tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
virtio_blk: NULL out vqs to avoid double free on failed resume
The vblk->vqs releases during freeze. If resume fails before vblk->vqs
is allocated, later freeze/remove may attempt to free vqs again.
Set vblk->vqs to NULL after freeing to avoid double free.
Signed-off-by: Cong Zhang <cong.zhang@oss.qualcomm.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
authored by
Cong Zhang
and committed by
Jens Axboe
0739c2c6
3451cf34
+12
-1
+12
-1
drivers/block/virtio_blk.c
+12
-1
drivers/block/virtio_blk.c
···
1027
1027
out:
1028
1028
kfree(vqs);
1029
1029
kfree(vqs_info);
1030
-
if (err)
1030
+
if (err) {
1031
1031
kfree(vblk->vqs);
1032
+
/*
1033
+
* Set to NULL to prevent freeing vqs again during freezing.
1034
+
*/
1035
+
vblk->vqs = NULL;
1036
+
}
1032
1037
return err;
1033
1038
}
1034
1039
···
1604
1599
1605
1600
vdev->config->del_vqs(vdev);
1606
1601
kfree(vblk->vqs);
1602
+
/*
1603
+
* Set to NULL to prevent freeing vqs again after a failed vqs
1604
+
* allocation during resume. Note that kfree() already handles NULL
1605
+
* pointers safely.
1606
+
*/
1607
+
vblk->vqs = NULL;
1607
1608
1608
1609
return 0;
1609
1610
}