nvme/pci: Don't free queues on error

commit d48756228ee9161ac8836b346589a43fabdc9f3c upstream.

The nvme_remove function tears down all allocated resources in the correct
order, so no need to free queues on error during initialization. This
fixes possible use-after-free errors when queues are still associated
with a blk-mq hctx.

Reported-by: Scott Bauer <scott.bauer@intel.com>
Tested-by: Scott Bauer <scott.bauer@intel.com>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Sagi Grimberg <sagi@grimbeg.me>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
[bwh: Backported to 3.16:
 - Adjust filename, context
 - Only nvme_setup_io_queues() needs to be fixed]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

diff --git a/drivers/block/nvme-core.c b/drivers/block/nvme-core.c
index 02351e2171651dc47585d4f5a25a9b5e85d303f3..b815b425a099a3d3e737f5e5f8d92405daf56910 100644 (file)
--- a/drivers/block/nvme-core.c
+++ b/drivers/block/nvme-core.c
@@ -2196,7 +2196,7 @@ static int nvme_setup_io_queues(struct nvme_dev *dev)
        result = queue_request_irq(dev, adminq, adminq->irqname);
        if (result) {
                adminq->q_suspended = 1;
-               goto free_queues;
+               return result;
        }
 
        /* Free previously allocated queues that are no longer usable */
@@ -2204,10 +2204,6 @@ static int nvme_setup_io_queues(struct nvme_dev *dev)
        nvme_assign_io_queues(dev);
 
        return 0;
-
- free_queues:
-       nvme_free_queues(dev, 1);
-       return result;
 }
 
 /*