[PATCH for v4.9 LTS 80/87] virtio_blk: fix panic in initialization error path

2017-07-14 Thread Levin, Alexander (Sasha Levin) 
From: Omar Sandoval 

[ Upstream commit 6bf6b0aa3da84a3d9126919a94c49c0fb7ee2fb3 ]

If blk_mq_init_queue() returns an error, it gets assigned to
vblk->disk->queue. Then, when we call put_disk(), we end up calling
blk_put_queue() with the ERR_PTR, causing a bad dereference. Fix it by
only assigning to vblk->disk->queue on success.

Signed-off-by: Omar Sandoval 
Reviewed-by: Jeff Moyer 
Signed-off-by: Jens Axboe 
Signed-off-by: Sasha Levin 
---
 drivers/block/virtio_blk.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index 3c3b8f601469..10332c24f961 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -630,11 +630,12 @@ static int virtblk_probe(struct virtio_device *vdev)
if (err)
goto out_put_disk;
 
-   q = vblk->disk->queue = blk_mq_init_queue(>tag_set);
+   q = blk_mq_init_queue(>tag_set);
if (IS_ERR(q)) {
err = -ENOMEM;
goto out_free_tags;
}
+   vblk->disk->queue = q;
 
q->queuedata = vblk;
 
-- 
2.11.0

[PATCH for v4.9 LTS 80/87] virtio_blk: fix panic in initialization error path

2017-07-14 Thread Levin, Alexander (Sasha Levin) 
From: Omar Sandoval 

[ Upstream commit 6bf6b0aa3da84a3d9126919a94c49c0fb7ee2fb3 ]

If blk_mq_init_queue() returns an error, it gets assigned to
vblk->disk->queue. Then, when we call put_disk(), we end up calling
blk_put_queue() with the ERR_PTR, causing a bad dereference. Fix it by
only assigning to vblk->disk->queue on success.

Signed-off-by: Omar Sandoval 
Reviewed-by: Jeff Moyer 
Signed-off-by: Jens Axboe 
Signed-off-by: Sasha Levin 
---
 drivers/block/virtio_blk.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index 3c3b8f601469..10332c24f961 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -630,11 +630,12 @@ static int virtblk_probe(struct virtio_device *vdev)
if (err)
goto out_put_disk;
 
-   q = vblk->disk->queue = blk_mq_init_queue(>tag_set);
+   q = blk_mq_init_queue(>tag_set);
if (IS_ERR(q)) {
err = -ENOMEM;
goto out_free_tags;
}
+   vblk->disk->queue = q;
 
q->queuedata = vblk;
 
-- 
2.11.0