ceph: fix invalid point dereference for error case in mdsc destroy

1. set fsc->mdsc after successfully allocate all necessary memory
in mdsc init.
2. if fsc->mdsc is NULL, just skip destroy operation in mdsc destroy.

Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
This commit is contained in:
Chengguang Xu 2018-03-14 13:47:33 +08:00 committed by Ilya Dryomov
parent 98cfda8104
commit 50c55aeca2
1 changed files with 4 additions and 1 deletions

View File

@ -3575,7 +3575,6 @@ int ceph_mdsc_init(struct ceph_fs_client *fsc)
if (!mdsc) if (!mdsc)
return -ENOMEM; return -ENOMEM;
mdsc->fsc = fsc; mdsc->fsc = fsc;
fsc->mdsc = mdsc;
mutex_init(&mdsc->mutex); mutex_init(&mdsc->mutex);
mdsc->mdsmap = kzalloc(sizeof(*mdsc->mdsmap), GFP_NOFS); mdsc->mdsmap = kzalloc(sizeof(*mdsc->mdsmap), GFP_NOFS);
if (!mdsc->mdsmap) { if (!mdsc->mdsmap) {
@ -3583,6 +3582,7 @@ int ceph_mdsc_init(struct ceph_fs_client *fsc)
return -ENOMEM; return -ENOMEM;
} }
fsc->mdsc = mdsc;
init_completion(&mdsc->safe_umount_waiters); init_completion(&mdsc->safe_umount_waiters);
init_waitqueue_head(&mdsc->session_close_wq); init_waitqueue_head(&mdsc->session_close_wq);
INIT_LIST_HEAD(&mdsc->waiting_for_map); INIT_LIST_HEAD(&mdsc->waiting_for_map);
@ -3861,6 +3861,9 @@ void ceph_mdsc_destroy(struct ceph_fs_client *fsc)
struct ceph_mds_client *mdsc = fsc->mdsc; struct ceph_mds_client *mdsc = fsc->mdsc;
dout("mdsc_destroy %p\n", mdsc); dout("mdsc_destroy %p\n", mdsc);
if (!mdsc)
return;
/* flush out any connection work with references to us */ /* flush out any connection work with references to us */
ceph_msgr_flush(); ceph_msgr_flush();