From 708f04d2abf4e90abee61d9ffb1f165038017ecf Mon Sep 17 00:00:00 2001 From: Dave Jones Date: Thu, 20 Mar 2014 15:03:58 -0600 Subject: [PATCH] block: free q->flush_rq in blk_init_allocated_queue error paths Commit 7982e90c3a57 ("block: fix q->flush_rq NULL pointer crash on dm-mpath flush") moved an allocation to blk_init_allocated_queue(), but neglected to free that allocation on the error paths that follow. Signed-off-by: Dave Jones Acked-by: Mike Snitzer Signed-off-by: Jens Axboe Signed-off-by: Linus Torvalds --- block/blk-core.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/block/blk-core.c b/block/blk-core.c index 4cd5ffc18442..bfe16d5af9f9 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -713,7 +713,7 @@ blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn, return NULL; if (blk_init_rl(&q->root_rl, q, GFP_KERNEL)) - return NULL; + goto fail; q->request_fn = rfn; q->prep_rq_fn = NULL; @@ -737,12 +737,16 @@ blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn, /* init elevator */ if (elevator_init(q, NULL)) { mutex_unlock(&q->sysfs_lock); - return NULL; + goto fail; } mutex_unlock(&q->sysfs_lock); return q; + +fail: + kfree(q->flush_rq); + return NULL; } EXPORT_SYMBOL(blk_init_allocated_queue); -- 2.34.1