Hi Bart, > On Mar 16, 2017, at 3:27 PM, Bart Van Assche <bart.vanassche@xxxxxxxxxxx> wrote: > > On Thu, 2017-03-16 at 14:40 -0700, Himanshu Madhani wrote: >> +static int >> +scsi_poll(struct blk_mq_hw_ctx *hctx, unsigned int tag) >> + >> +{ >> + struct Scsi_Host *shost = hctx->driver_data; >> + struct request *req; >> + struct scsi_cmnd *cmd; >> + >> + req = blk_mq_tag_to_rq(shost->tag_set.tags[hctx->queue_num], tag); >> + if (!req) >> + return 0; >> + >> + cmd = blk_mq_rq_to_pdu(req); >> + if (!cmd) >> + return 0; >> + >> + if (shost->hostt->poll_queue) >> + return(shost->hostt->poll_queue(shost, cmd)); >> + else return 0; >> +} > > What will happen if the request with tag 'tag' is completed after the block > layer decided to call this function and before this function had the chance > to call blk_mq_tag_to_rq()? Will this trigger a kernel crash? Also, please > format patches properly. This is what checkpatch reports for this patch: > Tag is passed into here by rq->tag When tag goes to blk_mq_tag_to_rq it just indexes to the rqs array using tag: struct request *blk_mq_tag_to_rq(struct blk_mq_tags *tags, unsigned int tag) { if (tag < tags->nr_tags) { prefetch(tags->rqs[tag]); return tags->rqs[tag]; } return NULL; So if tag is invalid(too large), it returns NULL. Every step it validates it has a valid * before continuing. Worse case we poll for a completion that has already completed. We don’t think this will result into NULL pointer crash. > ERROR: code indent should use tabs where possible > #244: FILE: drivers/scsi/scsi_lib.c:2161: > + struct Scsi_Host *shost = hctx->driver_data;$ > > WARNING: please, no spaces at the start of a line > #244: FILE: drivers/scsi/scsi_lib.c:2161: > + struct Scsi_Host *shost = hctx->driver_data;$ > > ERROR: code indent should use tabs where possible > #245: FILE: drivers/scsi/scsi_lib.c:2162: > + struct request *req;$ > > WARNING: please, no spaces at the start of a line > #245: FILE: drivers/scsi/scsi_lib.c:2162: > + struct request *req;$ > > ERROR: code indent should use tabs where possible > #246: FILE: drivers/scsi/scsi_lib.c:2163: > + struct scsi_cmnd *cmd;$ > > WARNING: please, no spaces at the start of a line > #246: FILE: drivers/scsi/scsi_lib.c:2163: > + struct scsi_cmnd *cmd;$ > > ERROR: code indent should use tabs where possible > #248: FILE: drivers/scsi/scsi_lib.c:2165: > + req = blk_mq_tag_to_rq(shost->tag_set.tags[hctx->queue_num], tag);$ > > WARNING: please, no spaces at the start of a line > #248: FILE: drivers/scsi/scsi_lib.c:2165: > + req = blk_mq_tag_to_rq(shost->tag_set.tags[hctx->queue_num], tag);$ > > ERROR: code indent should use tabs where possible > #249: FILE: drivers/scsi/scsi_lib.c:2166: > + if (!req)$ > > WARNING: please, no spaces at the start of a line > #249: FILE: drivers/scsi/scsi_lib.c:2166: > + if (!req)$ > > ERROR: code indent should use tabs where possible > #250: FILE: drivers/scsi/scsi_lib.c:2167: > + return 0;$ > > WARNING: please, no spaces at the start of a line > #250: FILE: drivers/scsi/scsi_lib.c:2167: > + return 0;$ > > ERROR: code indent should use tabs where possible > #252: FILE: drivers/scsi/scsi_lib.c:2169: > + cmd = blk_mq_rq_to_pdu(req);$ > > WARNING: please, no spaces at the start of a line > #252: FILE: drivers/scsi/scsi_lib.c:2169: > + cmd = blk_mq_rq_to_pdu(req);$ > > ERROR: return is not a function, parentheses are not required > #257: FILE: drivers/scsi/scsi_lib.c:2174: > + return(shost->hostt->poll_queue(shost, cmd)); > > ERROR: trailing statements should be on next line > #258: FILE: drivers/scsi/scsi_lib.c:2175: > + else return 0; > > WARNING: line over 80 characters > #262: FILE: drivers/scsi/scsi_lib.c:2179: > +__scsi_init_hctx(struct blk_mq_hw_ctx *hctx, struct Scsi_Host *shost, unsigned int hctx_idx) > > WARNING: Unnecessary space before function pointer name > #306: FILE: include/scsi/scsi_host.h:139: > + int (* poll_queue)(struct Scsi_Host *, struct scsi_cmnd *); > > ERROR: space prohibited after that '*' (ctx:BxW) > #306: FILE: include/scsi/scsi_host.h:139: > + int (* poll_queue)(struct Scsi_Host *, struct scsi_cmnd *); > ^ > Thanks, > > Bart. Thanks, - Himanshu