diff options
| author | Dan Carpenter | 2018-11-29 11:55:19 +0100 |
|---|---|---|
| committer | Jens Axboe | 2018-11-29 16:16:06 +0100 |
| commit | 49379e6d1e9370d1e5dc09ca52aff29ae07c8ba6 (patch) | |
| tree | b6ed806f07b4b59c14ed74919f6eb246878d48b6 /block/blk-mq.c | |
| parent | block: add io timeout to sysfs (diff) | |
| download | kernel-qcow2-linux-49379e6d1e9370d1e5dc09ca52aff29ae07c8ba6.tar.gz kernel-qcow2-linux-49379e6d1e9370d1e5dc09ca52aff29ae07c8ba6.tar.xz kernel-qcow2-linux-49379e6d1e9370d1e5dc09ca52aff29ae07c8ba6.zip | |
ataflop: fix error handling in atari_floppy_init()
Smatch complains that there is an off by one if the allocation fails in:
DMABuffer = atari_stram_alloc(BUFFER_SIZE+512, "ataflop");
In that situation, "i" would be point to one element beyond the end of
the unit[] array.
There is a second bug because the error handling calls
blk_mq_free_tag_set(&unit[i].tag_set); regardless of whether
"disk->queue" is NULL or non-NULL. So if blk_mq_init_sq_queue() fails,
then that means unit[i].tag_set->tags is NULL and it leads to an Oops.
It's easiest to call put_disk() before the goto to clean up the partial
iteration. Then the earlier unit[] elements are fully allocated so we
can remove the checks whether "disk->queue" is NULL and the code is
simpler.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'block/blk-mq.c')
0 files changed, 0 insertions, 0 deletions