From: Dave Jones <da...@redhat.com>
Commit 7982e90c3a57 ("block: fix q->flush_rq NULL pointer crash on
dm-mpath flush") moved an allocation to blk_init_allocated_queue(), but
neglected to free that allocation on the error paths that follow.
Signed-off-by: Dave Jones <da...@fedoraproject.org>
Acked-by: Mike Snitzer <snit...@redhat.com>
Signed-off-by: Jens Axboe <ax...@fb.com>
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
---
block/blk-core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/block/blk-core.c b/block/blk-core.c
index 4cd5ffc18442..bfe16d5af9f9 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -713,7 +713,7 @@ blk_init_allocated_queue(struct request_queue *q,
request_fn_proc *rfn,
return NULL;
if (blk_init_rl(&q->root_rl, q, GFP_KERNEL))
- return NULL;
+ goto fail;
q->request_fn = rfn;
q->prep_rq_fn = NULL;
@@ -737,12 +737,16 @@ blk_init_allocated_queue(struct request_queue *q,
request_fn_proc *rfn,
/* init elevator */
if (elevator_init(q, NULL)) {
mutex_unlock(&q->sysfs_lock);
- return NULL;
+ goto fail;
}
mutex_unlock(&q->sysfs_lock);
return q;
+
+fail:
+ kfree(q->flush_rq);
+ return NULL;
}
EXPORT_SYMBOL(blk_init_allocated_queue);
--
1.8.1.4
