block: free q->flush_rq in blk_init_allocated_queue error paths

Commit 7982e90c3a57 ("block: fix q->flush_rq NULL pointer crash on
dm-mpath flush") moved an allocation to blk_init_allocated_queue(), but
neglected to free that allocation on the error paths that follow.

Signed-off-by: Dave Jones <davej@fedoraproject.org>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/block/blk-core.c b/block/blk-core.c
index 4cd5ffc184427cc808808cdd9cb6acbc86b381d9..bfe16d5af9f91a7eec049420e3f5b080476dc503 100644 (file)
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -713,7 +713,7 @@ blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn,
                return NULL;
 
        if (blk_init_rl(&q->root_rl, q, GFP_KERNEL))
-               return NULL;
+               goto fail;
 
        q->request_fn           = rfn;
        q->prep_rq_fn           = NULL;
@@ -737,12 +737,16 @@ blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn,
        /* init elevator */
        if (elevator_init(q, NULL)) {
                mutex_unlock(&q->sysfs_lock);
-               return NULL;
+               goto fail;
        }
 
        mutex_unlock(&q->sysfs_lock);
 
        return q;
+
+fail:
+       kfree(q->flush_rq);
+       return NULL;
 }
 EXPORT_SYMBOL(blk_init_allocated_queue);