virtio_blk: NULL out vqs to avoid double free on failed resume

The vblk->vqs releases during freeze. If resume fails before vblk->vqs is allocated, later freeze/remove may attempt to free vqs again. Set vblk->vqs to NULL after freeing to avoid double free. Signed-off-by: Cong Zhang <cong.zhang@oss.qualcomm.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
author: Cong Zhang <cong.zhang@oss.qualcomm.com> 2025-10-21 14:07:56 +0300
committer: Jens Axboe <axboe@kernel.dk> 2025-11-07 02:32:58 +0300
commit: 0739c2c6a015604a7c01506bea28200a2cc2e08c (patch)
tree: bf44a27eb455887b2932999aa9eb66d8d6e6b47d
parent: 3451cf34f51bb70c24413abb20b423e64486161b (diff)
download: linux-0739c2c6a015604a7c01506bea28200a2cc2e08c.tar.xz
1 files changed, 12 insertions, 1 deletions
diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index a5e97f03dbf0..357434bdae99 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -1027,8 +1027,13 @@ static int init_vq(struct virtio_blk *vblk)
 out:
 	kfree(vqs);
 	kfree(vqs_info);
-	if (err)
+	if (err) {
 		kfree(vblk->vqs);
+		/*
+		 * Set to NULL to prevent freeing vqs again during freezing.
+		 */
+		vblk->vqs = NULL;
+	}
 	return err;
 }
 
@@ -1599,6 +1604,12 @@ static int virtblk_freeze_priv(struct virtio_device *vdev)
 
 	vdev->config->del_vqs(vdev);
 	kfree(vblk->vqs);
+	/*
+	 * Set to NULL to prevent freeing vqs again after a failed vqs
+	 * allocation during resume. Note that kfree() already handles NULL
+	 * pointers safely.
+	 */
+	vblk->vqs = NULL;
 
 	return 0;
 }
author	Cong Zhang <cong.zhang@oss.qualcomm.com>	2025-10-21 14:07:56 +0300
committer	Jens Axboe <axboe@kernel.dk>	2025-11-07 02:32:58 +0300
commit	0739c2c6a015604a7c01506bea28200a2cc2e08c (patch)
tree	bf44a27eb455887b2932999aa9eb66d8d6e6b47d
parent	3451cf34f51bb70c24413abb20b423e64486161b (diff)
download	linux-0739c2c6a015604a7c01506bea28200a2cc2e08c.tar.xz