xfs
[Top] [All Lists]

[PATCH] block: free q->flush_rq in blk_init_allocated_queue error paths

To: linux-fsdevel@xxxxxxxxxxxxxxx
Subject: [PATCH] block: free q->flush_rq in blk_init_allocated_queue error paths
From: Jan Kara <jack@xxxxxxx>
Date: Fri, 10 Oct 2014 16:23:07 +0200
Cc: linux-ext4@xxxxxxxxxxxxxxx, Dave Chinner <david@xxxxxxxxxxxxx>, xfs@xxxxxxxxxxx, cluster-devel@xxxxxxxxxx, Steven Whitehouse <swhiteho@xxxxxxxxxx>, Mark Fasheh <mfasheh@xxxxxxxx>, Joel Becker <jlbec@xxxxxxxxxxxx>, ocfs2-devel@xxxxxxxxxxxxxx, reiserfs-devel@xxxxxxxxxxxxxxx, Jeff Mahoney <jeffm@xxxxxxx>, Dave Kleikamp <shaggy@xxxxxxxxxx>, jfs-discussion@xxxxxxxxxxxxxxxxxxxxx, tytso@xxxxxxx, viro@xxxxxxxxxxxxxxxxxx, Dave Jones <davej@xxxxxxxxxx>, Dave Jones <davej@xxxxxxxxxxxxxxxxx>, Jens Axboe <axboe@xxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <1412951028-4085-1-git-send-email-jack@xxxxxxx>
References: <1412951028-4085-1-git-send-email-jack@xxxxxxx>
From: Dave Jones <davej@xxxxxxxxxx>

Commit 7982e90c3a57 ("block: fix q->flush_rq NULL pointer crash on
dm-mpath flush") moved an allocation to blk_init_allocated_queue(), but
neglected to free that allocation on the error paths that follow.

Signed-off-by: Dave Jones <davej@xxxxxxxxxxxxxxxxx>
Acked-by: Mike Snitzer <snitzer@xxxxxxxxxx>
Signed-off-by: Jens Axboe <axboe@xxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
---
 block/blk-core.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/block/blk-core.c b/block/blk-core.c
index 4cd5ffc18442..bfe16d5af9f9 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -713,7 +713,7 @@ blk_init_allocated_queue(struct request_queue *q, 
request_fn_proc *rfn,
                return NULL;
 
        if (blk_init_rl(&q->root_rl, q, GFP_KERNEL))
-               return NULL;
+               goto fail;
 
        q->request_fn           = rfn;
        q->prep_rq_fn           = NULL;
@@ -737,12 +737,16 @@ blk_init_allocated_queue(struct request_queue *q, 
request_fn_proc *rfn,
        /* init elevator */
        if (elevator_init(q, NULL)) {
                mutex_unlock(&q->sysfs_lock);
-               return NULL;
+               goto fail;
        }
 
        mutex_unlock(&q->sysfs_lock);
 
        return q;
+
+fail:
+       kfree(q->flush_rq);
+       return NULL;
 }
 EXPORT_SYMBOL(blk_init_allocated_queue);
 
-- 
1.8.1.4

<Prev in Thread] Current Thread [Next in Thread>