nvme-fc: fix initialization order

[ Upstream commit 98e3528012cd571c48bbae7c7c0f868823254b6c ]

ctrl->ops is used by nvme_alloc_admin_tag_set() but set by
nvme_init_ctrl() so reorder the calls to avoid a NULL pointer
dereference.

Fixes: 6dfba1c09c10 ("nvme-fc: use the tagset alloc/free helpers")
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
index 5f07a6b..6c3d469 100644 (file)
--- a/drivers/nvme/host/fc.c
+++ b/drivers/nvme/host/fc.c
@@ -3508,13 +3508,6 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
 
        nvme_fc_init_queue(ctrl, 0);
 
-       ret = nvme_alloc_admin_tag_set(&ctrl->ctrl, &ctrl->admin_tag_set,
-                       &nvme_fc_admin_mq_ops,
-                       struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,
-                                   ctrl->lport->ops->fcprqst_priv_sz));
-       if (ret)
-               goto out_free_queues;
-
        /*
         * Would have been nice to init io queues tag set as well.
         * However, we require interaction from the controller
@@ -3524,10 +3517,17 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
 
        ret = nvme_init_ctrl(&ctrl->ctrl, dev, &nvme_fc_ctrl_ops, 0);
        if (ret)
-               goto out_cleanup_tagset;
+               goto out_free_queues;
 
        /* at this point, teardown path changes to ref counting on nvme ctrl */
 
+       ret = nvme_alloc_admin_tag_set(&ctrl->ctrl, &ctrl->admin_tag_set,
+                       &nvme_fc_admin_mq_ops,
+                       struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,
+                                   ctrl->lport->ops->fcprqst_priv_sz));
+       if (ret)
+               goto fail_ctrl;
+
        spin_lock_irqsave(&rport->lock, flags);
        list_add_tail(&ctrl->ctrl_list, &rport->ctrl_list);
        spin_unlock_irqrestore(&rport->lock, flags);
@@ -3579,8 +3579,6 @@ fail_ctrl:
 
        return ERR_PTR(-EIO);
 
-out_cleanup_tagset:
-       nvme_remove_admin_tag_set(&ctrl->ctrl);
 out_free_queues:
        kfree(ctrl->queues);
 out_free_ida: