From 4d0e1f2139ad452d0e209a16b3d016af2f8ef1f7 Mon Sep 17 00:00:00 2001
From: Fengnan Chang <fengnanchang@gmail.com>
Date: Mon, 1 Dec 2025 20:25:04 +0800
Subject: [PATCH] blk-mq: use queue_hctx in blk_mq_map_queue_type

Some caller of blk_mq_map_queue_type now didn't grab
'q_usage_counter', such as blk_mq_cpu_mapped_to_hctx, so we need
protect 'queue_hw_ctx' through rcu.

Also checked all other functions, no more missed cases.

Fixes: 89e1fb7ceffd ("blk-mq: fix potential uaf for 'queue_hw_ctx'")
Reported-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Fengnan Chang <changfengnan@bytedance.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
 block/blk-mq.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/blk-mq.h b/block/blk-mq.h
index 80a3f0c2bce7..aa15d31aaae9 100644
--- a/block/blk-mq.h
+++ b/block/blk-mq.h
@@ -84,7 +84,7 @@ static inline struct blk_mq_hw_ctx *blk_mq_map_queue_type(struct request_queue *
 							  enum hctx_type type,
 							  unsigned int cpu)
 {
-	return q->queue_hw_ctx[q->tag_set->map[type].mq_map[cpu]];
+	return queue_hctx((q), (q->tag_set->map[type].mq_map[cpu]));
 }
 
 static inline enum hctx_type blk_mq_get_hctx_type(blk_opf_t opf)
-- 
2.47.3