[PATCH] nvme-fc: Fix initialization order

James Smart jsmart2021 at gmail.com
Wed Jan 25 10:40:41 PST 2023 

On 1/20/2023 9:43 AM, Ross Lagerwall wrote:
> ctrl->ops is used by nvme_alloc_admin_tag_set() but set by
> nvme_init_ctrl() so reorder the calls to avoid a NULL pointer
> dereference.
> 
> Fixes: 6dfba1c09c10 ("nvme-fc: use the tagset alloc/free helpers")
> Signed-off-by: Ross Lagerwall <ross.lagerwall at citrix.com>
> Cc: stable at vger.kernel.org
> ---
>   drivers/nvme/host/fc.c | 18 ++++++++----------
>   1 file changed, 8 insertions(+), 10 deletions(-)
> 
> diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
> index 4564f16a0b20..456ee42a6133 100644
> --- a/drivers/nvme/host/fc.c
> +++ b/drivers/nvme/host/fc.c
> @@ -3521,13 +3521,6 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
>   
>   	nvme_fc_init_queue(ctrl, 0);
>   
> -	ret = nvme_alloc_admin_tag_set(&ctrl->ctrl, &ctrl->admin_tag_set,
> -			&nvme_fc_admin_mq_ops,
> -			struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,
> -				    ctrl->lport->ops->fcprqst_priv_sz));
> -	if (ret)
> -		goto out_free_queues;
> -
>   	/*
>   	 * Would have been nice to init io queues tag set as well.
>   	 * However, we require interaction from the controller
> @@ -3537,10 +3530,17 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
>   
>   	ret = nvme_init_ctrl(&ctrl->ctrl, dev, &nvme_fc_ctrl_ops, 0);
>   	if (ret)
> -		goto out_cleanup_tagset;
> +		goto out_free_queues;
>   
>   	/* at this point, teardown path changes to ref counting on nvme ctrl */
>   
> +	ret = nvme_alloc_admin_tag_set(&ctrl->ctrl, &ctrl->admin_tag_set,
> +			&nvme_fc_admin_mq_ops,
> +			struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,
> +				    ctrl->lport->ops->fcprqst_priv_sz));
> +	if (ret)
> +		goto fail_ctrl;
> +
>   	spin_lock_irqsave(&rport->lock, flags);
>   	list_add_tail(&ctrl->ctrl_list, &rport->ctrl_list);
>   	spin_unlock_irqrestore(&rport->lock, flags);
> @@ -3592,8 +3592,6 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
>   
>   	return ERR_PTR(-EIO);
>   
> -out_cleanup_tagset:
> -	nvme_remove_admin_tag_set(&ctrl->ctrl);
>   out_free_queues:
>   	kfree(ctrl->queues);
>   out_free_ida:

Yep. Thanks

Reviewed-by: James Smart <jsmart2021 at gmail.com>

-- james

More information about the Linux-nvme mailing list