From 135ea137e3c2872448c12d3a8890389fa64990c6 Mon Sep 17 00:00:00 2001 From: Martin Petermann Date: Fri, 17 Apr 2009 15:08:01 +0200 Subject: [PATCH] [SCSI] zfcp: Avoid referencing freed memory in req send Avoid referencing a fsf request after sending it in fcp_fsf_req_send, it might have already completed and deallocated. Signed-off-by: Martin Petermann Signed-off-by: Christof Schmitt Signed-off-by: James Bottomley --- drivers/s390/scsi/zfcp_fsf.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c index b29f3121b666..fa896dc600bf 100644 --- a/drivers/s390/scsi/zfcp_fsf.c +++ b/drivers/s390/scsi/zfcp_fsf.c @@ -766,8 +766,9 @@ static struct zfcp_fsf_req *zfcp_fsf_req_create(struct zfcp_adapter *adapter, static int zfcp_fsf_req_send(struct zfcp_fsf_req *req) { struct zfcp_adapter *adapter = req->adapter; - unsigned long flags; - int idx; + unsigned long flags; + int idx; + int with_qtcb = (req->qtcb != NULL); /* put allocated FSF request into hash table */ spin_lock_irqsave(&adapter->req_list_lock, flags); @@ -789,7 +790,7 @@ static int zfcp_fsf_req_send(struct zfcp_fsf_req *req) } /* Don't increase for unsolicited status */ - if (req->qtcb) + if (with_qtcb) adapter->fsf_req_seq_no++; adapter->req_no++; -- 2.39.5