On 6/18/22 23:05, Christoph Hellwig wrote:
@@ -151,11 +150,10 @@ static ssize_t queue_state_write(void *data, const char __user *buf,
char opbuf[16] = { }, *op;
/*
- * The "state" attribute is removed after blk_cleanup_queue() has called
- * blk_mq_free_queue(). Return if QUEUE_FLAG_DEAD has been set to avoid
- * triggering a use-after-free.
+ * The "state" attribute is removed when the queue is removed. Don't
+ * allow setting the state on a dying queue to avoid a use-after-free.
*/
- if (blk_queue_dead(q))
+ if (blk_queue_dying(q))
return -ENOENT;
I'm missing an explanation of why this patch forbids triggering a queue
run in the dying state. "dying" means that allocation of new requests
will fail. Unless if something fundamentally has changed in the block
layer it should still be safe to trigger a queue run in the "dying" state.
Thanks,
Bart.
