On 01/31/2017 10:36 PM, Tahsin Erdogan wrote:
> blk_set_queue_dying() does not acquire queue lock before it calls
> blk_queue_for_each_rl(). This allows a racing blkg_destroy() to
> remove blkg->q_node from the linked list and have
> blk_queue_for_each_rl() loop infitely over the removed
blk_set_queue_dying() does not acquire queue lock before it calls
blk_queue_for_each_rl(). This allows a racing blkg_destroy() to
remove blkg->q_node from the linked list and have
blk_queue_for_each_rl() loop infitely over the removed blkg->q_node
list node.
Signed-off-by: Tahsin Erdogan
