nvmet: Fix possible infinite loop triggered on hot namespace removal

	mutex_lock(&subsys->lock);

	ret = -EBUSY;

	if (nvmet_ns_enabled(ns))

	if (ns->enabled)

		goto out_unlock;

	kfree(ns->device_path);

	int ret = 0;

	mutex_lock(&subsys->lock);

	if (nvmet_ns_enabled(ns)) {

	if (ns->enabled) {

		ret = -EBUSY;

		goto out_unlock;

	}

static ssize_t nvmet_ns_enable_show(struct config_item *item, char *page)

{

	return sprintf(page, "%d\n", nvmet_ns_enabled(to_nvmet_ns(item)));

	return sprintf(page, "%d\n", to_nvmet_ns(item)->enabled);

}

static ssize_t nvmet_ns_enable_store(struct config_item *item,

	int ret = 0;

	mutex_lock(&subsys->lock);

	if (!list_empty(&ns->dev_link))

	if (ns->enabled)

		goto out_unlock;

	ns->bdev = blkdev_get_by_path(ns->device_path, FMODE_READ | FMODE_WRITE,

	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)

		nvmet_add_async_event(ctrl, NVME_AER_TYPE_NOTICE, 0, 0);

	ns->enabled = true;

	ret = 0;

out_unlock:

	mutex_unlock(&subsys->lock);

	struct nvmet_ctrl *ctrl;

	mutex_lock(&subsys->lock);

	if (list_empty(&ns->dev_link)) {

		mutex_unlock(&subsys->lock);

		return;

	}

	list_del_init(&ns->dev_link);

	if (!ns->enabled)

		goto out_unlock;

	ns->enabled = false;

	list_del_rcu(&ns->dev_link);

	mutex_unlock(&subsys->lock);

	/*

	if (ns->bdev)

		blkdev_put(ns->bdev, FMODE_WRITE|FMODE_READ);

out_unlock:

	mutex_unlock(&subsys->lock);

}

	loff_t			size;

	u8			nguid[16];

	bool			enabled;

	struct nvmet_subsys	*subsys;

	const char		*device_path;

	return container_of(to_config_group(item), struct nvmet_ns, group);

}

static inline bool nvmet_ns_enabled(struct nvmet_ns *ns)

{

	return !list_empty_careful(&ns->dev_link);

}

struct nvmet_cq {

	u16			qid;

	u16			size;