On Wed, Apr 08, 2009 at 01:29:45PM +0200, Heiko Carstens wrote: > On Mon, 06 Apr 2009 18:31:47 +0200 > Christof Schmitt <christof.schmitt@xxxxxxxxxx> wrote: > > + els_fc_job->els.adapter = adapter; > > + if (rport) { > > + read_lock_irq(&zfcp_data.config_lock); > > + port = rport->dd_data; > > + if (port) > > + zfcp_port_get(port); > > + read_unlock_irq(&zfcp_data.config_lock); > > + if (!port) { > > + kfree(els_fc_job); > > + return -EINVAL; > > + } > > + els_fc_job->els.port = port; > > + els_fc_job->els.d_id = port->d_id; > > + zfcp_port_put(port); > > + } else { > > This piece looks a bit strange. Why is the reference count of the port > increased and afterwards decreased again? Still the pointer to the port > gets added to els_fc_job->els.port and therefore the structure will be > accessed later. > > So either the reference count is decreased too early and this is a bug > or it's not needed at all. Only the d_id is needed from the port, after this we don't access the port anymore. The assignment of the pointer to els.port is not required. We might do without the reference count and try to get the d_id while holding the config_lock. Christof -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html