On 3/22/21 3:39 PM, Khazhy Kumykov wrote:
On Thu, Mar 18, 2021 at 6:00 PM Bart Van Assche <bvanassche@xxxxxxx> wrote:
Multiple users have reported use-after-free complaints similar to the
following (see also https://lore.kernel.org/linux-block/1545261885.185366.488.camel@xxxxxxx/):
This fixes the crashes I was seeing. I also looked over the patch and
the dereferencing rules seem correct, although that q_usage_counter
check in the bad case seems racy itself? Thanks!
Reviewed-By: Khazhismel Kumykov <khazhy@xxxxxxxxxx>
Thanks Khazy for the review and for the testing. The purpose of the
q_usage_counter check in blk_mq_tag_to_rq() is to catch calls of
blk_mq_tag_to_rq() from outside .queue_rq() that happen during or after
queue deletion. Maybe I should change that check into a test of
QUEUE_FLAG_DYING.
Bart.
