[PATCH] blk: fix dangling pointer access in __elv_add_request
authorTejun Heo <htejun@gmail.com>
Tue, 1 Nov 2005 08:23:49 +0000 (17:23 +0900)
committerLinus Torvalds <torvalds@g5.osdl.org>
Wed, 2 Nov 2005 05:58:06 +0000 (21:58 -0800)
commitca23509fbaac0ea662ab0e287bebb72f743f9e1f
treeb87f06d928e0ea06ae6244c1aeecf3e745f39bb9
parent6c2af71f7f6ac10ab45e9461e1dd7aa09079643a
[PATCH] blk: fix dangling pointer access in __elv_add_request

cfq's add_req_fn callback may invoke q->request_fn directly and
depending on low-level driver used and timing, a queued request may be
finished & deallocated before add_req_fn callback returns.  So,
__elv_add_request must not access rq after it's passed to add_req_fn
callback.

This patch moves rq_mergeable test above add_req_fn().  This may
result in q->last_merge pointing to REQ_NOMERGE request if add_req_fn
callback sets it but as RQ_NOMERGE is checked again when blk layer
actually tries to merge requests, this does not cause any problem.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
drivers/block/elevator.c