From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:45142 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754176AbeCROpe (ORCPT
        <rfc822;stable@vger.kernel.org>); Sun, 18 Mar 2018 10:45:34 -0400
Subject: Patch "blkcg: fix double free of new_blkg in blkcg_init_queue" has been added to the 4.4-stable tree
To: houtao1@huawei.com, axboe@fb.com, gregkh@linuxfoundation.org,
        linux@roeck-us.net
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Sun, 18 Mar 2018 15:45:32 +0100
Message-ID: <15213843322846@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


This is a note to let you know that I've just added the patch titled

    blkcg: fix double free of new_blkg in blkcg_init_queue

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     blkcg-fix-double-free-of-new_blkg-in-blkcg_init_queue.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>>From 9b54d816e00425c3a517514e0d677bb3cec49258 Mon Sep 17 00:00:00 2001
From: Hou Tao <houtao1@huawei.com>
Date: Fri, 3 Feb 2017 17:19:07 +0800
Subject: blkcg: fix double free of new_blkg in blkcg_init_queue

From: Hou Tao <houtao1@huawei.com>

commit 9b54d816e00425c3a517514e0d677bb3cec49258 upstream.

If blkg_create fails, new_blkg passed as an argument will
be freed by blkg_create, so there is no need to free it again.

Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 block/blk-cgroup.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -1078,10 +1078,8 @@ int blkcg_init_queue(struct request_queu
 	if (preloaded)
 		radix_tree_preload_end();
 
-	if (IS_ERR(blkg)) {
-		blkg_free(new_blkg);
+	if (IS_ERR(blkg))
 		return PTR_ERR(blkg);
-	}
 
 	q->root_blkg = blkg;
 	q->root_rl.blkg = blkg;


Patches currently in stable-queue which might be from houtao1@huawei.com are

queue-4.4/blkcg-fix-double-free-of-new_blkg-in-blkcg_init_queue.patch