+void nvmet_ns_free(struct nvmet_ns *ns)
+{
+ struct nvmet_subsys *subsys = ns->subsys;
+
+ mutex_lock(&subsys->lock);
+ if (!list_empty(&ns->dev_link))
+ list_del_init(&ns->dev_link);
+ mutex_unlock(&subsys->lock);
+
+ nvmet_put_namespace(ns);
+}
+
+struct nvmet_ns *nvmet_ns_alloc(struct nvmet_subsys *subsys, u32 nsid)
+{
+ struct nvmet_ns *ns;
+
+ ns = kzalloc(sizeof(*ns), GFP_KERNEL);
+ if (!ns)
+ return NULL;
+
This lacks also:
INIT_LIST_HEAD(&ns->dev_link);
So the list_empty() check in ns_free won't be bogus...
It causes a NULL deref on configfs rmdir.
+ kref_init(&ns->ref);
+ ns->nsid = nsid;
+ ns->subsys = subsys;
+ return ns;
+}
--
To unsubscribe from this list: send the line "unsubscribe linux-block" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
