cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path

Dan Carpenter reported a Smack static checker warning:
   fs/smb/client/cifsfs.c:1981 init_cifs()
   error: we previously assumed 'serverclose_wq' could be null (see line 1895)

The patch which introduced the serverclose workqueue used the wrong
oredering in error paths in init_cifs() for freeing it on errors.

Fixes: 173217bd7336 ("smb3: retrying on failed server close")
Cc: stable@vger.kernel.org
Cc: Ritvik Budhiraja <rbudhiraja@microsoft.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: David Howells <dhowell@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/client/cifsfs.c b/fs/smb/client/cifsfs.c
index c92937bed13315cd7abdadd54863ec45a79b4b82..2c4b357d85e22cfc60476a0be6e6bf7b24b826f3 100644 (file)
--- a/fs/smb/client/cifsfs.c
+++ b/fs/smb/client/cifsfs.c
@@ -1894,12 +1894,12 @@ init_cifs(void)
                                           WQ_FREEZABLE|WQ_MEM_RECLAIM, 0);
        if (!serverclose_wq) {
                rc = -ENOMEM;
-               goto out_destroy_serverclose_wq;
+               goto out_destroy_deferredclose_wq;
        }
 
        rc = cifs_init_inodecache();
        if (rc)
-               goto out_destroy_deferredclose_wq;
+               goto out_destroy_serverclose_wq;
 
        rc = cifs_init_netfs();
        if (rc)
@@ -1967,6 +1967,8 @@ out_destroy_netfs:
        cifs_destroy_netfs();
 out_destroy_inodecache:
        cifs_destroy_inodecache();
+out_destroy_serverclose_wq:
+       destroy_workqueue(serverclose_wq);
 out_destroy_deferredclose_wq:
        destroy_workqueue(deferredclose_wq);
 out_destroy_cifsoplockd_wq:
@@ -1977,8 +1979,6 @@ out_destroy_decrypt_wq:
        destroy_workqueue(decrypt_wq);
 out_destroy_cifsiod_wq:
        destroy_workqueue(cifsiod_wq);
-out_destroy_serverclose_wq:
-       destroy_workqueue(serverclose_wq);
 out_clean_proc:
        cifs_proc_clean();
        return rc;