diff options
| author | Dan Carpenter <dan.carpenter@oracle.com> | 2018-11-29 13:55:19 +0300 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2018-11-29 08:16:06 -0700 |
| commit | 49379e6d1e9370d1e5dc09ca52aff29ae07c8ba6 (patch) | |
| tree | b6ed806f07b4b59c14ed74919f6eb246878d48b6 /fs/nsfs.c | |
| parent | 65cd1d13b880920054d6c750679baa80b7f9c072 (diff) | |
| download | linux-49379e6d1e9370d1e5dc09ca52aff29ae07c8ba6.tar.bz2 | |
ataflop: fix error handling in atari_floppy_init()
Smatch complains that there is an off by one if the allocation fails in:
DMABuffer = atari_stram_alloc(BUFFER_SIZE+512, "ataflop");
In that situation, "i" would be point to one element beyond the end of
the unit[] array.
There is a second bug because the error handling calls
blk_mq_free_tag_set(&unit[i].tag_set); regardless of whether
"disk->queue" is NULL or non-NULL. So if blk_mq_init_sq_queue() fails,
then that means unit[i].tag_set->tags is NULL and it leads to an Oops.
It's easiest to call put_disk() before the goto to clean up the partial
iteration. Then the earlier unit[] elements are fully allocated so we
can remove the checks whether "disk->queue" is NULL and the code is
simpler.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'fs/nsfs.c')
0 files changed, 0 insertions, 0 deletions