Commit 4a60f360 authored by Jens Axboe's avatar Jens Axboe

block: don't dereference request after flush insertion

We could have a race here, where the request gets freed before we call
into blk_mq_run_hw_queue(). If this happens, we cannot rely on the state
of the request.

Grab the hardware context before inserting the flush.

Fixes: 0f38d766 ("blk-mq: cleanup blk_mq_submit_bio")
Reviewed-by: default avatarMing Lei <ming.lei@redhat.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 0f38d766
...@@ -2284,9 +2284,10 @@ blk_qc_t blk_mq_submit_bio(struct bio *bio) ...@@ -2284,9 +2284,10 @@ blk_qc_t blk_mq_submit_bio(struct bio *bio)
} }
if (unlikely(is_flush_fua)) { if (unlikely(is_flush_fua)) {
struct blk_mq_hw_ctx *hctx = rq->mq_hctx;
/* Bypass scheduler for flush requests */ /* Bypass scheduler for flush requests */
blk_insert_flush(rq); blk_insert_flush(rq);
blk_mq_run_hw_queue(rq->mq_hctx, true); blk_mq_run_hw_queue(hctx, true);
} else if (plug && (q->nr_hw_queues == 1 || } else if (plug && (q->nr_hw_queues == 1 ||
blk_mq_is_shared_tags(rq->mq_hctx->flags) || blk_mq_is_shared_tags(rq->mq_hctx->flags) ||
q->mq_ops->commit_rqs || !blk_queue_nonrot(q))) { q->mq_ops->commit_rqs || !blk_queue_nonrot(q))) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment