| Message ID | 1464243807-27526-1-git-send-email-mlin@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Wed, May 25, 2016 at 11:23:27PM -0700, Ming Lin wrote: > From: Ming Lin <ming.l@samsung.com> > > blk_mq_init_queue() calls blk_mq_init_allocated_queue(), but q->mq_ops > was not cleared when blk_mq_init_allocated_queue() fails. > Then blk_cleanup_queue() calls blk_mq_free_queue() which will crash because: > - q->all_q_node is not added to all_q_list yet > - q->tag_set is NULL > - hctx was not setup yet or already freed > > Fixed it by clearing q->mq_ops on error path. Looks fine, Reviewed-by: Christoph Hellwig <hch@lst.de> -- To unsubscribe from this list: send the line "unsubscribe linux-block" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 05/26/2016 12:23 AM, Ming Lin wrote: > From: Ming Lin <ming.l@samsung.com> > > blk_mq_init_queue() calls blk_mq_init_allocated_queue(), but q->mq_ops > was not cleared when blk_mq_init_allocated_queue() fails. > Then blk_cleanup_queue() calls blk_mq_free_queue() which will crash because: > - q->all_q_node is not added to all_q_list yet > - q->tag_set is NULL > - hctx was not setup yet or already freed > > Fixed it by clearing q->mq_ops on error path. Thanks Ming, applied for this series.
diff --git a/block/blk-mq.c b/block/blk-mq.c index 67bf8ed..86f08b1 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2054,7 +2054,7 @@ struct request_queue *blk_mq_init_allocated_queue(struct blk_mq_tag_set *set, q->queue_ctx = alloc_percpu(struct blk_mq_ctx); if (!q->queue_ctx) - return ERR_PTR(-ENOMEM); + goto err_exit; q->queue_hw_ctx = kzalloc_node(nr_cpu_ids * sizeof(*(q->queue_hw_ctx)), GFP_KERNEL, set->numa_node); @@ -2118,6 +2118,8 @@ err_map: kfree(q->queue_hw_ctx); err_percpu: free_percpu(q->queue_ctx); +err_exit: + q->mq_ops = NULL; return ERR_PTR(-ENOMEM); } EXPORT_SYMBOL(blk_mq_init_allocated_queue);