diff options
| author | Ewan D. Milne <emilne@redhat.com> | 2017-04-24 13:24:16 -0400 |
|---|---|---|
| committer | Christoph Hellwig <hch@lst.de> | 2017-04-25 20:00:59 +0200 |
| commit | de41447aac034c4acc8d9d1ddbdcb7ce4e8a3f6f (patch) | |
| tree | bef80837e850eee8e11f7a695e2e8cb212d171b6 /drivers/nvme | |
| parent | bbe3012b73b592dfe5f4340a14373840f51887b6 (diff) | |
nvme-fc: avoid memory corruption caused by calling nvmf_free_options() twice
Do not call nvmf_free_options() from the nvme_fc_ctlr destructor if
nvme_fc_create_ctrl() returns an error, because nvmf_create_ctrl()
frees the options when an error is returned.
Signed-off-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'drivers/nvme')
| -rw-r--r-- | drivers/nvme/host/fc.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c index e73862ebb8b4..4976db56e351 100644 --- a/drivers/nvme/host/fc.c +++ b/drivers/nvme/host/fc.c @@ -1716,7 +1716,8 @@ nvme_fc_ctrl_free(struct kref *ref) nvme_fc_rport_put(ctrl->rport); ida_simple_remove(&nvme_fc_ctrl_cnt, ctrl->cnum); - nvmf_free_options(ctrl->ctrl.opts); + if (ctrl->ctrl.opts) + nvmf_free_options(ctrl->ctrl.opts); kfree(ctrl); } @@ -2807,6 +2808,7 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts, ret = nvme_fc_create_association(ctrl); if (ret) { + ctrl->ctrl.opts = NULL; /* initiate nvme ctrl ref counting teardown */ nvme_uninit_ctrl(&ctrl->ctrl); nvme_put_ctrl(&ctrl->ctrl); |