From: John Garry <john.garry@huawei.com> mainline inclusion from mainline-v5.14-rc1 commit b93af3055d6f32d3b0361cfdb110c9399c1241ba category: bugfix bugzilla: 177012 CVE: NA --------------------------- If the blk_mq_sched_alloc_tags() -> blk_mq_alloc_rqs() call fails, then we call blk_mq_sched_free_tags() -> blk_mq_free_rqs(). It is incorrect to do so, as any rqs would have already been freed in the blk_mq_alloc_rqs() call. Fix by calling blk_mq_free_rq_map() only directly. Fixes: 6917ff0b5bd41 ("blk-mq-sched: refactor scheduler initialization") Signed-off-by: John Garry <john.garry@huawei.com> Reviewed-by: Ming Lei <ming.lei@redhat.com> Link: https://lore.kernel.org/r/1627378373-148090-1-git-send-email-john.garry@huaw... Signed-off-by: Jens Axboe <axboe@kernel.dk> conflicts: block/blk-mq-sched.c Signed-off-by: Laibin Qiu <qiulaibin@huawei.com> Reviewed-by: Jason Yan <yanaijie@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- block/blk-mq-sched.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/block/blk-mq-sched.c b/block/blk-mq-sched.c index ce4b2ac6d6977..3521eca1b2984 100644 --- a/block/blk-mq-sched.c +++ b/block/blk-mq-sched.c @@ -513,8 +513,10 @@ static int blk_mq_sched_alloc_tags(struct request_queue *q, return -ENOMEM; ret = blk_mq_alloc_rqs(set, hctx->sched_tags, hctx_idx, q->nr_requests); - if (ret) - blk_mq_sched_free_tags(set, hctx, hctx_idx); + if (ret) { + blk_mq_free_rq_map(hctx->sched_tags); + hctx->sched_tags = NULL; + } return ret; } -- 2.25.1