From: Dominic Curran Subject: blktap: Fix reference to freed struct request Patch-mainline: tbd The request will be freed by the call to __blktap_end_rq(), so rq->q is invalid before spin_unlock_irq(). Signed-off-by: Dominic Curran Acked-by: Daniel Stodden Acked-by: jbeulich@novell.com --- head-2011-03-11.orig/drivers/xen/blktap2-new/device.c 2011-02-24 16:31:17.000000000 +0100 +++ head-2011-03-11/drivers/xen/blktap2-new/device.c 2011-03-11 00:00:00.000000000 +0100 @@ -135,9 +135,11 @@ __blktap_end_rq(struct request *rq, int static inline void blktap_end_rq(struct request *rq, int err) { - spin_lock_irq(rq->q->queue_lock); + struct request_queue *q = rq->q; + + spin_lock_irq(q->queue_lock); __blktap_end_rq(rq, err); - spin_unlock_irq(rq->q->queue_lock); + spin_unlock_irq(q->queue_lock); } void