Merge tag 'for-linus-20180610' of git://git.kernel.dk/linux-block

Pull block flush handling fix from Jens Axboe: "Single fix that we should merge now, fixing a regression in queuing flush request, accessing request flags after calling the end_request handler" * tag 'for-linus-20180610' of git://git.kernel.dk/linux-block: block: fix use-after-free in block flush handling

Merge tag 'for-linus-20180610' of git://git.kernel.dk/linux-block
Pull block flush handling fix from Jens Axboe: "Single fix that we should merge now, fixing a regression in queuing flush request, accessing request flags after calling the end_request handler" * tag 'for-linus-20180610' of git://git.kernel.dk/linux-block: block: fix use-after-free in block flush handling
Linus Torvalds
2 parents d82991a868 190b02ed79
Showing 1 changed file Side-by-side Diff
block/blk-flush.c
@@ -169,9 +169,11 @@
 	struct request_queue *q = rq->q;
 	struct list_head *pending = &fq->flush_queue[fq->flush_pending_idx];
 	bool queued = false, kicked;
+	unsigned int cmd_flags;
  
 	BUG_ON(rq->flush.seq & seq);
 	rq->flush.seq |= seq;
+	cmd_flags = rq->cmd_flags;
  
 	if (likely(!error))
 		seq = blk_flush_cur_seq(rq);
@@ -212,7 +214,7 @@
 		BUG();
 	}
  
-	kicked = blk_kick_flush(q, fq, rq->cmd_flags);
+	kicked = blk_kick_flush(q, fq, cmd_flags);
 	return kicked | queued;
 }
...	...	@@ -169,9 +169,11 @@
169	169	struct request_queue *q = rq->q;
170	170	struct list_head *pending = &fq->flush_queue[fq->flush_pending_idx];
171	171	bool queued = false, kicked;
	172	+ unsigned int cmd_flags;
172	173
173	174	BUG_ON(rq->flush.seq & seq);
174	175	rq->flush.seq \|= seq;
	176	+ cmd_flags = rq->cmd_flags;
175	177
176	178	if (likely(!error))
177	179	seq = blk_flush_cur_seq(rq);
...	...	@@ -212,7 +214,7 @@
212	214	BUG();
213	215	}
214	216
215		- kicked = blk_kick_flush(q, fq, rq->cmd_flags);
	217	+ kicked = blk_kick_flush(q, fq, cmd_flags);
216	218	return kicked \| queued;
217	219	}
218	220