On Tue, Jun 06, 2017 at 04:02:52PM +0000, Bart Van Assche wrote: > On Tue, 2017-06-06 at 23:22 +0800, Ming Lei wrote: > > If queue is stopped, we shouldn't dispatch request into driver and > > hardware, unfortunately the check is removed in bd166ef183c2(blk-mq-sched: > > add framework for MQ capable IO schedulers). > > > > This patch fixes the issue by moving the check back into > > __blk_mq_try_issue_directly(). > > > > This patch fixes request use-after-free[1][2] during canceling requets > > of NVMe in nvme_dev_disable(), which can be triggered easily during > > NVMe reset & remove test. > > Although I'm not convinced that this patch fixes [2], the patch itself looks The .q_usage_counter will be leaked once request is double free. Thanks, Ming
