[SCSI] zfcp: Avoid referencing freed memory in req send

Avoid referencing a fsf request after sending it in fcp_fsf_req_send,
it might have already completed and deallocated.

Signed-off-by: Martin Petermann <martin@linux.vnet.ibm.com>
Signed-off-by: Christof Schmitt <christof.schmitt@de.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c
index b29f312..fa896dc 100644 (file)
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -766,8 +766,9 @@ static struct zfcp_fsf_req *zfcp_fsf_req_create(struct zfcp_adapter *adapter,
 static int zfcp_fsf_req_send(struct zfcp_fsf_req *req)
 {
        struct zfcp_adapter *adapter = req->adapter;
-       unsigned long flags;
-       int idx;
+       unsigned long        flags;
+       int                  idx;
+       int                  with_qtcb = (req->qtcb != NULL);
 
        /* put allocated FSF request into hash table */
        spin_lock_irqsave(&adapter->req_list_lock, flags);
@@ -789,7 +790,7 @@ static int zfcp_fsf_req_send(struct zfcp_fsf_req *req)
        }
 
        /* Don't increase for unsolicited status */
-       if (req->qtcb)
+       if (with_qtcb)
                adapter->fsf_req_seq_no++;
        adapter->req_no++;