From: Hans-Joachim Picht <hpicht@redhat.com> Date: Fri, 23 May 2008 13:41:41 +0200 Subject: [s390] zfcp: memory handling for GID_PN Message-id: 20080523114141.GE22453@redhat.com O-Subject: [RHEL5 U3 PATCH 1/2] s390 - zfcp: Memory handling for GID_PN Bugzilla: 447727 RH-Acked-by: Pete Zaitcev <zaitcev@redhat.com> Description ============ When allocating memory for GID_PN nameserver requests, the allocation function stores the pointer to the mempool, but then overwrites the pointer via memset. Later, the wrong function to free the memory will be called, since this is based on the stored pointer. Fix this by first initializing the struct and then storing the pointer Bugzilla ========= BZ 447727 https://bugzilla.redhat.com/show_bug.cgi?id=447727 Upstream status of the patch: ============================= The patch has been posted upstream http://marc.info/?l=linux-scsi&m=121119237815123&w=2 Test status: ============ The patch has been tested and fixes the problem. The fix was verified by the IBM test team. Please ACK. With best regards, --Hans diff --git a/drivers/s390/scsi/zfcp_aux.c b/drivers/s390/scsi/zfcp_aux.c index f798903..cd9deb1 100644 --- a/drivers/s390/scsi/zfcp_aux.c +++ b/drivers/s390/scsi/zfcp_aux.c @@ -1539,19 +1539,16 @@ zfcp_gid_pn_buffers_alloc(struct zfcp_gid_pn_data **gid_pn, mempool_t *pool) { struct zfcp_gid_pn_data *data; - if (pool != NULL) { + if (pool) data = mempool_alloc(pool, GFP_ATOMIC); - if (likely(data != NULL)) { - data->ct.pool = pool; - } - } else { + else data = kmalloc(sizeof(struct zfcp_gid_pn_data), GFP_ATOMIC); - } if (NULL == data) return -ENOMEM; memset(data, 0, sizeof(*data)); + data->ct.pool = pool; data->ct.req = &data->req; data->ct.resp = &data->resp; data->ct.req_count = data->ct.resp_count = 1;