__ublk_destroy_dev() is called for handling error in ublk_add_dev(),
but either tagset isn't allocated or mutex isn't initialized.
So fix the issue by letting ublk_add_dev cleanup its own allocation,
and simply call kfree(ub) outside of ublk_add_dev which is named
as ublk_add_tagset(), meantime ublk_add_chdev() is moved out too.
Now the error handling in ublk_ctrl_add_dev() becomes more readable.
Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx>
---
drivers/block/ublk_drv.c | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
index f058f40b639c..a427f020527d 100644
--- a/drivers/block/ublk_drv.c
+++ b/drivers/block/ublk_drv.c
@@ -1093,7 +1093,7 @@ static void ublk_align_max_io_size(struct ublk_device *ub)
}
/* add tag_set & cdev, cleanup everything in case of failure */
-static int ublk_add_dev(struct ublk_device *ub)
+static int ublk_add_tagset(struct ublk_device *ub)
{
int err = -ENOMEM;
@@ -1108,7 +1108,7 @@ static int ublk_add_dev(struct ublk_device *ub)
INIT_DELAYED_WORK(&ub->monitor_work, ublk_daemon_monitor_work);
if (ublk_init_queues(ub))
- goto out_destroy_dev;
+ return err;
ub->tag_set.ops = &ublk_mq_ops;
ub->tag_set.nr_hw_queues = ub->dev_info.nr_hw_queues;
@@ -1125,13 +1125,10 @@ static int ublk_add_dev(struct ublk_device *ub)
mutex_init(&ub->mutex);
spin_lock_init(&ub->mm_lock);
- /* add char dev so that ublksrv daemon can be setup */
- return ublk_add_chdev(ub);
+ return 0;
out_deinit_queues:
ublk_deinit_queues(ub);
-out_destroy_dev:
- __ublk_destroy_dev(ub);
return err;
}
@@ -1330,7 +1327,18 @@ static int ublk_ctrl_add_dev(struct io_uring_cmd *cmd)
/* update device id */
ub->dev_info.dev_id = ub->ub_number;
- ret = ublk_add_dev(ub);
+ ret = ublk_add_tagset(ub);
+ if (ret) {
+ kfree(ub);
+ goto out_unlock;
+ }
+
+ /*
+ * add char dev so that ublksrv daemon can be setup
+ *
+ * ublk_add_chdev() will cleanup everything if it fails.
+ */
+ ret = ublk_add_chdev(ub);
if (ret)
goto out_unlock;
--
2.31.1
