blk-mq: use queue_hctx in blk_mq_map_queue_type

Some caller of blk_mq_map_queue_type now didn't grab 'q_usage_counter', such as blk_mq_cpu_mapped_to_hctx, so we need protect 'queue_hw_ctx' through rcu. Also checked all other functions, no more missed cases. Fixes: 89e1fb7ceffd ("blk-mq: fix potential uaf for 'queue_hw_ctx'") Reported-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Fengnan Chang <changfengnan@bytedance.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
author: Fengnan Chang <fengnanchang@gmail.com> 2025-12-01 20:25:04 +0800
committer: Jens Axboe <axboe@kernel.dk> 2025-12-01 07:18:31 -0700
commit: 4d0e1f2139ad452d0e209a16b3d016af2f8ef1f7 (patch)
tree: 5b91cafe9230e82846ee781d1ef991d072bf561e
parent: c1536df9427dc90ec796fb755adcad3cfc469ac7 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/block/blk-mq.h b/block/blk-mq.h
index 80a3f0c2bce7..aa15d31aaae9 100644
--- a/block/blk-mq.h
+++ b/block/blk-mq.h
@@ -84,7 +84,7 @@ static inline struct blk_mq_hw_ctx *blk_mq_map_queue_type(struct request_queue *
 							  enum hctx_type type,
 							  unsigned int cpu)
 {
-	return q->queue_hw_ctx[q->tag_set->map[type].mq_map[cpu]];
+	return queue_hctx((q), (q->tag_set->map[type].mq_map[cpu]));
 }
 
 static inline enum hctx_type blk_mq_get_hctx_type(blk_opf_t opf)
author	Fengnan Chang <fengnanchang@gmail.com>	2025-12-01 20:25:04 +0800
committer	Jens Axboe <axboe@kernel.dk>	2025-12-01 07:18:31 -0700
commit	4d0e1f2139ad452d0e209a16b3d016af2f8ef1f7 (patch)
tree	5b91cafe9230e82846ee781d1ef991d072bf561e
parent	c1536df9427dc90ec796fb755adcad3cfc469ac7 (diff)