stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] nvme-fc: Fix initialization order
@ 2023-01-20 17:43 Ross Lagerwall
  2023-01-23  9:09 ` Sagi Grimberg
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Ross Lagerwall @ 2023-01-20 17:43 UTC (permalink / raw)
  To: linux-nvme
  Cc: James Smart, Keith Busch, Jens Axboe, Christoph Hellwig,
	Sagi Grimberg, Ross Lagerwall, stable

ctrl->ops is used by nvme_alloc_admin_tag_set() but set by
nvme_init_ctrl() so reorder the calls to avoid a NULL pointer
dereference.

Fixes: 6dfba1c09c10 ("nvme-fc: use the tagset alloc/free helpers")
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Cc: stable@vger.kernel.org
---
 drivers/nvme/host/fc.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
index 4564f16a0b20..456ee42a6133 100644
--- a/drivers/nvme/host/fc.c
+++ b/drivers/nvme/host/fc.c
@@ -3521,13 +3521,6 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
 
 	nvme_fc_init_queue(ctrl, 0);
 
-	ret = nvme_alloc_admin_tag_set(&ctrl->ctrl, &ctrl->admin_tag_set,
-			&nvme_fc_admin_mq_ops,
-			struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,
-				    ctrl->lport->ops->fcprqst_priv_sz));
-	if (ret)
-		goto out_free_queues;
-
 	/*
 	 * Would have been nice to init io queues tag set as well.
 	 * However, we require interaction from the controller
@@ -3537,10 +3530,17 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
 
 	ret = nvme_init_ctrl(&ctrl->ctrl, dev, &nvme_fc_ctrl_ops, 0);
 	if (ret)
-		goto out_cleanup_tagset;
+		goto out_free_queues;
 
 	/* at this point, teardown path changes to ref counting on nvme ctrl */
 
+	ret = nvme_alloc_admin_tag_set(&ctrl->ctrl, &ctrl->admin_tag_set,
+			&nvme_fc_admin_mq_ops,
+			struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,
+				    ctrl->lport->ops->fcprqst_priv_sz));
+	if (ret)
+		goto fail_ctrl;
+
 	spin_lock_irqsave(&rport->lock, flags);
 	list_add_tail(&ctrl->ctrl_list, &rport->ctrl_list);
 	spin_unlock_irqrestore(&rport->lock, flags);
@@ -3592,8 +3592,6 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
 
 	return ERR_PTR(-EIO);
 
-out_cleanup_tagset:
-	nvme_remove_admin_tag_set(&ctrl->ctrl);
 out_free_queues:
 	kfree(ctrl->queues);
 out_free_ida:
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] nvme-fc: Fix initialization order
  2023-01-20 17:43 [PATCH] nvme-fc: Fix initialization order Ross Lagerwall
@ 2023-01-23  9:09 ` Sagi Grimberg
  2023-01-23 16:41 ` Christoph Hellwig
  2023-01-25 18:40 ` James Smart
  2 siblings, 0 replies; 4+ messages in thread
From: Sagi Grimberg @ 2023-01-23  9:09 UTC (permalink / raw)
  To: Ross Lagerwall, linux-nvme
  Cc: James Smart, Keith Busch, Jens Axboe, Christoph Hellwig, stable

Reviewed-by: Sagi Grimberg <sagi@grimberg.me>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] nvme-fc: Fix initialization order
  2023-01-20 17:43 [PATCH] nvme-fc: Fix initialization order Ross Lagerwall
  2023-01-23  9:09 ` Sagi Grimberg
@ 2023-01-23 16:41 ` Christoph Hellwig
  2023-01-25 18:40 ` James Smart
  2 siblings, 0 replies; 4+ messages in thread
From: Christoph Hellwig @ 2023-01-23 16:41 UTC (permalink / raw)
  To: Ross Lagerwall
  Cc: linux-nvme, James Smart, Keith Busch, Jens Axboe,
	Christoph Hellwig, Sagi Grimberg, stable

Thanks,

applied to nvme-6.2.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] nvme-fc: Fix initialization order
  2023-01-20 17:43 [PATCH] nvme-fc: Fix initialization order Ross Lagerwall
  2023-01-23  9:09 ` Sagi Grimberg
  2023-01-23 16:41 ` Christoph Hellwig
@ 2023-01-25 18:40 ` James Smart
  2 siblings, 0 replies; 4+ messages in thread
From: James Smart @ 2023-01-25 18:40 UTC (permalink / raw)
  To: Ross Lagerwall, linux-nvme
  Cc: James Smart, Keith Busch, Jens Axboe, Christoph Hellwig,
	Sagi Grimberg, stable

On 1/20/2023 9:43 AM, Ross Lagerwall wrote:
> ctrl->ops is used by nvme_alloc_admin_tag_set() but set by
> nvme_init_ctrl() so reorder the calls to avoid a NULL pointer
> dereference.
> 
> Fixes: 6dfba1c09c10 ("nvme-fc: use the tagset alloc/free helpers")
> Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
> Cc: stable@vger.kernel.org
> ---
>   drivers/nvme/host/fc.c | 18 ++++++++----------
>   1 file changed, 8 insertions(+), 10 deletions(-)
> 
> diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
> index 4564f16a0b20..456ee42a6133 100644
> --- a/drivers/nvme/host/fc.c
> +++ b/drivers/nvme/host/fc.c
> @@ -3521,13 +3521,6 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
>   
>   	nvme_fc_init_queue(ctrl, 0);
>   
> -	ret = nvme_alloc_admin_tag_set(&ctrl->ctrl, &ctrl->admin_tag_set,
> -			&nvme_fc_admin_mq_ops,
> -			struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,
> -				    ctrl->lport->ops->fcprqst_priv_sz));
> -	if (ret)
> -		goto out_free_queues;
> -
>   	/*
>   	 * Would have been nice to init io queues tag set as well.
>   	 * However, we require interaction from the controller
> @@ -3537,10 +3530,17 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
>   
>   	ret = nvme_init_ctrl(&ctrl->ctrl, dev, &nvme_fc_ctrl_ops, 0);
>   	if (ret)
> -		goto out_cleanup_tagset;
> +		goto out_free_queues;
>   
>   	/* at this point, teardown path changes to ref counting on nvme ctrl */
>   
> +	ret = nvme_alloc_admin_tag_set(&ctrl->ctrl, &ctrl->admin_tag_set,
> +			&nvme_fc_admin_mq_ops,
> +			struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,
> +				    ctrl->lport->ops->fcprqst_priv_sz));
> +	if (ret)
> +		goto fail_ctrl;
> +
>   	spin_lock_irqsave(&rport->lock, flags);
>   	list_add_tail(&ctrl->ctrl_list, &rport->ctrl_list);
>   	spin_unlock_irqrestore(&rport->lock, flags);
> @@ -3592,8 +3592,6 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
>   
>   	return ERR_PTR(-EIO);
>   
> -out_cleanup_tagset:
> -	nvme_remove_admin_tag_set(&ctrl->ctrl);
>   out_free_queues:
>   	kfree(ctrl->queues);
>   out_free_ida:

Yep. Thanks

Reviewed-by: James Smart <jsmart2021@gmail.com>

-- james



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-01-25 18:41 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-20 17:43 [PATCH] nvme-fc: Fix initialization order Ross Lagerwall
2023-01-23  9:09 ` Sagi Grimberg
2023-01-23 16:41 ` Christoph Hellwig
2023-01-25 18:40 ` James Smart

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).