[Qemu-stable] [PATCH 20/97] nvme: Fix nvme

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-stable] [PATCH 20/97] nvme: Fix nvme_init error handling

From:	Michael Roth
Subject:	[Qemu-stable] [PATCH 20/97] nvme: Fix nvme_init error handling
Date:	Mon, 1 Apr 2019 15:58:54 -0500

From: Fam Zheng <address@hidden>

It is wrong to leave this field as 1, as nvme_close() called in the
error handling code in nvme_file_open() will use it and try to free
s->queues again.

Another problem is the cleaning ups are duplicated between the fail*
labels of nvme_init() and nvme_file_open(), which calls nvme_close().

A third problem is nvme_close() misses g_free() and
event_notifier_cleanup().

Fix all of them.

Cc: address@hidden
Signed-off-by: Fam Zheng <address@hidden>

Message-Id: <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Fam Zheng <address@hidden>
(cherry picked from commit 9582f357bb6f6573c9a452743d8f3ab41ba2e3fa)
Signed-off-by: Michael Roth <address@hidden>
---
 block/nvme.c | 37 ++++++++++++-------------------------
 1 file changed, 12 insertions(+), 25 deletions(-)

diff --git a/block/nvme.c b/block/nvme.c
index 6f71122bf5..37805e8890 100644
--- a/block/nvme.c
+++ b/block/nvme.c
@@ -569,13 +569,13 @@ static int nvme_init(BlockDriverState *bs, const char 
*device, int namespace,
     s->vfio = qemu_vfio_open_pci(device, errp);
     if (!s->vfio) {
         ret = -EINVAL;
-        goto fail;
+        goto out;
     }
 
     s->regs = qemu_vfio_pci_map_bar(s->vfio, 0, 0, NVME_BAR_SIZE, errp);
     if (!s->regs) {
         ret = -EINVAL;
-        goto fail;
+        goto out;
     }
 
     /* Perform initialize sequence as described in NVMe spec "7.6.1
@@ -585,7 +585,7 @@ static int nvme_init(BlockDriverState *bs, const char 
*device, int namespace,
     if (!(cap & (1ULL << 37))) {
         error_setg(errp, "Device doesn't support NVMe command set");
         ret = -EINVAL;
-        goto fail;
+        goto out;
     }
 
     s->page_size = MAX(4096, 1 << (12 + ((cap >> 48) & 0xF)));
@@ -603,7 +603,7 @@ static int nvme_init(BlockDriverState *bs, const char 
*device, int namespace,
                              PRId64 " ms)",
                        timeout_ms);
             ret = -ETIMEDOUT;
-            goto fail;
+            goto out;
         }
     }
 
@@ -613,7 +613,7 @@ static int nvme_init(BlockDriverState *bs, const char 
*device, int namespace,
     s->queues[0] = nvme_create_queue_pair(bs, 0, NVME_QUEUE_SIZE, errp);
     if (!s->queues[0]) {
         ret = -EINVAL;
-        goto fail;
+        goto out;
     }
     QEMU_BUILD_BUG_ON(NVME_QUEUE_SIZE & 0xF000);
     s->regs->aqa = cpu_to_le32((NVME_QUEUE_SIZE << 16) | NVME_QUEUE_SIZE);
@@ -633,14 +633,14 @@ static int nvme_init(BlockDriverState *bs, const char 
*device, int namespace,
                              PRId64 " ms)",
                        timeout_ms);
             ret = -ETIMEDOUT;
-            goto fail_queue;
+            goto out;
         }
     }
 
     ret = qemu_vfio_pci_init_irq(s->vfio, &s->irq_notifier,
                                  VFIO_PCI_MSIX_IRQ_INDEX, errp);
     if (ret) {
-        goto fail_queue;
+        goto out;
     }
     aio_set_event_notifier(bdrv_get_aio_context(bs), &s->irq_notifier,
                            false, nvme_handle_event, nvme_poll_cb);
@@ -649,30 +649,15 @@ static int nvme_init(BlockDriverState *bs, const char 
*device, int namespace,
     if (local_err) {
         error_propagate(errp, local_err);
         ret = -EIO;
-        goto fail_handler;
+        goto out;
     }
 
