From: Christoph Hellwig <hch@xxxxxx> [ Upstream commit 63f93fd6fa5717769a78d6d7bea6f7f9a1ccca8e ] We can't just say that the last reference release may block, as any reference dropped could be the last one. So move the might_sleep() from blk_free_queue to blk_put_queue and update the documentation. Signed-off-by: Christoph Hellwig <hch@xxxxxx> Link: https://lore.kernel.org/r/20221114042637.1009333-6-hch@xxxxxx Signed-off-by: Jens Axboe <axboe@xxxxxxxxx> Stable-dep-of: d36a9ea5e776 ("block: fix use-after-free of q->q_usage_counter") Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- block/blk-core.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/block/blk-core.c b/block/blk-core.c index 3920e101654f..818002b8be7c 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -261,8 +261,6 @@ static void blk_free_queue_rcu(struct rcu_head *rcu_head) static void blk_free_queue(struct request_queue *q) { - might_sleep(); - percpu_ref_exit(&q->q_usage_counter); if (q->poll_stat) @@ -286,11 +284,11 @@ static void blk_free_queue(struct request_queue *q) * Decrements the refcount of the request_queue and free it when the refcount * reaches 0. * - * Context: Any context, but the last reference must not be dropped from - * atomic context. + * Context: Can sleep. */ void blk_put_queue(struct request_queue *q) { + might_sleep(); if (refcount_dec_and_test(&q->refs)) blk_free_queue(q); } -- 2.35.1
