From: Martin Petermann <martin@linux.vnet.ibm.com>
Date: Fri, 17 Apr 2009 13:08:01 +0000 (+0200)
Subject: [SCSI] zfcp: Avoid referencing freed memory in req send
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=135ea137e3c2872448c12d3a8890389fa64990c6;p=linux-beck.git

[SCSI] zfcp: Avoid referencing freed memory in req send

Avoid referencing a fsf request after sending it in fcp_fsf_req_send,
it might have already completed and deallocated.

Signed-off-by: Martin Petermann <martin@linux.vnet.ibm.com>
Signed-off-by: Christof Schmitt <christof.schmitt@de.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---

diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c
index b29f3121b666..fa896dc600bf 100644
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -766,8 +766,9 @@ static struct zfcp_fsf_req *zfcp_fsf_req_create(struct zfcp_adapter *adapter,
 static int zfcp_fsf_req_send(struct zfcp_fsf_req *req)
 {
 	struct zfcp_adapter *adapter = req->adapter;
-	unsigned long flags;
-	int idx;
+	unsigned long	     flags;
+	int		     idx;
+	int		     with_qtcb = (req->qtcb != NULL);
 
 	/* put allocated FSF request into hash table */
 	spin_lock_irqsave(&adapter->req_list_lock, flags);
@@ -789,7 +790,7 @@ static int zfcp_fsf_req_send(struct zfcp_fsf_req *req)
 	}
 
 	/* Don't increase for unsolicited status */
-	if (req->qtcb)
+	if (with_qtcb)
 		adapter->fsf_req_seq_no++;
 	adapter->req_no++;