commit bea54ef53fce57c8b2f11315c9384e43b2ecb321
author Israel Rukshin <israelr@mellanox.com> Tue Mar 24 17:29:45 2020 +0200
committer Keith Busch <kbusch@kernel.org> Thu Mar 26 04:51:56 2020 +0900
tree c76af6a3fb23da03ef027428c47f2c15a578310b
parent 96135862dfcce38b98beff7d1009188263b7e6f7

nvme-tcp: Add warning on state change failure at nvme_tcp_setup_ctrl

The transition to LIVE state should not fail in case of a new controller.
Moving to DELETING state before nvme_tcp_create_ctrl() allocates all the
resources may leads to NULL dereference at teardown flow (e.g., IO tagset,
admin_q, connect_q).

Signed-off-by: Israel Rukshin <israelr@mellanox.com>
Reviewed-by: Max Gurtovoy <maxg@mellanox.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <kbusch@kernel.org>

drivers/nvme/host/tcp.c

diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
index f111430..0ef14f0 100644
--- a/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -1930,8 +1930,13 @@ static int nvme_tcp_setup_ctrl(struct nvme_ctrl *ctrl, bool new)
 	}
 
 	if (!nvme_change_ctrl_state(ctrl, NVME_CTRL_LIVE)) {
-		/* state change failure is ok if we're in DELETING state */
+		/*
+		 * state change failure is ok if we're in DELETING state,
+		 * unless we're during creation of a new controller to
+		 * avoid races with teardown flow.
+		 */
 		WARN_ON_ONCE(ctrl->state != NVME_CTRL_DELETING);
+		WARN_ON_ONCE(new);
 		ret = -EINVAL;
 		goto destroy_io;
 	}