path: root/init
diff options
authorMike Snitzer <>2015-04-29 10:48:09 -0400
committerMike Snitzer <>2015-04-30 10:25:21 -0400
commitaa6df8dd28c01d9a3d2cfcfe9dd0a4a334d1cd81 (patch)
tree80ee42fd298572758a252c8024e1dcc2e11f58a2 /init
parent3e6180f0c82b3790a9ec6d13d67aae359bf1ce84 (diff)
dm: fix free_rq_clone() NULL pointer when requeueing unmapped request
Commit 022333427a ("dm: optimize dm_mq_queue_rq to _not_ use kthread if using pure blk-mq") mistakenly removed free_rq_clone()'s clone->q check before testing clone->q->mq_ops. It was an oversight to discontinue that check for 1 of the 2 use-cases for free_rq_clone(): 1) free_rq_clone() called when an unmapped original request is requeued 2) free_rq_clone() called in the request-based IO completion path The clone->q check made sense for case #1 but not for #2. However, we cannot just reinstate the check as it'd mask a serious bug in the IO completion case #2 -- no in-flight request should have an uninitialized request_queue (basic block layer refcounting _should_ ensure this). The NULL pointer seen for case #1 is detailed here: Fix this free_rq_clone() NULL pointer by simply checking if the mapped_device's type is DM_TYPE_MQ_REQUEST_BASED (clone's queue is blk-mq) rather than checking clone->q->mq_ops. This avoids the need to dereference clone->q, but a WARN_ON_ONCE is added to let us know if an uninitialized clone request is being completed. Reported-by: Bart Van Assche <> Signed-off-by: Mike Snitzer <>
Diffstat (limited to 'init')
0 files changed, 0 insertions, 0 deletions