From mboxrd@z Thu Jan  1 00:00:00 1970
From: piaojun <piaojun@huawei.com>
Subject: [PATCH] scsi/virio_scsi.c: do not call virtscsi_remove_vqs() in
 virtscsi_init() to avoid crash bug
Date: Thu, 23 Aug 2018 10:24:58 +0800
Message-ID: <5B7E1AFA.8030506@huawei.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Cc: <linux-kernel@vger.kernel.org>, <rusty@rustcorp.com.au>,
        <kvm@vger.kernel.org>, <penberg@kernel.org>, <mst@redhat.com>,
        <stefanha@linux.vnet.ibm.com>, <michaelc@cs.wisc.edu>
To: <stefanha@linux.vnet.ibm.com>, <pbonzini@redhat.com>
Return-path: <linux-kernel-owner@vger.kernel.org>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: kvm.vger.kernel.org

If some error happened before find_vqs, error branch will goto
virtscsi_remove_vqs to free vqs. Actually the vqs have not been allocated
successfully, so this will cause wild-pointer-free problem. So
virtscsi_remove_vqs could be deleted as no error will happen after
find_vqs.

Signed-off-by: Jun Piao <piaojun@huawei.com>
---
 drivers/scsi/virtio_scsi.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
index 1c72db9..da0fd74 100644
--- a/drivers/scsi/virtio_scsi.c
+++ b/drivers/scsi/virtio_scsi.c
@@ -833,8 +833,6 @@ static int virtscsi_init(struct virtio_device *vdev,
 	kfree(names);
 	kfree(callbacks);
 	kfree(vqs);
-	if (err)
-		virtscsi_remove_vqs(vdev);
 	return err;
 }

--