On Fri, Jun 18, 2021 at 04:01:47PM +0200, Christoph Hellwig wrote: > On Wed, Jun 16, 2021 at 10:30:23AM +0800, Ming Lei wrote: > > Not sure disk is valid, we only hold the disk when opening a bdev, but > > the bdev can be closed during polling. > > How? On a block device the caller needs to hold the block device open > to read/write from it. On a file systems the file systems needs to > be mounted, which also holds a bdev reference. + rcu_read_lock(); + bio = READ_ONCE(kiocb->private); + if (bio && bio->bi_bdev) The bio may be ended now from another polling job, then the disk is closed & deleted, and released. Then request queue & hctxs are released. + ret = bio_poll(bio, flags); But disk & request queue & hctx can still be referred in above bio_poll(). + rcu_read_unlock(); > > > Also disk always holds one > > reference on request queue, so if disk is valid, no need to grab queue's > > refcnt in bio_poll(). > > But we need to avoid going into the lowlevel blk-mq polling code to not > reference the potentially freed hctxs or tags as correctly pointed by > yourself on the previous iteration. If request queue isn't released, hctx won't be freed too. Tagset can be freed, but it is supposed to not be touched after request queue is cleanup. Thanks, Ming