[PATCH V3 1/2] blk-mq: add callback of .cleanup_rq

[Ming Lei]

dm-rq needs to free request which has been dispatched and not completed
by underlying queue. However, the underlying queue may have allocated
private data for this request in .queue_rq(), so the request private data
will be leaked in dm multipath IO code path.

Add one new callback of .cleanup_rq() to fix the memory leak.

Another use case is to free request when the hctx is dead during
cpu hotplug context.

Cc: Ewan D. Milne <emi...@redhat.com>
Cc: Bart Van Assche <bvanass...@acm.org>
Cc: Hannes Reinecke <h...@suse.com>
Cc: Christoph Hellwig <h...@lst.de>
Cc: Mike Snitzer <snit...@redhat.com>
Cc: dm-de...@redhat.com
Cc: <sta...@vger.kernel.org>
Fixes: 396eaf21ee17 ("blk-mq: improve DM's blk-mq IO merging via 
blk_insert_cloned_request feedback")
Signed-off-by: Ming Lei <ming....@redhat.com>
---
 drivers/md/dm-rq.c     |  1 +
 include/linux/blk-mq.h | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/drivers/md/dm-rq.c b/drivers/md/dm-rq.c
index c9e44ac1f9a6..21d5c1784d0c 100644
--- a/drivers/md/dm-rq.c
+++ b/drivers/md/dm-rq.c
@@ -408,6 +408,7 @@ static int map_request(struct dm_rq_target_io *tio)
                ret = dm_dispatch_clone_request(clone, rq);
                if (ret == BLK_STS_RESOURCE || ret == BLK_STS_DEV_RESOURCE) {
                        blk_rq_unprep_clone(clone);
+                       blk_mq_cleanup_rq(clone);
                        tio->ti->type->release_clone_rq(clone, &tio->info);
                        tio->clone = NULL;
                        return DM_MAPIO_REQUEUE;
diff --git a/include/linux/blk-mq.h b/include/linux/blk-mq.h
index 3fa1fa59f9b2..ab25e69a15d1 100644
--- a/include/linux/blk-mq.h
+++ b/include/linux/blk-mq.h
@@ -140,6 +140,7 @@ typedef int (poll_fn)(struct blk_mq_hw_ctx *);
 typedef int (map_queues_fn)(struct blk_mq_tag_set *set);
 typedef bool (busy_fn)(struct request_queue *);
 typedef void (complete_fn)(struct request *);
+typedef void (cleanup_rq_fn)(struct request *);
 
 
 struct blk_mq_ops {
@@ -200,6 +201,12 @@ struct blk_mq_ops {
        /* Called from inside blk_get_request() */
        void (*initialize_rq_fn)(struct request *rq);
 
+       /*
+        * Called before freeing one request which isn't completed yet,
+        * and usually for freeing the driver private data
+        */
+       cleanup_rq_fn           *cleanup_rq;
+
        /*
         * If set, returns whether or not this queue currently is busy
         */
@@ -366,4 +373,10 @@ static inline blk_qc_t request_to_qc_t(struct 
blk_mq_hw_ctx *hctx,
                        BLK_QC_T_INTERNAL;
 }
 
+static inline void blk_mq_cleanup_rq(struct request *rq)
+{
+       if (rq->q->mq_ops->cleanup_rq)
+               rq->q->mq_ops->cleanup_rq(rq);
+}
+
 #endif
-- 
2.20.1