ceph: fix invalid point dereference for error case in mdsc destroy
authorChengguang Xu <cgxu519@gmx.com>
Wed, 14 Mar 2018 05:47:33 +0000 (13:47 +0800)
committerIlya Dryomov <idryomov@gmail.com>
Mon, 2 Apr 2018 08:12:49 +0000 (10:12 +0200)
1. set fsc->mdsc after successfully allocate all necessary memory
in mdsc init.
2. if fsc->mdsc is NULL, just skip destroy operation in mdsc destroy.

Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
fs/ceph/mds_client.c

index 3a555b60444190d5edd786a2b4c9afac562a3752..b50044374947a3fd9aa04e094429fea8a40477f1 100644 (file)
@@ -3575,7 +3575,6 @@ int ceph_mdsc_init(struct ceph_fs_client *fsc)
        if (!mdsc)
                return -ENOMEM;
        mdsc->fsc = fsc;
-       fsc->mdsc = mdsc;
        mutex_init(&mdsc->mutex);
        mdsc->mdsmap = kzalloc(sizeof(*mdsc->mdsmap), GFP_NOFS);
        if (!mdsc->mdsmap) {
@@ -3583,6 +3582,7 @@ int ceph_mdsc_init(struct ceph_fs_client *fsc)
                return -ENOMEM;
        }
 
+       fsc->mdsc = mdsc;
        init_completion(&mdsc->safe_umount_waiters);
        init_waitqueue_head(&mdsc->session_close_wq);
        INIT_LIST_HEAD(&mdsc->waiting_for_map);
@@ -3861,6 +3861,9 @@ void ceph_mdsc_destroy(struct ceph_fs_client *fsc)
        struct ceph_mds_client *mdsc = fsc->mdsc;
        dout("mdsc_destroy %p\n", mdsc);
 
+       if (!mdsc)
+               return;
+
        /* flush out any connection work with references to us */
        ceph_msgr_flush();