[PATCH 3.16 237/306] nvme/pci: Don't free queues on error

[Ben Hutchings]

3.16.40-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Keith Busch <keith.busch@xxxxxxxxx>

commit d48756228ee9161ac8836b346589a43fabdc9f3c upstream.

The nvme_remove function tears down all allocated resources in the correct
order, so no need to free queues on error during initialization. This
fixes possible use-after-free errors when queues are still associated
with a blk-mq hctx.

Reported-by: Scott Bauer <scott.bauer@xxxxxxxxx>
Tested-by: Scott Bauer <scott.bauer@xxxxxxxxx>
Signed-off-by: Keith Busch <keith.busch@xxxxxxxxx>
Reviewed-by: Sagi Grimberg <sagi@xxxxxxxxxx>
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Jens Axboe <axboe@xxxxxx>
[bwh: Backported to 3.16:
 - Adjust filename, context
 - Only nvme_setup_io_queues() needs to be fixed]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
--- a/drivers/block/nvme-core.c
+++ b/drivers/block/nvme-core.c
@@ -2196,7 +2196,7 @@ static int nvme_setup_io_queues(struct n
 	result = queue_request_irq(dev, adminq, adminq->irqname);
 	if (result) {
 		adminq->q_suspended = 1;
-		goto free_queues;
+		return result;
 	}
 
 	/* Free previously allocated queues that are no longer usable */
@@ -2204,10 +2204,6 @@ static int nvme_setup_io_queues(struct n
 	nvme_assign_io_queues(dev);
 
 	return 0;
-
- free_queues:
-	nvme_free_queues(dev, 1);
-	return result;
 }
 
 /*