• Tejun Heo's avatar
    [PATCH] blk: fix dangling pointer access in __elv_add_request · ca23509f
    Tejun Heo authored
    cfq's add_req_fn callback may invoke q->request_fn directly and
    depending on low-level driver used and timing, a queued request may be
    finished & deallocated before add_req_fn callback returns.  So,
    __elv_add_request must not access rq after it's passed to add_req_fn
    callback.
    
    This patch moves rq_mergeable test above add_req_fn().  This may
    result in q->last_merge pointing to REQ_NOMERGE request if add_req_fn
    callback sets it but as RQ_NOMERGE is checked again when blk layer
    actually tries to merge requests, this does not cause any problem.
    Signed-off-by: default avatarTejun Heo <htejun@gmail.com>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    ca23509f
elevator.c 17.7 KB