diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-10 10:50:41 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-10 10:50:41 -0700 |
commit | bbaa10130301a5fba168df71c31e8d0eef967182 (patch) | |
tree | 9f7f099ff0120700f56beac4c709a7bb871bfa08 | |
parent | d82991a8688ad128b46db1b42d5d84396487a508 (diff) | |
parent | 190b02ed79e08983bf62d47c05945c1b06a3d7d5 (diff) |
Merge tag 'for-linus-20180610' of git://git.kernel.dk/linux-block
Pull block flush handling fix from Jens Axboe:
"Single fix that we should merge now, fixing a regression in queuing
flush request, accessing request flags after calling the end_request
handler"
* tag 'for-linus-20180610' of git://git.kernel.dk/linux-block:
block: fix use-after-free in block flush handling
-rw-r--r-- | block/blk-flush.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/block/blk-flush.c b/block/blk-flush.c index 058abdb50f31..ce41f666de3e 100644 --- a/block/blk-flush.c +++ b/block/blk-flush.c @@ -169,9 +169,11 @@ static bool blk_flush_complete_seq(struct request *rq, struct request_queue *q = rq->q; struct list_head *pending = &fq->flush_queue[fq->flush_pending_idx]; bool queued = false, kicked; + unsigned int cmd_flags; BUG_ON(rq->flush.seq & seq); rq->flush.seq |= seq; + cmd_flags = rq->cmd_flags; if (likely(!error)) seq = blk_flush_cur_seq(rq); @@ -212,7 +214,7 @@ static bool blk_flush_complete_seq(struct request *rq, BUG(); } - kicked = blk_kick_flush(q, fq, rq->cmd_flags); + kicked = blk_kick_flush(q, fq, cmd_flags); return kicked | queued; } |