nvme_fc: Fix crash when nvme controller connection fails.
authorJames Smart <jsmart2021@gmail.com>
Fri, 16 Jun 2017 06:40:54 +0000 (23:40 -0700)
committerJens Axboe <axboe@kernel.dk>
Wed, 28 Jun 2017 14:14:13 +0000 (08:14 -0600)
If a controller connection is attempted (say to a subsystem that
does not exist), the first attempt errors out.  If another connect
is attempted, it crashes.

Issue is the prior controller has yet execute it's final put, thus
its still on lists. However, opts points on it have been cleared, thus
causing the crash if they are referenced.

Fix is to add the missing put after the nvme_uninit_ctrl() call on
the attachment failure.

Signed-off-by: Paul Ely <Paul.Ely@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
drivers/nvme/host/fc.c

index cdd138c..9444495 100644 (file)
@@ -2764,6 +2764,9 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts,
                nvme_uninit_ctrl(&ctrl->ctrl);
                nvme_put_ctrl(&ctrl->ctrl);
 
+               /* Remove core ctrl ref. */
+               nvme_put_ctrl(&ctrl->ctrl);
+
                /* as we're past the point where we transition to the ref
                 * counting teardown path, if we return a bad pointer here,
                 * the calling routine, thinking it's prior to the