On Fri, Apr 07, 2023 at 12:16:34PM -0700, Keith Busch wrote: >From: Keith Busch > >We can finish the metadata copy inline with the completion. After that, >there's really nothing else different between the meta and non-meta data >end_io callbacks, so unify them. > >Signed-off-by: Keith Busch >--- > drivers/nvme/host/ioctl.c | 57 +++++++-------------------------------- > 1 file changed, 9 insertions(+), 48 deletions(-) > >diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c >index 278c57ee0db91..a1e0a14dadedc 100644 >--- a/drivers/nvme/host/ioctl.c >+++ b/drivers/nvme/host/ioctl.c >@@ -465,29 +465,6 @@ static inline struct nvme_uring_cmd_pdu *nvme_uring_cmd_pdu( > return (struct nvme_uring_cmd_pdu *)&ioucmd->pdu; > } > >-static void nvme_uring_task_meta_cb(struct io_uring_cmd *ioucmd, >- unsigned issue_flags) >-{ >- struct nvme_uring_cmd_pdu *pdu = nvme_uring_cmd_pdu(ioucmd); >- struct request *req = pdu->req; >- int status; >- u64 result; >- >- if (nvme_req(req)->flags & NVME_REQ_CANCELLED) >- status = -EINTR; >- else >- status = nvme_req(req)->status; >- >- result = le64_to_cpu(nvme_req(req)->result.u64); >- >- if (pdu->meta_len) >- status = nvme_finish_user_metadata(req, pdu->u.meta_buffer, >- pdu->u.meta, pdu->meta_len, status); >- blk_mq_free_request(req); >- >- io_uring_cmd_done(ioucmd, status, result, issue_flags); >-} >- > static void nvme_uring_task_cb(struct io_uring_cmd *ioucmd, > unsigned issue_flags) > { >@@ -502,11 +479,16 @@ static enum rq_end_io_ret nvme_uring_cmd_end_io(struct request *req, > struct io_uring_cmd *ioucmd = req->end_io_data; > struct nvme_uring_cmd_pdu *pdu = nvme_uring_cmd_pdu(ioucmd); > void *cookie = READ_ONCE(ioucmd->cookie); >+ int status = nvme_req(req)->status; > > if (nvme_req(req)->flags & NVME_REQ_CANCELLED) >- pdu->nvme_status = -EINTR; >- else >- pdu->nvme_status = nvme_req(req)->status; >+ status = -EINTR; >+ >+ if (pdu->meta_len) >+ status = nvme_finish_user_metadata(req, pdu->u.meta_buffer, >+ pdu->u.meta, pdu->meta_len, status); nvme_finish_user_metadata does copy_to_user. Here also the attempt was not to touch that memory in interrupt context.