     /* Set up command queues. */
     if (!nvme_add_io_queue(bs, errp)) {
         ret = -EIO;
-        goto fail_handler;
     }
-    return 0;
-
-fail_handler:
-    aio_set_event_notifier(bdrv_get_aio_context(bs), &s->irq_notifier,
-                           false, NULL, NULL);
-fail_queue:
-    nvme_free_queue_pair(bs, s->queues[0]);
-fail:
-    g_free(s->queues);
-    if (s->regs) {
-        qemu_vfio_pci_unmap_bar(s->vfio, 0, (void *)s->regs, 0, NVME_BAR_SIZE);
-    }
-    if (s->vfio) {
-        qemu_vfio_close(s->vfio);
-    }
-    event_notifier_cleanup(&s->irq_notifier);
+out:
+    /* Cleaning up is done in nvme_file_open() upon error. */
     return ret;
 }
 
@@ -739,8 +724,10 @@ static void nvme_close(BlockDriverState *bs)
     for (i = 0; i < s->nr_queues; ++i) {
         nvme_free_queue_pair(bs, s->queues[i]);
     }
+    g_free(s->queues);
     aio_set_event_notifier(bdrv_get_aio_context(bs), &s->irq_notifier,
                            false, NULL, NULL);
+    event_notifier_cleanup(&s->irq_notifier);
     qemu_vfio_pci_unmap_bar(s->vfio, 0, (void *)s->regs, 0, NVME_BAR_SIZE);
     qemu_vfio_close(s->vfio);
 }
-- 
2.17.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-stable] [PATCH 12/97] spapr_cpu_core: vmstate_[un]register per-CPU data from (un)realizefn, (continued)
- [Qemu-stable] [PATCH 12/97] spapr_cpu_core: vmstate_[un]register per-CPU data from (un)realizefn, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 22/97] aio: Do aio_notify_accept only during blocking aio_poll, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 11/97] target/arm: Add sve-max-vq cpu property to -cpu max, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 17/97] block/qapi: Fix memory leak in qmp_query_blockstats(), Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 21/97] aio-posix: Don't count ctx->notifier as progress when polling, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 16/97] target/arm: Use FZ not FZ16 for SVE FCVT single-half and double-half, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 29/97] target/xtensa: fix FPU2000 bugs, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 35/97] block: Fix use after free error in bdrv_open_inherit(), Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 23/97] monitor: fix oob command leak, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 30/97] kvm: add call to qemu_add_opts() for -overcommit option, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 20/97] nvme: Fix nvme_init error handling, Michael Roth <=
- [Qemu-stable] [PATCH 33/97] pc: acpi: revert back to 1 SRAT entry for hotpluggable area, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 36/97] job: Fix nested aio_poll() hanging in job_txn_apply, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 37/97] target/xtensa: fix s32c1i TCGMemOp flags, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 27/97] block: iotest to catch abort on forced blockjob cancel, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 38/97] nbd/server: fix bitmap export, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 43/97] block/rbd: add deprecation documentation for filename keyvalue pairs, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 45/97] ne2000: fix possible out of bound access in ne2000_receive, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 50/97] virtio: do not take address of packed members, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 56/97] nbd: fix NBD_FLAG_SEND_CACHE value, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 58/97] vhost-scsi: prevent using uninitialized vqs, Michael Roth, 2019/04/01

Prev by Date: [Qemu-stable] [PATCH 30/97] kvm: add call to qemu_add_opts() for -overcommit option
Next by Date: [Qemu-stable] [PATCH 33/97] pc: acpi: revert back to 1 SRAT entry for hotpluggable area
Previous by thread: [Qemu-stable] [PATCH 30/97] kvm: add call to qemu_add_opts() for -overcommit option
Next by thread: [Qemu-stable] [PATCH 33/97] pc: acpi: revert back to 1 SRAT entry for hotpluggable area
Index(es):
- Date
- Thread