From ec415110c1b0939e4e42b4a491475b3eab97560f Mon Sep 17 00:00:00 2001
From: Jim Harris <james.r.harris@intel.com>
Date: Fri, 25 Jan 2019 16:31:05 -0700
Subject: [PATCH] bdev: avoid qos submission recursion

_spdk_bdev_io_submit uses the bdev_io->internal.in_submit_request
flag to ensure we unwind in cases where the I/O is completed
inline (i.e. malloc or null bdevs).  But when an I/O gets queued
for QoS, and then we iterate through the queued I/O in
_spdk_bdev_qos_io_submit(), this flag was not getting set
when those I/O would get submitted to the underlying bdev.  This
would allow for _spdk_bdev_qos_io_submit recursion, resulting
in all kinds of different types of memory corruption.

Fixes #613.

Signed-off-by: Jim Harris <james.r.harris@intel.com>
Change-Id: I29263f4e7b2ead60f08b60474d210defa803348c

Reviewed-on: https://review.gerrithub.io/c/442127
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Chandler-Test-Pool: SPDK Automated Test System <sys_sgsw@intel.com>
Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-by: Liang Yan <liang.z.yan@intel.com>
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: GangCao <gang.cao@intel.com>
---
 lib/bdev/bdev.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/bdev/bdev.c b/lib/bdev/bdev.c
index a2fb74b562..82efcc7ff3 100644
--- a/lib/bdev/bdev.c
+++ b/lib/bdev/bdev.c
@@ -1410,7 +1410,9 @@ _spdk_bdev_qos_io_submit(struct spdk_bdev_channel *ch, struct spdk_bdev_qos *qos
 		TAILQ_REMOVE(&qos->queued, bdev_io, internal.link);
 		ch->io_outstanding++;
 		shared_resource->io_outstanding++;
+		bdev_io->internal.in_submit_request = true;
 		bdev->fn_table->submit_request(ch->channel, bdev_io);
+		bdev_io->internal.in_submit_request = false;
 		submitted_ios++;
 	}