summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2018-06-10 10:50:41 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2018-06-10 10:50:41 -0700
commitbbaa10130301a5fba168df71c31e8d0eef967182 (patch)
tree9f7f099ff0120700f56beac4c709a7bb871bfa08
parentd82991a8688ad128b46db1b42d5d84396487a508 (diff)
parent190b02ed79e08983bf62d47c05945c1b06a3d7d5 (diff)
Merge tag 'for-linus-20180610' of git://git.kernel.dk/linux-block
Pull block flush handling fix from Jens Axboe: "Single fix that we should merge now, fixing a regression in queuing flush request, accessing request flags after calling the end_request handler" * tag 'for-linus-20180610' of git://git.kernel.dk/linux-block: block: fix use-after-free in block flush handling
-rw-r--r--block/blk-flush.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/block/blk-flush.c b/block/blk-flush.c
index 058abdb50f31..ce41f666de3e 100644
--- a/block/blk-flush.c
+++ b/block/blk-flush.c
@@ -169,9 +169,11 @@ static bool blk_flush_complete_seq(struct request *rq,
struct request_queue *q = rq->q;
struct list_head *pending = &fq->flush_queue[fq->flush_pending_idx];
bool queued = false, kicked;
+ unsigned int cmd_flags;
BUG_ON(rq->flush.seq & seq);
rq->flush.seq |= seq;
+ cmd_flags = rq->cmd_flags;
if (likely(!error))
seq = blk_flush_cur_seq(rq);
@@ -212,7 +214,7 @@ static bool blk_flush_complete_seq(struct request *rq,
BUG();
}
- kicked = blk_kick_flush(q, fq, rq->cmd_flags);
+ kicked = blk_kick_flush(q, fq, cmd_flags);
return kicked | queued;
}