Commit 4d0e1f21 authored Dec 01, 2025 by Fengnan Chang Committed by Jens Axboe Dec 01, 2025

blk-mq: use queue_hctx in blk_mq_map_queue_type



Some caller of blk_mq_map_queue_type now didn't grab
'q_usage_counter', such as blk_mq_cpu_mapped_to_hctx, so we need
protect 'queue_hw_ctx' through rcu.

Also checked all other functions, no more missed cases.

Fixes: 89e1fb7c ("blk-mq: fix potential uaf for 'queue_hw_ctx'")
Reported-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Fengnan Chang <changfengnan@bytedance.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent c1536df9

block/blk-mq.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -84,7 +84,7 @@ static inline struct blk_mq_hw_ctx blk_mq_map_queue_type(struct request_queue
		enum hctx_type type,
		unsigned int cpu)
		{
		return q->queue_hw_ctx[q->tag_set->map[type].mq_map[cpu]];
		return queue_hctx((q), (q->tag_set->map[type].mq_map[cpu]));
		}

		static inline enum hctx_type blk_mq_get_hctx_type(blk_opf_t opf)