qubes-linux-kernel/patches.xen/xen-blktap2-use-after-free

28 lines
902 B
Plaintext
Raw Normal View History

2011-04-19 20:09:59 +00:00
From: Dominic Curran <dominic.curran@citrix.com>
Subject: blktap: Fix reference to freed struct request
Patch-mainline: tbd
The request will be freed by the call to __blktap_end_rq(), so rq->q
is invalid before spin_unlock_irq().
Signed-off-by: Dominic Curran <dominic.curran@citrix.com>
Acked-by: Daniel Stodden <daniel.stodden@citrix.com>
Acked-by: jbeulich@novell.com
--- head-2011-03-11.orig/drivers/xen/blktap2-new/device.c 2011-02-24 16:31:17.000000000 +0100
+++ head-2011-03-11/drivers/xen/blktap2-new/device.c 2011-03-11 00:00:00.000000000 +0100
@@ -135,9 +135,11 @@ __blktap_end_rq(struct request *rq, int
static inline void
blktap_end_rq(struct request *rq, int err)
{
- spin_lock_irq(rq->q->queue_lock);
+ struct request_queue *q = rq->q;
+
+ spin_lock_irq(q->queue_lock);
__blktap_end_rq(rq, err);
- spin_unlock_irq(rq->q->queue_lock);
+ spin_unlock_irq(q->queue_lock);
}
void