block: add proper state guards to __elv_next_request

blk_cleanup_queue() calls elevator_exit() and after this, we can't touch the elevator without oopsing. __elv_next_request() must check for this state because in the refcounted queue model, we can still call it after blk_cleanup_queue() has been called. This was reported as causing an oops attributable to scsi. Signed-off-by: James Bottomley <James.Bottomley@suse.de> Cc: stable@kernel.org Signed-off-by: Jens Axboe <jaxboe@fusionio.com>

block: add proper state guards to __elv_next_request
blk_cleanup_queue() calls elevator_exit() and after this, we can't touch the elevator without oopsing. __elv_next_request() must check for this state because in the refcounted queue model, we can still call it after blk_cleanup_queue() has been called. This was reported as causing an oops attributable to scsi. Signed-off-by: James Bottomley <James.Bottomley@suse.de> Cc: stable@kernel.org Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
James Bottomley · Jens Axboe
1 parent a2b9c1f620
Showing 1 changed file with 2 additions and 1 deletions Side-by-side Diff
block/blk.h
@@ -62,7 +62,8 @@
 			return rq;
 		}
  
-		if (!q->elevator->ops->elevator_dispatch_fn(q, 0))
+		if (test_bit(QUEUE_FLAG_DEAD, &q->queue_flags) ||
+		    !q->elevator->ops->elevator_dispatch_fn(q, 0))
 			return NULL;
 	}
 }
...	...	@@ -62,7 +62,8 @@
62	62	return rq;
63	63	}
64	64
65		- if (!q->elevator->ops->elevator_dispatch_fn(q, 0))
	65	+ if (test_bit(QUEUE_FLAG_DEAD, &q->queue_flags) \|\|
	66	+ !q->elevator->ops->elevator_dispatch_fn(q, 0))
66	67	return NULL;
67	68	}
68	69	}