Commit 98e35280 authored by Ross Lagerwall's avatar Ross Lagerwall Committed by Christoph Hellwig
Browse files

nvme-fc: fix initialization order 



ctrl->ops is used by nvme_alloc_admin_tag_set() but set by
nvme_init_ctrl() so reorder the calls to avoid a NULL pointer
dereference.

Fixes: 6dfba1c0 ("nvme-fc: use the tagset alloc/free helpers")
Signed-off-by: default avatarRoss Lagerwall <ross.lagerwall@citrix.com>
Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
parent 955bc122

drivers/nvme/host/fc.c

+8 −10
Original line number Diff line number Diff line
@@ -3521,13 +3521,6 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts, 


	nvme_fc_init_queue(ctrl, 0);



	ret = nvme_alloc_admin_tag_set(&ctrl->ctrl, &ctrl->admin_tag_set,

			&nvme_fc_admin_mq_ops,

			struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,

				    ctrl->lport->ops->fcprqst_priv_sz));

	if (ret)

		goto out_free_queues;



	/*

	 * Would have been nice to init io queues tag set as well.

	 * However, we require interaction from the controller
@@ -3537,10 +3530,17 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts, 


	ret = nvme_init_ctrl(&ctrl->ctrl, dev, &nvme_fc_ctrl_ops, 0);

	if (ret)

		goto out_cleanup_tagset;

		goto out_free_queues;



	/* at this point, teardown path changes to ref counting on nvme ctrl */



	ret = nvme_alloc_admin_tag_set(&ctrl->ctrl, &ctrl->admin_tag_set,

			&nvme_fc_admin_mq_ops,

			struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,

				    ctrl->lport->ops->fcprqst_priv_sz));

	if (ret)

		goto fail_ctrl;



	spin_lock_irqsave(&rport->lock, flags);

	list_add_tail(&ctrl->ctrl_list, &rport->ctrl_list);

	spin_unlock_irqrestore(&rport->lock, flags);
@@ -3592,8 +3592,6 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts, 


	return ERR_PTR(-EIO);



out_cleanup_tagset:

	nvme_remove_admin_tag_set(&ctrl->ctrl);

out_free_queues:

	kfree(ctrl->queues);

out_free_ida: