diff options
| author | Jens Axboe <axboe@kernel.dk> | 2021-10-16 07:34:49 -0600 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2021-10-18 06:17:18 -0600 |
| commit | 4a60f360a5c9533d77db011db6766448f763c86a (patch) | |
| tree | 3e401b78cec3cc16ca37ef51932392b70b00552e /block | |
| parent | 0f38d76646157357fcfa02f50575ea044830c494 (diff) | |
| download | linux-stable-4a60f360a5c9533d77db011db6766448f763c86a.tar.gz linux-stable-4a60f360a5c9533d77db011db6766448f763c86a.tar.bz2 linux-stable-4a60f360a5c9533d77db011db6766448f763c86a.zip | |
block: don't dereference request after flush insertion
We could have a race here, where the request gets freed before we call
into blk_mq_run_hw_queue(). If this happens, we cannot rely on the state
of the request.
Grab the hardware context before inserting the flush.
Fixes: 0f38d7664615 ("blk-mq: cleanup blk_mq_submit_bio")
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'block')
| -rw-r--r-- | block/blk-mq.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/block/blk-mq.c b/block/blk-mq.c index 87dc2debedfb..b7b8437f0a04 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2284,9 +2284,10 @@ blk_qc_t blk_mq_submit_bio(struct bio *bio) } if (unlikely(is_flush_fua)) { + struct blk_mq_hw_ctx *hctx = rq->mq_hctx; /* Bypass scheduler for flush requests */ blk_insert_flush(rq); - blk_mq_run_hw_queue(rq->mq_hctx, true); + blk_mq_run_hw_queue(hctx, true); } else if (plug && (q->nr_hw_queues == 1 || blk_mq_is_shared_tags(rq->mq_hctx->flags) || q->mq_ops->commit_rqs || !blk_queue_nonrot(q))) { |