ceph: fix invalid point dereference for error case in mdsc destroy

1. set fsc->mdsc after successfully allocate all necessary memory
in mdsc init.
2. if fsc->mdsc is NULL, just skip destroy operation in mdsc destroy.

Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

1 files changed, 4 insertions, 1 deletions

diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index 3a555b604441..b50044374947 100644
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -3575,7 +3575,6 @@ int ceph_mdsc_init(struct ceph_fs_client *fsc)
         if (!mdsc)
                 return -ENOMEM;
         mdsc->fsc = fsc;
-        fsc->mdsc = mdsc;
         mutex_init(&mdsc->mutex);
         mdsc->mdsmap = kzalloc(sizeof(*mdsc->mdsmap), GFP_NOFS);
         if (!mdsc->mdsmap) {
@@ -3583,6 +3582,7 @@ int ceph_mdsc_init(struct ceph_fs_client *fsc)
                 return -ENOMEM;
         }
 
+        fsc->mdsc = mdsc;
         init_completion(&mdsc->safe_umount_waiters);
         init_waitqueue_head(&mdsc->session_close_wq);
         INIT_LIST_HEAD(&mdsc->waiting_for_map);
@@ -3861,6 +3861,9 @@ void ceph_mdsc_destroy(struct ceph_fs_client *fsc)
         struct ceph_mds_client *mdsc = fsc->mdsc;
         dout("mdsc_destroy %p\n", mdsc);
 
+        if (!mdsc)
+                return;
+
         /* flush out any connection work with references to us */
         ceph_msgr_flush();