From bbc435ef38d84fa8776b235b80bb815993e06a66 Mon Sep 17 00:00:00 2001
From: yu kuai <yukuai3@huawei.com>
Date: Wed, 6 May 2020 15:32:37 +0800
Subject: [PATCH] nbd: use blk_mq_queue_tag_inflight_iter()

hulk inclusion
category: bugfix
bugzilla: 34280
CVE: NA

---------------------------

blk_mq_tagset_busy_iter() is not safe that it could get stale request
in tags->rqs[]. Use blk_mq_queue_tag_inflight_iter() here.

Signed-off-by: yu kuai <yukuai3@huawei.com>
Reviewed-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 drivers/block/nbd.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index b9d321bdaa8a..28c822e4f6c2 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -746,7 +746,8 @@ static void recv_work(struct work_struct *work)
 	kfree(args);
 }
 
-static void nbd_clear_req(struct request *req, void *data, bool reserved)
+static void nbd_clear_req(struct blk_mq_hw_ctx *hctx,
+		struct request *req, void *data, bool reserved)
 {
 	struct nbd_cmd *cmd = blk_mq_rq_to_pdu(req);
 
@@ -760,7 +761,7 @@ static void nbd_clear_req(struct request *req, void *data, bool reserved)
 static void nbd_clear_que(struct nbd_device *nbd)
 {
 	blk_mq_quiesce_queue(nbd->disk->queue);
-	blk_mq_tagset_busy_iter(&nbd->tag_set, nbd_clear_req, NULL);
+	blk_mq_queue_tag_inflight_iter(nbd->disk->queue, nbd_clear_req, NULL);
 	blk_mq_unquiesce_queue(nbd->disk->queue);
 	dev_dbg(disk_to_dev(nbd->disk), "queue cleared\n");
 }
-- 
GitLab