block: free q->flush_rq in blk_init_allocated_queue error paths
diff mbox

Message ID 1412951028-4085-3-git-send-email-jack@suse.cz
State New, archived
Headers show

Commit Message

Jan Kara Oct. 10, 2014, 2:23 p.m. UTC
From: Dave Jones <davej@redhat.com>

Commit 7982e90c3a57 ("block: fix q->flush_rq NULL pointer crash on
dm-mpath flush") moved an allocation to blk_init_allocated_queue(), but
neglected to free that allocation on the error paths that follow.

Signed-off-by: Dave Jones <davej@fedoraproject.org>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 block/blk-core.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Jan Kara Oct. 10, 2014, 3:32 p.m. UTC | #1
On Fri 10-10-14 11:19:06, Dave Jones wrote:
> On Fri, Oct 10, 2014 at 04:23:07PM +0200, Jan Kara wrote:
>  > From: Dave Jones <davej@redhat.com>
>  > 
>  > Commit 7982e90c3a57 ("block: fix q->flush_rq NULL pointer crash on
>  > dm-mpath flush") moved an allocation to blk_init_allocated_queue(), but
>  > neglected to free that allocation on the error paths that follow.
>  > 
>  > Signed-off-by: Dave Jones <davej@fedoraproject.org>
>  > Acked-by: Mike Snitzer <snitzer@redhat.com>
>  > Signed-off-by: Jens Axboe <axboe@fb.com>
>  > Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> 
> Um, This got applied months ago.
  Yes, I mistakenly used git-send-email on a wrong directory. Sorry for
confusion...
								Honza

Patch
diff mbox

diff --git a/block/blk-core.c b/block/blk-core.c
index 4cd5ffc18442..bfe16d5af9f9 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -713,7 +713,7 @@  blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn,
 		return NULL;
 
 	if (blk_init_rl(&q->root_rl, q, GFP_KERNEL))
-		return NULL;
+		goto fail;
 
 	q->request_fn		= rfn;
 	q->prep_rq_fn		= NULL;
@@ -737,12 +737,16 @@  blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn,
 	/* init elevator */
 	if (elevator_init(q, NULL)) {
 		mutex_unlock(&q->sysfs_lock);
-		return NULL;
+		goto fail;
 	}
 
 	mutex_unlock(&q->sysfs_lock);
 
 	return q;
+
+fail:
+	kfree(q->flush_rq);
+	return NULL;
 }
 EXPORT_SYMBOL(blk_init_allocated_queue);