aboutsummaryrefslogtreecommitdiffstats
path: root/block
diff options
context:
space:
mode:
authorHannes Reinecke <hare@suse.de>2011-09-28 08:07:01 -0600
committerGreg Kroah-Hartman <gregkh@suse.de>2011-10-03 11:41:13 -0700
commitc2b387f0295ffaeb5e96f0d6f745fde507abd651 (patch)
tree9d817f12f4ecfa480ac1cc3b471af31837b30c8c /block
parentf0e47138b26bd26d312aa63522a579acac5552c6 (diff)
downloadkernel_samsung_smdk4412-c2b387f0295ffaeb5e96f0d6f745fde507abd651.tar.gz
kernel_samsung_smdk4412-c2b387f0295ffaeb5e96f0d6f745fde507abd651.tar.bz2
kernel_samsung_smdk4412-c2b387f0295ffaeb5e96f0d6f745fde507abd651.zip
block: Free queue resources at blk_release_queue()
commit 777eb1bf15b8532c396821774bf6451e563438f5 upstream. A kernel crash is observed when a mounted ext3/ext4 filesystem is physically removed. The problem is that blk_cleanup_queue() frees up some resources eg by calling elevator_exit(), which are not checked for in normal operation. So we should rather move these calls to the destructor function blk_release_queue() as at that point all remaining references are gone. However, in doing so we have to ensure that any externally supplied queue_lock is disconnected as the driver might free up the lock after the call of blk_cleanup_queue(), Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'block')
-rw-r--r--block/blk-core.c13
-rw-r--r--block/blk-sysfs.c5
2 files changed, 11 insertions, 7 deletions
diff --git a/block/blk-core.c b/block/blk-core.c
index 1d49e1c7c90..847d04ef9f1 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -348,9 +348,10 @@ void blk_put_queue(struct request_queue *q)
EXPORT_SYMBOL(blk_put_queue);
/*
- * Note: If a driver supplied the queue lock, it should not zap that lock
- * unexpectedly as some queue cleanup components like elevator_exit() and
- * blk_throtl_exit() need queue lock.
+ * Note: If a driver supplied the queue lock, it is disconnected
+ * by this function. The actual state of the lock doesn't matter
+ * here as the request_queue isn't accessible after this point
+ * (QUEUE_FLAG_DEAD is set) and no other requests will be queued.
*/
void blk_cleanup_queue(struct request_queue *q)
{
@@ -367,10 +368,8 @@ void blk_cleanup_queue(struct request_queue *q)
queue_flag_set_unlocked(QUEUE_FLAG_DEAD, q);
mutex_unlock(&q->sysfs_lock);
- if (q->elevator)
- elevator_exit(q->elevator);
-
- blk_throtl_exit(q);
+ if (q->queue_lock != &q->__queue_lock)
+ q->queue_lock = &q->__queue_lock;
blk_put_queue(q);
}
diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c
index d935bd859c8..45c56d86b82 100644
--- a/block/blk-sysfs.c
+++ b/block/blk-sysfs.c
@@ -472,6 +472,11 @@ static void blk_release_queue(struct kobject *kobj)
blk_sync_queue(q);
+ if (q->elevator)
+ elevator_exit(q->elevator);
+
+ blk_throtl_exit(q);
+
if (rl->rq_pool)
mempool_destroy(rl->rq_pool);