3.16.40-rc1 review patch. If anyone has any objections, please let me know.
------------------ From: Keith Busch <[email protected]> commit d48756228ee9161ac8836b346589a43fabdc9f3c upstream. The nvme_remove function tears down all allocated resources in the correct order, so no need to free queues on error during initialization. This fixes possible use-after-free errors when queues are still associated with a blk-mq hctx. Reported-by: Scott Bauer <[email protected]> Tested-by: Scott Bauer <[email protected]> Signed-off-by: Keith Busch <[email protected]> Reviewed-by: Sagi Grimberg <[email protected]> Reviewed-by: Christoph Hellwig <[email protected]> Signed-off-by: Jens Axboe <[email protected]> [bwh: Backported to 3.16: - Adjust filename, context - Only nvme_setup_io_queues() needs to be fixed] Signed-off-by: Ben Hutchings <[email protected]> --- --- a/drivers/block/nvme-core.c +++ b/drivers/block/nvme-core.c @@ -2196,7 +2196,7 @@ static int nvme_setup_io_queues(struct n result = queue_request_irq(dev, adminq, adminq->irqname); if (result) { adminq->q_suspended = 1; - goto free_queues; + return result; } /* Free previously allocated queues that are no longer usable */ @@ -2204,10 +2204,6 @@ static int nvme_setup_io_queues(struct n nvme_assign_io_queues(dev); return 0; - - free_queues: - nvme_free_queues(dev, 1); - return result; } /*
