lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aVO6my9tG1djaKpA@fedora>
Date: Tue, 30 Dec 2025 19:42:19 +0800
From: Ming Lei <ming.lei@...hat.com>
To: Cong Zhang <cong.zhang@....qualcomm.com>
Cc: Jens Axboe <axboe@...nel.dk>, linux-arm-msm@...r.kernel.org,
	linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] blk-mq: skip CPU offline notify on unmapped hctx

On Tue, Dec 30, 2025 at 05:17:05PM +0800, Cong Zhang wrote:
> If an hctx has no software ctx mapped, blk_mq_map_swqueue() never
> allocates tags and leaves hctx->tags NULL. The CPU hotplug offline
> notifier can still run for that hctx, return early since hctx cannot
> hold any requests.
> 
> Signed-off-by: Cong Zhang <cong.zhang@....qualcomm.com>

Fixes: bf0beec0607d ("blk-mq: drain I/O when all CPUs in a hctx are offline")

> ---
> This issue was observed during CPU hotplug. If an hctx is not mapped,
> offlining a CPU can trigger a kernel crash.
> When a block device does not map all hctx, some hctx instances may remain
> unused. These unused hctx can still receive CPU offline notifications and
> enter blk_mq_hctx_notify_offline().
> blk_mq_hctx_notify_offline() calls blk_mq_hctx_has_requests() to check
> whether there are pending requests on the hctx. However, unused hctx do
> not have tags allocated, which leads to a crash.
> Since an unused hctx cannot have any requests, fix this by returning
> early when nr_ctx is zero, skipping blk_mq_hctx_notify_offline().
> ---
>  block/blk-mq.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/block/blk-mq.c b/block/blk-mq.c
> index 1978eef95dca3fb332a73aeff7b9613ee770a8a3..eff4f72ce83be80aac9da86aab35079be7d2b5e4 100644
> --- a/block/blk-mq.c
> +++ b/block/blk-mq.c
> @@ -3721,7 +3721,7 @@ static int blk_mq_hctx_notify_offline(unsigned int cpu, struct hlist_node *node)
>  			struct blk_mq_hw_ctx, cpuhp_online);
>  	int ret = 0;
>  
> -	if (blk_mq_hctx_has_online_cpu(hctx, cpu))
> +	if (!hctx->nr_ctx || blk_mq_hctx_has_online_cpu(hctx, cpu))
>  		return 0;

Looks correct, and the notify_online handler won't touch hctx->tags:

Reviewed-by: Ming Lei <ming.lei@...hat.com>


Thanks,
Ming

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