On Sun 22-05-22 20:23:50, Ming Lei wrote:
> blk_mq_run_hw_queues() could be run when there isn't queued request and
> after queue is cleaned up, at that time tagset is freed, because tagset
> lifetime is covered by driver, and often freed after blk_cleanup_queue()
> returns.
>
> So don't touch ->tagset for figuring out current default hctx by the mapping
> built in request queue, so use-after-free on tagset can be avoided. Meantime
> this way should be fast than retrieving mapping from tagset.
>
> Cc: "yukuai (C)" <yukuai3@xxxxxxxxxx>
> Cc: Jan Kara <jack@xxxxxxx>
> Fixes: b6e68ee82585 ("blk-mq: Improve performance of non-mq IO schedulers with multiple HW queues")
> Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx>
Thanks! This indeed looks better. Feel free to add:
Reviewed-by: Jan Kara <jack@xxxxxxx>
Honza
> ---
> block/blk-mq.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/block/blk-mq.c b/block/blk-mq.c
> index ed1869a305c4..5789e971ac83 100644
> --- a/block/blk-mq.c
> +++ b/block/blk-mq.c
> @@ -2174,8 +2174,7 @@ static bool blk_mq_has_sqsched(struct request_queue *q)
> */
> static struct blk_mq_hw_ctx *blk_mq_get_sq_hctx(struct request_queue *q)
> {
> - struct blk_mq_hw_ctx *hctx;
> -
> + struct blk_mq_ctx *ctx = blk_mq_get_ctx(q);
> /*
> * If the IO scheduler does not respect hardware queues when
> * dispatching, we just don't bother with multiple HW queues and
> @@ -2183,8 +2182,8 @@ static struct blk_mq_hw_ctx *blk_mq_get_sq_hctx(struct request_queue *q)
> * just causes lock contention inside the scheduler and pointless cache
> * bouncing.
> */
> - hctx = blk_mq_map_queue_type(q, HCTX_TYPE_DEFAULT,
> - raw_smp_processor_id());
> + struct blk_mq_hw_ctx *hctx = blk_mq_map_queue(q, 0, ctx);
> +
> if (!blk_mq_hctx_stopped(hctx))
> return hctx;
> return NULL;
> --
> 2.31.1
>
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
