virtio_blk: fix panic in initialization error path

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If blk_mq_init_queue() returns an error, it gets assigned to
vblk->disk->queue. Then, when we call put_disk(), we end up calling
blk_put_queue() with the ERR_PTR, causing a bad dereference. Fix it by
only assigning to vblk->disk->queue on success.

Signed-off-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Jens Axboe <axboe@fb.com>

authored by

Omar Sandoval and committed by

Jens Axboe 9 years ago 6bf6b0aa 25b4acfc

+2 -1

1 changed file

expand all

drivers

block

virtio_blk.c

+2 -1

drivers/block/virtio_blk.c

··· 630 630 if (err) 631 631 goto out_put_disk; 632 632 633 - q = vblk->disk->queue = blk_mq_init_queue(&vblk->tag_set); 633 + q = blk_mq_init_queue(&vblk->tag_set); 634 634 if (IS_ERR(q)) { 635 635 err = -ENOMEM; 636 636 goto out_free_tags; 637 637 } 638 + vblk->disk->queue = q; 638 639 639 640 q->queuedata = vblk; 640 641