blk-mq: fix use-after-free of request

If accounting is on, we will do the IO completion accounting after
we have freed the request. Fix that by moving it sooner instead.

Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/block/blk-mq.c b/block/blk-mq.c
index 70fd6f9..c79126e 100644 (file)
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -312,12 +312,12 @@ void blk_mq_complete_request(struct request *rq, int error)
 
        blk_account_io_completion(rq, bytes);
 
+       blk_account_io_done(rq);
+
        if (rq->end_io)
                rq->end_io(rq, error);
        else
                blk_mq_free_request(rq);
-
-       blk_account_io_done(rq);
 }
 
 void __blk_mq_end_io(struct request *rq, int error)