From: Martin K. Petersen <martin.petersen@oracle.com>
Date: Mon, 13 Aug 2018 16:31:14 +0000 (-0400)
Subject: oracleasm: Fix use after free for request processing timer
X-Git-Tag: v4.1.12-124.31.3~579
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=9897de3bb02964dff8d331a5c8a0d538392e4a3b;p=users%2Fjedix%2Flinux-maple.git

oracleasm: Fix use after free for request processing timer

Orabug: 28506080

Update r->r_elapsed under the spinlock to avoid racing with the
completion code freeing the asm_request.

Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>
---

diff --git a/drivers/block/oracleasm/driver.c b/drivers/block/oracleasm/driver.c
index 0850e9f6b390..a0e5ebead37e 100644
--- a/drivers/block/oracleasm/driver.c
+++ b/drivers/block/oracleasm/driver.c
@@ -1011,6 +1011,7 @@ static void asm_finish_io(struct asm_request *r)
 	if (r->r_error)
 		r->r_status |= ASM_ERROR;
 	r->r_status |= ASM_COMPLETED;
+	r->r_elapsed = ((jiffies - r->r_elapsed) * 1000000) / HZ;
 
 	spin_unlock_irqrestore(&afi->f_lock, flags);
 
@@ -1023,8 +1024,6 @@ static void asm_finish_io(struct asm_request *r)
 		}
 	}
 
-	r->r_elapsed = ((jiffies - r->r_elapsed) * 1000000) / HZ;
-
 	wake_up(&afi->f_wait);
 }  /* asm_finish_io() */