On Thu, Aug 23, 2018 at 10:24:58AM +0800, piaojun wrote: > If some error happened before find_vqs, error branch will goto > virtscsi_remove_vqs to free vqs. Actually the vqs have not been allocated > successfully, so this will cause wild-pointer-free problem. So > virtscsi_remove_vqs could be deleted as no error will happen after > find_vqs. > > Signed-off-by: Jun Piao <piaojun@xxxxxxxxxx> > --- > drivers/scsi/virtio_scsi.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c > index 1c72db9..da0fd74 100644 > --- a/drivers/scsi/virtio_scsi.c > +++ b/drivers/scsi/virtio_scsi.c > @@ -833,8 +833,6 @@ static int virtscsi_init(struct virtio_device *vdev, > kfree(names); > kfree(callbacks); > kfree(vqs); > - if (err) > - virtscsi_remove_vqs(vdev); Can you provide more details about the problem? drivers/virtio/virtio_pci_common.c:vp_del_vqs() looks fine to me, it iterates over vdev->vqs. The vdev->vqs list has been initialized in drivers/virtio/virtio.c:register_virtio_device() and it's empty. Stefan
Attachment:
signature.asc
Description: PGP signature
