block: fix q->flush_rq NULL pointer crash on dm-mpath flush

[~andy/linux] / block / blk-core.c

diff --git a/block/blk-core.c b/block/blk-core.c
index 853f92749202cbfe5b252d557f667b7f970ac872..4cd5ffc184427cc808808cdd9cb6acbc86b381d9 100644 (file)
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -693,20 +693,11 @@ blk_init_queue_node(request_fn_proc *rfn, spinlock_t *lock, int node_id)
        if (!uninit_q)
                return NULL;
 
-       uninit_q->flush_rq = kzalloc(sizeof(struct request), GFP_KERNEL);
-       if (!uninit_q->flush_rq)
-               goto out_cleanup_queue;
-
        q = blk_init_allocated_queue(uninit_q, rfn, lock);
        if (!q)
-               goto out_free_flush_rq;
-       return q;
+               blk_cleanup_queue(uninit_q);
 
-out_free_flush_rq:
-       kfree(uninit_q->flush_rq);
-out_cleanup_queue:
-       blk_cleanup_queue(uninit_q);
-       return NULL;
+       return q;
 }
 EXPORT_SYMBOL(blk_init_queue_node);
 
@@ -717,6 +708,10 @@ blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn,
        if (!q)
                return NULL;
 
+       q->flush_rq = kzalloc(sizeof(struct request), GFP_KERNEL);
+       if (!q->flush_rq)
+               return NULL;
+
        if (blk_init_rl(&q->root_rl, q, GFP_KERNEL))
                return NULL;