cxlflash: Correct usage of scsi_host_put()

Currently, scsi_host_put() is being called prematurely in the
remove path and is missing entirely in an error cleanup path.
The former can lead to memory being freed too early with
subsequent access potentially corrupting data whilst the former
would result in a memory leak.

Move the usage on remove to be the last cleanup action taken
and introduce a call to scsi_host_put() in the one initialization
error path that does not use remove to cleanup.

Signed-off-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Signed-off-by: Manoj N. Kumar <manoj@linux.vnet.ibm.com>
Reviewed-by: Brian King <brking@linux.vnet.ibm.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>

diff --git a/drivers/scsi/cxlflash/main.c b/drivers/scsi/cxlflash/main.c
index c1d5c886b375d1b7d6ab78277c0d82cd6950b3b3..6b8b15917ae30568e4cd152eacd63ee0e4101630 100644 (file)
--- a/drivers/scsi/cxlflash/main.c
+++ b/drivers/scsi/cxlflash/main.c
@@ -733,7 +733,6 @@ static void cxlflash_remove(struct pci_dev *pdev)
        case INIT_STATE_SCSI:
                cxlflash_term_local_luns(cfg);
                scsi_remove_host(cfg->host);
-               scsi_host_put(cfg->host);
                /* Fall through */
        case INIT_STATE_AFU:
                term_afu(cfg);
@@ -743,6 +742,7 @@ static void cxlflash_remove(struct pci_dev *pdev)
        case INIT_STATE_NONE:
                flush_work(&cfg->work_q);
                free_mem(cfg);
+               scsi_host_put(cfg->host);
                break;
        }
 
@@ -2404,6 +2404,7 @@ static int cxlflash_probe(struct pci_dev *pdev,
                dev_err(&pdev->dev, "%s: call to scsi_host_alloc failed!\n",
                        __func__);
                rc = -ENOMEM;
+               scsi_host_put(cfg->host);
                goto out;
        }