virtio_blk: NULL out vqs to avoid double free on failed resume

Cong Zhang · axboe · commit 0739c2c6a015 · 2025-11-06T16:32:58.000-07:00
The vblk-&gt;vqs releases during freeze. If resume fails before vblk-&gt;vqs
is allocated, later freeze/remove may attempt to free vqs again.
Set vblk-&gt;vqs to NULL after freeing to avoid double free.

Signed-off-by: Cong Zhang &lt;cong.zhang@oss.qualcomm.com&gt;
Acked-by: Jason Wang &lt;jasowang@redhat.com&gt;
Signed-off-by: Jens Axboe &lt;axboe@kernel.dk&gt;
diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
@@ -1027,8 +1027,13 @@ static int init_vq(struct virtio_blk *vblk)
 out:
 	kfree(vqs);
 	kfree(vqs_info);
-	if (err)
+	if (err) {
 		kfree(vblk->vqs);
+		/*
+		 * Set to NULL to prevent freeing vqs again during freezing.
+		 */
+		vblk->vqs = NULL;
+	}
 	return err;
 }
 
@@ -1599,6 +1604,12 @@ static int virtblk_freeze_priv(struct virtio_device *vdev)
 
 	vdev->config->del_vqs(vdev);
 	kfree(vblk->vqs);
+	/*
+	 * Set to NULL to prevent freeing vqs again after a failed vqs
+	 * allocation during resume. Note that kfree() already handles NULL
+	 * pointers safely.
+	 */
+	vblk->vqs = NULL;
 
 	return 0;
 }
