From: "Gayatri Vasudevan" <gayatri.vasudevan@oracle.com>
Date: Fri, 21 Dec 2018 11:45:15 -0800
Subject: oracleasm: Fix use after free for request processing timer

Update r->r_elapsed under the spinlock to avoid racing with the
completion code freeing the asm_request.

This change bas been backported from UEK4 from the following commit
9897de3bb02964dff8d331a5c8a0d538392e4a3b
"(oracleasm: Fix use after free for request processing timer)"

Orabug: 28660867

Signed-off-by: Gayatri Vasudevan <gayatri.vasudevan@oracle.com>
Reviewed-by: Srinivas Eeda <srinivas.eeda@oracle.com>
---
source/drivers/block/oracleasm/driver.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/block/oracleasm/driver.c b/drivers/block/oracleasm/driver.c
index 0488159..40a441b 100644
--- a/drivers/block/oracleasm/driver.c
+++ b/drivers/block/oracleasm/driver.c
@@ -1104,6 +1104,7 @@ static void asm_finish_io(struct asm_request *r)
	if (r->r_error)
		r->r_status |= ASM_ERROR;
	r->r_status |= ASM_COMPLETED;
+	r->r_elapsed = ((jiffies - r->r_elapsed) * 1000000) / HZ;

	spin_unlock_irqrestore(&afi->f_lock, flags);

@@ -1117,8 +1118,6 @@ static void asm_finish_io(struct asm_request *r)
		}
	}

-	r->r_elapsed = ((jiffies - r->r_elapsed) * 1000000) / HZ;
-
	mlog(ML_REQUEST, "Finished request 0x%p\n", r);

	wake_up(&afi->f_wait);
-- 
1.8.3.1