From 30ed308e3ce928dfe2e3299cab862a2c105b6bb3 Mon Sep 17 00:00:00 2001
From: Pradeep P V K <pragalla@codeaurora.org>
Date: Mon, 21 Dec 2020 21:04:02 +0530
Subject: [PATCH] Revert "block: Fix use-after-free while iterating over
 requests"

commit 10ee57c29e79 ("block: Fix use-after-free while iterating over
requests")
This is needed to fix regression observed in suspend/resume
paths where the tag corresponds to static_rqs is becoming
NULL and observed a kernel panic due to NULL pointer access in
blk_mq_get_rq().

89.824342:   <2> Call trace:
89.824356:   <2>  blk_mq_get_request+0x200/0x3ec
89.824367:   <2>  blk_mq_alloc_request+0x5c/0xb4
89.824382:   <2>  blk_get_request+0x2c/0xa4
89.824398:   <2>  __scsi_execute+0x58/0x1a0
89.824413:   <2>  ufshcd_set_dev_pwr_mode+0x174/0x248
89.824425:   <2>  ufshcd_suspend+0x2e8/0x830
89.824436:   <2>  ufshcd_runtime_suspend+0x44/0x194
89.824452:   <2>  ufshcd_pltfrm_runtime_suspend+0x14/0x20
89.824468:   <2>  pm_generic_runtime_suspend+0x44/0x80
89.824481:   <2>  __rpm_callback+0x98/0x1d8
89.824493:   <2>  rpm_suspend+0x31c/0x634
89.824505:   <2>  rpm_idle+0x158/0x228.

Change-Id: I5bc3d75a9d891054dc926171b3ad90b701d776d6
Signed-off-by: Pradeep P V K <pragalla@codeaurora.org>
---
 block/blk-mq.c | 1 -
 block/blk-mq.h | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/block/blk-mq.c b/block/blk-mq.c
index 06a615b75a16..ae7d31cb5a4e 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -497,7 +497,6 @@ static void __blk_mq_free_request(struct request *rq)
 	const int sched_tag = rq->internal_tag;
 
 	blk_pm_mark_last_busy(rq);
-	hctx->tags->rqs[rq->tag] = NULL;
 	rq->mq_hctx = NULL;
 	if (rq->tag != -1)
 		blk_mq_put_tag(hctx, hctx->tags, ctx, rq->tag);
diff --git a/block/blk-mq.h b/block/blk-mq.h
index 895fb9aaa406..f2075978db50 100644
--- a/block/blk-mq.h
+++ b/block/blk-mq.h
@@ -209,7 +209,6 @@ static inline bool blk_mq_get_dispatch_budget(struct blk_mq_hw_ctx *hctx)
 static inline void __blk_mq_put_driver_tag(struct blk_mq_hw_ctx *hctx,
 					   struct request *rq)
 {
-	hctx->tags->rqs[rq->tag] = NULL;
 	blk_mq_put_tag(hctx, hctx->tags, rq->mq_ctx, rq->tag);
 	rq->tag = -1;
 
@@ -223,6 +222,7 @@ static inline void blk_mq_put_driver_tag(struct request *rq)
 {
 	if (rq->tag == -1 || rq->internal_tag == -1)
 		return;
+
 	__blk_mq_put_driver_tag(rq->mq_hctx, rq);
 }