virtio_blk: fix panic in initialization error path
authorOmar Sandoval <osandov@fb.com>
Mon, 9 Jan 2017 19:44:12 +0000 (11:44 -0800)
committerJens Axboe <axboe@fb.com>
Tue, 10 Jan 2017 20:30:50 +0000 (13:30 -0700)
If blk_mq_init_queue() returns an error, it gets assigned to
vblk->disk->queue. Then, when we call put_disk(), we end up calling
blk_put_queue() with the ERR_PTR, causing a bad dereference. Fix it by
only assigning to vblk->disk->queue on success.

Signed-off-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
drivers/block/virtio_blk.c

index 3c3b8f6..10332c2 100644 (file)
@@ -630,11 +630,12 @@ static int virtblk_probe(struct virtio_device *vdev)
        if (err)
                goto out_put_disk;
 
-       q = vblk->disk->queue = blk_mq_init_queue(&vblk->tag_set);
+       q = blk_mq_init_queue(&vblk->tag_set);
        if (IS_ERR(q)) {
                err = -ENOMEM;
                goto out_free_tags;
        }
+       vblk->disk->queue = q;
 
        q->queuedata = vblk;