engines/xnvme: fix segfault issue with xnvme ioengine

fix segfault when xnvme ioengine is called without thread=1.
The segfault happens because td->io_ops_data is accessed at
two locations xnvme_fioe_cleanup and xnvme_fioe_iomem_free,
during the error handling call.

Signed-off-by: Ankit Kumar <ankit.kumar@samsung.com>
Link: https://lore.kernel.org/r/20220816053821.440-2-ankit.kumar@samsung.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/engines/xnvme.c b/engines/xnvme.c
index c11b33a805bce69536bb1eceb8cd35bb18740a5b..d86474814ae942992c794380dbd5536e43b30f44 100644 (file)
--- a/engines/xnvme.c
+++ b/engines/xnvme.c
@@ -205,9 +205,14 @@ static void _dev_close(struct thread_data *td, struct xnvme_fioe_fwrap *fwrap)
 
 static void xnvme_fioe_cleanup(struct thread_data *td)
 {
-       struct xnvme_fioe_data *xd = td->io_ops_data;
+       struct xnvme_fioe_data *xd = NULL;
        int err;
 
+       if (!td->io_ops_data)
+               return;
+
+       xd = td->io_ops_data;
+
        err = pthread_mutex_lock(&g_serialize);
        if (err)
                log_err("ioeng->cleanup(): pthread_mutex_lock(), err(%d)\n", err);
@@ -367,8 +372,14 @@ static int xnvme_fioe_iomem_alloc(struct thread_data *td, size_t total_mem)
 /* NOTE: using the first device for buffer-allocators) */
 static void xnvme_fioe_iomem_free(struct thread_data *td)
 {
-       struct xnvme_fioe_data *xd = td->io_ops_data;
-       struct xnvme_fioe_fwrap *fwrap = &xd->files[0];
+       struct xnvme_fioe_data *xd = NULL;
+       struct xnvme_fioe_fwrap *fwrap = NULL;
+
+       if (!td->io_ops_data)
+               return;
+
+       xd = td->io_ops_data;
+       fwrap = &xd->files[0];
 
        if (!fwrap->dev) {
                log_err("ioeng->iomem_free(): failed no dev-handle\n");