[PATCH 05/11] blk-mq: add WARN_ON in blk_mq_free_rqs()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Before freeing up the requests we should ensure that none of
those requests are still present in the ->rqs array; this could
lead to an use-after free error.

Signed-off-by: Hannes Reinecke <hare@xxxxxxx>
---
 block/blk-mq.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/block/blk-mq.c b/block/blk-mq.c
index 016f8401cfb9..054c0597c052 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2049,10 +2049,14 @@ void blk_mq_free_rqs(struct blk_mq_tag_set *set, struct blk_mq_tags *tags,
 		     unsigned int hctx_idx)
 {
 	struct page *page;
+	int i;
 
-	if (tags->rqs && set->ops->exit_request) {
-		int i;
-
+	if (tags->rqs) {
+		for (i = 0; i < tags->nr_tags; i++)
+			if (WARN_ON(tags->rqs[i]))
+				tags->rqs[i] = NULL;
+	}
+	if (tags->static_rqs && set->ops->exit_request) {
 		for (i = 0; i < tags->nr_tags; i++) {
 			struct request *rq = tags->static_rqs[i];
 
-- 
2.16.4
[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux