aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMinfei Huang <mnghuan@gmail.com>2016-08-09 04:39:20 -0400
committerMichael S. Tsirkin <mst@redhat.com>2016-08-09 06:42:39 -0400
commit347a529398e8e723338cca5d8a8ae2d9e7e93448 (patch)
tree3dcf003ea2d1c35c342fbd93d9342a4014f25f2c
parent28ad55578b8a76390d966b09da8c7fa3644f5140 (diff)
virtio_blk: Fix a slient kernel panic
We do a lot of memory allocation in function init_vq, and don't handle the allocation failure properly. Then this function will return 0, although initialization fails due to lacking memory. At that moment, kernel will panic in guest machine, if virtio is used to drive disk. To fix this bug, we should take care of allocation failure, and return correct value to let caller know what happen. Tested-by: Chao Fan <fanc.fnst@cn.fujitsu.com> Signed-off-by: Minfei Huang <mnghuan@gmail.com> Signed-off-by: Minfei Huang <minfei.hmf@alibaba-inc.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat
-rw-r--r--drivers/block/virtio_blk.c26
1 files changed, 8 insertions, 18 deletions
diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index 1523e05c46fc..93b1aaa5ba3b 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -391,22 +391,16 @@ static int init_vq(struct virtio_blk *vblk)
391 num_vqs = 1; 391 num_vqs = 1;
392 392
393 vblk->vqs = kmalloc(sizeof(*vblk->vqs) * num_vqs, GFP_KERNEL); 393 vblk->vqs = kmalloc(sizeof(*vblk->vqs) * num_vqs, GFP_KERNEL);
394 if (!vblk->vqs) { 394 if (!vblk->vqs)
395 err = -ENOMEM; 395 return -ENOMEM;
396 goto out;
397 }
398 396
399 names = kmalloc(sizeof(*names) * num_vqs, GFP_KERNEL); 397 names = kmalloc(sizeof(*names) * num_vqs, GFP_KERNEL);
400 if (!names)
401 goto err_names;
402
403 callbacks = kmalloc(sizeof(*callbacks) * num_vqs, GFP_KERNEL); 398 callbacks = kmalloc(sizeof(*callbacks) * num_vqs, GFP_KERNEL);
404 if (!callbacks)
405 goto err_callbacks;
406
407 vqs = kmalloc(sizeof(*vqs) * num_vqs, GFP_KERNEL); 399 vqs = kmalloc(sizeof(*vqs) * num_vqs, GFP_KERNEL);
408 if (!vqs) 400 if (!names || !callbacks || !vqs) {
409 goto err_vqs; 401 err = -ENOMEM;
402 goto out;
403 }
410 404
411 for (i = 0; i < num_vqs; i++) { 405 for (i = 0; i < num_vqs; i++) {
412 callbacks[i] = virtblk_done; 406 callbacks[i] = virtblk_done;
@@ -417,7 +411,7 @@ static int init_vq(struct virtio_blk *vblk)
417 /* Discover virtqueues and write information to configuration. */ 411 /* Discover virtqueues and write information to configuration. */
418 err = vdev->config->find_vqs(vdev, num_vqs, vqs, callbacks, names); 412 err = vdev->config->find_vqs(vdev, num_vqs, vqs, callbacks, names);
419 if (err) 413 if (err)
420 goto err_find_vqs; 414 goto out;
421 415
422 for (i = 0; i < num_vqs; i++) { 416 for (i = 0; i < num_vqs; i++) {
423 spin_lock_init(&vblk->vqs[i].lock); 417 spin_lock_init(&vblk->vqs[i].lock);
@@ -425,16 +419,12 @@ static int init_vq(struct virtio_blk *vblk)
425 } 419 }
426 vblk->num_vqs = num_vqs; 420 vblk->num_vqs = num_vqs;
427 421
428 err_find_vqs: 422out:
429 kfree(vqs); 423 kfree(vqs);
430 err_vqs:
431 kfree(callbacks); 424 kfree(callbacks);
432 err_callbacks:
433 kfree(names); 425 kfree(names);
434 err_names:
435 if (err) 426 if (err)
436 kfree(vblk->vqs); 427 kfree(vblk->vqs);
437 out:
438 return err; 428 return err;
439} 429}
440 430
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-29 10:28:08 -0400