On Fri, Jul 22, 2022 at 10:58:59AM +0800, Ziyang Zhang wrote:
> On 2022/7/22 10:36, Ming Lei wrote:
> > ublk_device is allocated in ublk_ctrl_add_dev(), so code will become more
> > readable by just letting ublk_ctrl_add_dev() destroy ublk_device in case
> > of ublk_add_dev() failure.
> >
> > Meantime ub->mutex is destroyed in __ublk_destroy_dev(), but it may
> > not be initialized when ublk_add_dev() fails, so fix it by moving
> > mutex_init(ub->mutex) before any failure path.
> >
> > Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx>
> > ---
> > drivers/block/ublk_drv.c | 10 +++++-----
> > 1 file changed, 5 insertions(+), 5 deletions(-)
> >
> > diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
> > index f058f40b639c..d03563286c76 100644
> > --- a/drivers/block/ublk_drv.c
> > +++ b/drivers/block/ublk_drv.c
> > @@ -1106,9 +1106,10 @@ static int ublk_add_dev(struct ublk_device *ub)
> >
> > INIT_WORK(&ub->stop_work, ublk_stop_work_fn);
> > INIT_DELAYED_WORK(&ub->monitor_work, ublk_daemon_monitor_work);
> > + mutex_init(&ub->mutex);
> >
> > if (ublk_init_queues(ub))
> > - goto out_destroy_dev;
> > + return err;
> >
> > ub->tag_set.ops = &ublk_mq_ops;
> > ub->tag_set.nr_hw_queues = ub->dev_info.nr_hw_queues;
> > @@ -1122,7 +1123,6 @@ static int ublk_add_dev(struct ublk_device *ub)
> > goto out_deinit_queues;
> >
> > ublk_align_max_io_size(ub);
> > - mutex_init(&ub->mutex);
> > spin_lock_init(&ub->mm_lock);
> >
> > /* add char dev so that ublksrv daemon can be setup */
> > @@ -1130,8 +1130,6 @@ static int ublk_add_dev(struct ublk_device *ub)
> >
> > out_deinit_queues:
> > ublk_deinit_queues(ub);
> > -out_destroy_dev:
> > - __ublk_destroy_dev(ub);
> > return err;
> > }
> >
> > @@ -1331,8 +1329,10 @@ static int ublk_ctrl_add_dev(struct io_uring_cmd *cmd)
> > ub->dev_info.dev_id = ub->ub_number;
> >
> > ret = ublk_add_dev(ub);
> > - if (ret)
> > + if (ret) {
> > + __ublk_destroy_dev(ub);
> > goto out_unlock;
> > + }
>
> Hi, Ming.
>
> Now, if ublk_add_dev() returns failure, __ublk_destroy_dev() is called anyway.
>
> However, in current ublk_drv:ublk_add_dev():
>
> ...
> return ublk_add_chdev(ub); <---- here
> out_deinit_queues:
> ublk_deinit_queues(ub);
> out_destroy_dev:
> __ublk_destroy_dev(ub);
> return err;
>
>
> ublk_add_chdev() returns and the returned value(maybe a failure) directly
> pass to ublk_ctrl_add_dev which does NOT call __ublk_destroy_dev()
>
> please check it is correct to call __ublk_destroy_dev() if ublk_add_chdev() fails.
If ublk_add_chdev fails, we shouldn't call __ublk_destroy_dev() any
more, since ublk_add_chdev() does handle the cleanup, so this patch
is wrong.
will fix it in V2.
Thanks,
Ming
