From mboxrd@z Thu Jan 1 00:00:00 1970 From: Keir Fraser Subject: Re: blktap: fix reference to freed struct request. Date: Tue, 08 Mar 2011 18:57:28 +0000 Message-ID: References: <4D7672F7.1040805@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4D7672F7.1040805@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Dominic Curran , xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org On 08/03/2011 18:18, "Dominic Curran" wrote: > blktap: fix reference to freed struct request. > > The request will be freed by the call to __blktap_end_rq(), so to > rq->q is invalid before spin_unlock_irq(). What tree is this for? Otherwise this could get dropped on the floor. If it's for 2.6.18, the only tree that I'm still responsible for, then it needs 2.6.18 mentioned in the subject line. -- Keir > Signed-off-by: Dominic Curran Acked-by: Daniel Stodden > > diff -r d971c4c2e309 drivers/xen/blktap2/device.c > --- a/drivers/xen/blktap2/device.c Tue Mar 08 10:02:58 2011 -0800 > +++ b/drivers/xen/blktap2/device.c Tue Mar 08 10:04:28 2011 -0800 > @@ -135,9 +135,11 @@ > static inline void > blktap_end_rq(struct request *rq, int err) > { > - spin_lock_irq(rq->q->queue_lock); > + struct request_queue *q = rq->q; > + > + spin_lock_irq(q->queue_lock); > __blktap_end_rq(rq, err); > - spin_unlock_irq(rq->q->queue_lock); > + spin_unlock_irq(q->queue_lock); > } > > void > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel