dm: fix rq_end_stats() NULL pointer in dm_requeue_original_request()
authorBryn M. Reeves <bmr@redhat.com>
Mon, 14 Mar 2016 21:04:34 +0000 (17:04 -0400)
committerMike Snitzer <snitzer@redhat.com>
Mon, 14 Mar 2016 21:04:34 +0000 (17:04 -0400)
An "old" (.request_fn) DM 'struct request' stores a pointer to the
associated 'struct dm_rq_target_io' in rq->special.

dm_requeue_original_request(), previously named
dm_requeue_unmapped_original_request(), called dm_unprep_request() to
reset rq->special to NULL.  But rq_end_stats() would go on to hit a NULL
pointer deference because its call to tio_from_request() returned NULL.

Fix this by calling rq_end_stats() _before_ dm_unprep_request()

Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Fixes: e262f34741 ("dm stats: add support for request-based DM devices")
Cc: stable@vger.kernel.org # 4.2+
drivers/md/dm.c

index 70d5b82a353a5f774e31eff40865e29456b02244..be4905769a45637a4882af087544578cdb90efa4 100644 (file)
@@ -1254,9 +1254,9 @@ static void dm_requeue_original_request(struct mapped_device *md,
 {
        int rw = rq_data_dir(rq);
 
+       rq_end_stats(md, rq);
        dm_unprep_request(rq);
 
-       rq_end_stats(md, rq);
        if (!rq->q->mq_ops)
                dm_old_requeue_request(rq);
        else