Commit 959a35f1 authored by Jeff Moyer's avatar Jeff Moyer Committed by Jens Axboe

blk-mq: fix dereference of rq->mq_ctx if allocation fails

If __GFP_WAIT isn't set and we fail allocating, when we go
to drop the reference on the ctx, we will attempt to dereference
the NULL rq. Fix that.
Signed-off-by: default avatarJeff Moyer <jmoyer@redhat.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent e345d767
...@@ -202,10 +202,12 @@ static struct request *blk_mq_alloc_request_pinned(struct request_queue *q, ...@@ -202,10 +202,12 @@ static struct request *blk_mq_alloc_request_pinned(struct request_queue *q,
if (rq) { if (rq) {
blk_mq_rq_ctx_init(q, ctx, rq, rw); blk_mq_rq_ctx_init(q, ctx, rq, rw);
break; break;
} else if (!(gfp & __GFP_WAIT)) }
break;
blk_mq_put_ctx(ctx); blk_mq_put_ctx(ctx);
if (!(gfp & __GFP_WAIT))
break;
__blk_mq_run_hw_queue(hctx); __blk_mq_run_hw_queue(hctx);
blk_mq_wait_for_tags(hctx->tags); blk_mq_wait_for_tags(hctx->tags);
} while (1); } while (1);
...@@ -222,6 +224,7 @@ struct request *blk_mq_alloc_request(struct request_queue *q, int rw, ...@@ -222,6 +224,7 @@ struct request *blk_mq_alloc_request(struct request_queue *q, int rw,
return NULL; return NULL;
rq = blk_mq_alloc_request_pinned(q, rw, gfp, reserved); rq = blk_mq_alloc_request_pinned(q, rw, gfp, reserved);
if (rq)
blk_mq_put_ctx(rq->mq_ctx); blk_mq_put_ctx(rq->mq_ctx);
return rq; return rq;
} }
...@@ -235,6 +238,7 @@ struct request *blk_mq_alloc_reserved_request(struct request_queue *q, int rw, ...@@ -235,6 +238,7 @@ struct request *blk_mq_alloc_reserved_request(struct request_queue *q, int rw,
return NULL; return NULL;
rq = blk_mq_alloc_request_pinned(q, rw, gfp, true); rq = blk_mq_alloc_request_pinned(q, rw, gfp, true);
if (rq)
blk_mq_put_ctx(rq->mq_ctx); blk_mq_put_ctx(rq->mq_ctx);
return rq; return rq;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment