3.16.40-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Keith Busch <keith.busch@xxxxxxxxx>
commit d48756228ee9161ac8836b346589a43fabdc9f3c upstream.
The nvme_remove function tears down all allocated resources in the correct
order, so no need to free queues on error during initialization. This
fixes possible use-after-free errors when queues are still associated
with a blk-mq hctx.
Reported-by: Scott Bauer <scott.bauer@xxxxxxxxx>
Tested-by: Scott Bauer <scott.bauer@xxxxxxxxx>
Signed-off-by: Keith Busch <keith.busch@xxxxxxxxx>
Reviewed-by: Sagi Grimberg <sagi@xxxxxxxxxx>
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Jens Axboe <axboe@xxxxxx>
[bwh: Backported to 3.16:
- Adjust filename, context
- Only nvme_setup_io_queues() needs to be fixed]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
--- a/drivers/block/nvme-core.c
+++ b/drivers/block/nvme-core.c
@@ -2196,7 +2196,7 @@ static int nvme_setup_io_queues(struct n
result = queue_request_irq(dev, adminq, adminq->irqname);
if (result) {
adminq->q_suspended = 1;
- goto free_queues;
+ return result;
}
/* Free previously allocated queues that are no longer usable */
@@ -2204,10 +2204,6 @@ static int nvme_setup_io_queues(struct n
nvme_assign_io_queues(dev);
return 0;
-
- free_queues:
- nvme_free_queues(dev, 1);
- return result;
}
/*