From: Jens Axboe <axboe@kernel.dk>
Date: Sat, 16 Oct 2021 07:34:49 -0600
Subject: [PATCH] block: don't dereference request after flush insertion
Git-commit: 4a60f360a5c9533d77db011db6766448f763c86a
Patch-mainline: v5.16-rc1
References: jsc#PED-1183
We could have a race here, where the request gets freed before we call
into blk_mq_run_hw_queue(). If this happens, we cannot rely on the state
of the request.
Grab the hardware context before inserting the flush.
Fixes: 0f38d7664615 ("blk-mq: cleanup blk_mq_submit_bio")
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Acked-by: Hannes Reinecke <hare@suse.com>
---
block/blk-mq.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index 87dc2debedfb..b7b8437f0a04 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2284,9 +2284,10 @@ blk_qc_t blk_mq_submit_bio(struct bio *bio)
}
if (unlikely(is_flush_fua)) {
+ struct blk_mq_hw_ctx *hctx = rq->mq_hctx;
/* Bypass scheduler for flush requests */
blk_insert_flush(rq);
- blk_mq_run_hw_queue(rq->mq_hctx, true);
+ blk_mq_run_hw_queue(hctx, true);
} else if (plug && (q->nr_hw_queues == 1 ||
blk_mq_is_shared_tags(rq->mq_hctx->flags) ||
q->mq_ops->commit_rqs || !blk_queue_nonrot(q))) {
--
2.35.3