Re: [PATCH] ublk: skip blk_mq_tag_to_rq() bounds check

[Ming Lei <ming.lei@redhat.com>]

On Fri, Apr 11, 2025 at 12:51:10PM -0700, Caleb Sander Mateos wrote:
> On Fri, Apr 11, 2025 at 12:56 AM Ming Lei <ming.lei@redhat.com> wrote:
> >
> > On Tue, Apr 08, 2025 at 08:49:54PM -0600, Caleb Sander Mateos wrote:
> > > The ublk driver calls blk_mq_tag_to_rq() in several places.
> > > blk_mq_tag_to_rq() tolerates an invalid tag for the tagset, checking it
> > > against the number of tags and returning NULL if it is out of bounds.
> > > But all the calls from the ublk driver have already verified the tag
> > > against the ublk queue's queue depth. In ublk_commit_completion(),
> > > ublk_handle_need_get_data(), and case UBLK_IO_COMMIT_AND_FETCH_REQ, the
> > > tag has already been checked in __ublk_ch_uring_cmd(). In
> > > ublk_abort_queue(), the loop bounds the tag by the queue depth. In
> > > __ublk_check_and_get_req(), the tag has already been checked in
> > > __ublk_ch_uring_cmd(), in the case of ublk_register_io_buf(), or in
> > > ublk_check_and_get_req().
> > >
> > > So just index the tagset's rqs array directly in the ublk driver.
> > > Convert the tags to unsigned, as blk_mq_tag_to_rq() does.
> >
> > If blk_mq_tag_to_rq() turns out to be not efficient enough, we can kill it
> > in fast path by storing it in ublk_io and sharing space with 'struct io_uring_cmd *',
> > since the two's lifetime isn't overlapped basically.
> 
> I agree it would be nice to just store a pointer from in struct
> ublk_io to its current struct request. I guess we would set it in
> ubq_complete_io_cmd() and clear it in ublk_commit_completion()
> (matching when UBLK_IO_FLAG_OWNED_BY_SRV is set), as well as in
> ublk_timeout() for UBLK_F_UNPRIVILEGED_DEV?
> 
> I'm not sure it is possible to overlap the fields, though. When using
> UBLK_U_IO_NEED_GET_DATA, the cmd field is overwritten with the a
> pointer to the UBLK_U_IO_NEED_GET_DATA command, but the req would need

Both UBLK_U_IO_NEED_GET_DATA & UBLK_IO_COMMIT_AND_FETCH_REQ share same
usage on uring_cmd/request actually. 

Especially for UBLK_U_IO_NEED_GET_DATA, the uring cmd pointer needn't to be
stored in ublk_io.  Or just keep to use blk_mq_tag_to_rq() simply for it
only.

> to be recorded earlier upon completion of the
> UBLK_U_IO_(COMMIT_AND_)FETCH_REQ command.

Each one can be moved in local variable first, then store it.

If we do this way, helper can be added for set/get cmd/req from ublk_io,
then the implementation can be reliable & readable.

> Would you be okay with 2 separate fields?

Yeah, I think it is fine to do it first.


Thanks,
Ming