (IS_ERR(req)) { retval = PTR_ERR(req); - goto out; + goto out_unlock; } sbale = zfcp_qdio_sbale_req(req); @@ -1279,14 +1279,16 @@ int zfcp_fsf_exchange_config_data_sync(struct zfcp_adapter *adapter, zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT); retval = zfcp_fsf_req_send(req); -out: spin_unlock_bh(&adapter->req_q_lock); if (!retval) wait_event(req->completion_wq, req->status & ZFCP_STATUS_FSFREQ_COMPLETED); zfcp_fsf_req_free(req); + return retval; +out_unlock: + spin_unlock_bh(&adapter->req_q_lock); return retval; } @@ -1353,13 +1355,13 @@ int zfcp_fsf_exchange_port_data_sync(struct zfcp_adapter *adapter, spin_lock_bh(&adapter->req_q_lock); if (zfcp_fsf_req_sbal_get(adapter)) - goto out; + goto out_unlock; req = zfcp_fsf_req_create(adapter, FSF_QTCB_EXCHANGE_PORT_DATA, 0, NULL); if (IS_ERR(req)) { retval = PTR_ERR(req); - goto out; + goto out_unlock; } if (data) @@ -1372,14 +1374,18 @@ int zfcp_fsf_exchange_port_data_sync(struct zfcp_adapter *adapter, req->handler = zfcp_fsf_exchange_port_data_handler; zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT); retval = zfcp_fsf_req_send(req); -out: spin_unlock_bh(&adapter->req_q_lock); + if (!retval) wait_event(req->completion_wq, req->status & ZFCP_STATUS_FSFREQ_COMPLETED); zfcp_fsf_req_free(req); return retval; + +out_unlock: + spin_unlock_bh(&adapter->req_q_lock); + return retval; } static void zfcp_fsf_open_port_handler(struct zfcp_fsf_req *req)