blk-mq: use queue_hctx in blk_mq_map_queue_type

Some caller of blk_mq_map_queue_type now didn't grab
'q_usage_counter', such as blk_mq_cpu_mapped_to_hctx, so we need
protect 'queue_hw_ctx' through rcu.

Also checked all other functions, no more missed cases.

Fixes: 89e1fb7ceffd ("blk-mq: fix potential uaf for 'queue_hw_ctx'")
Reported-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Fengnan Chang <changfengnan@bytedance.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/block/blk-mq.h b/block/blk-mq.h
index 80a3f0c2bce76e94901bb285eef95a8e0de08c83..aa15d31aaae9b8aeca144af44819efbcc2ec09fc 100644 (file)
--- a/block/blk-mq.h
+++ b/block/blk-mq.h
@@ -84,7 +84,7 @@ static inline struct blk_mq_hw_ctx *blk_mq_map_queue_type(struct request_queue *
                                                          enum hctx_type type,
                                                          unsigned int cpu)
 {
-       return q->queue_hw_ctx[q->tag_set->map[type].mq_map[cpu]];
+       return queue_hctx((q), (q->tag_set->map[type].mq_map[cpu]));
 }
 
 static inline enum hctx_type blk_mq_get_hctx_type(blk_opf_t opf)