From 92d499d4905ce79c41a4b9a399ab6b89188f87e9 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Wed, 23 Aug 2017 14:20:57 +0300 Subject: [PATCH] skd: error pointer dereference in skd_cons_disk() My initial impulse was to check for IS_ERR_OR_NULL() but when I looked at this code a bit more closely, we should only need to check for IS_ERR(). The blk_mq_alloc_tag_set() returns negative error codes and zero on success so we can just do an "if (rc) goto err_out;". It's better to preserve the error code anyhow. The blk_mq_init_queue() returns error pointers on failure, it never returns NULL. We can also remove the "q = NULL;" at the start because that's no longer needed. Fixes: ca33dd92968b ("skd: Convert to blk-mq") Signed-off-by: Dan Carpenter Signed-off-by: Jens Axboe --- drivers/block/skd_main.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/drivers/block/skd_main.c b/drivers/block/skd_main.c index 35938ee0651a..a467c18cc047 100644 --- a/drivers/block/skd_main.c +++ b/drivers/block/skd_main.c @@ -2862,7 +2862,6 @@ static int skd_cons_disk(struct skd_device *skdev) disk->fops = &skd_blockdev_ops; disk->private_data = skdev; - q = NULL; memset(&skdev->tag_set, 0, sizeof(skdev->tag_set)); skdev->tag_set.ops = &skd_mq_ops; skdev->tag_set.nr_hw_queues = 1; @@ -2874,13 +2873,13 @@ static int skd_cons_disk(struct skd_device *skdev) BLK_MQ_F_SG_MERGE | BLK_ALLOC_POLICY_TO_MQ_FLAG(BLK_TAG_ALLOC_FIFO); skdev->tag_set.driver_data = skdev; - if (blk_mq_alloc_tag_set(&skdev->tag_set) >= 0) { - q = blk_mq_init_queue(&skdev->tag_set); - if (!q) - blk_mq_free_tag_set(&skdev->tag_set); - } - if (!q) { - rc = -ENOMEM; + rc = blk_mq_alloc_tag_set(&skdev->tag_set); + if (rc) + goto err_out; + q = blk_mq_init_queue(&skdev->tag_set); + if (IS_ERR(q)) { + blk_mq_free_tag_set(&skdev->tag_set); + rc = PTR_ERR(q); goto err_out; } blk_queue_bounce_limit(q, BLK_BOUNCE_HIGH); -- 2.20.1