[PATCH v1] ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace()
Peter Wang (王信友)
peter.wang at mediatek.com
Mon Feb 23 21:29:34 PST 2026
On Mon, 2026-02-23 at 09:13 -0800, Bart Van Assche wrote:
> This will cause "-1" to be assigned to hwq_id instead of a queue
> number
> if a request has already been completed. Wouldn't it be better to
> introduce a new helper function that returns READ_ONCE(req->mq_hctx)
> ->queue_num instead of making the above change?
>
> Thanks,
>
> Bart.
Hi Bart,
The default value of hwq_id is 0:
u32 hwq_id = 0;
Additionally, since READ_ONCE(req->mq_hctx) could be NULL,
ufshcd_mcq_req_to_hwq already takes this into account, as shown below:
struct ufs_hw_queue *ufshcd_mcq_req_to_hwq(struct ufs_hba *hba,
struct request *req)
{
struct blk_mq_hw_ctx *hctx = READ_ONCE(req->mq_hctx);
return hctx ? &hba->uhq[hctx->queue_num] : NULL;
}
Therefore, there is no need to assign hwq_id separately.
Thanks
Peter
More information about the Linux-mediatek
mailing list