It is more lucky that kernel crash does not happen, since we test the
bi_pool in function __bio_clone_fast. Now bi_flags is used to flag the
idx, so it is incorrect to test the bi_pool.
For now, the bio in function __bio_clone_fast may have its own bvec, if
the caller is bio_clone_fast.
Removing the test to fix this issue.
Signed-off-by: Minfei Huang <[email protected]>
---
block/bio.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/block/bio.c b/block/bio.c
index 4f184d9..70d9814 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -573,8 +573,6 @@ EXPORT_SYMBOL(bio_phys_segments);
*/
void __bio_clone_fast(struct bio *bio, struct bio *bio_src)
{
- BUG_ON(bio->bi_pool && BIO_POOL_IDX(bio) != BIO_POOL_NONE);
-
/*
* most users will be overriding ->bi_bdev with a new target,
* so we don't set nor calculate new physical/hw segment counts here
--
2.6.3
This is a memory leaking during splitting the bio by the caller
bio_clone_fast.
Clone bio may allocate its own bvec, if demanding bvec is more than
inline bvec in function bio_alloc_bioset.
bi_io_vec is assigned to the source bio's bvec directly without freeing
it firstly in function __bio_clone_fast.
To fix it, freeing the own bvec firstly before assigning the source
bio's bvec.
Signed-off-by: Minfei Huang <[email protected]>
---
block/bio.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/block/bio.c b/block/bio.c
index 70d9814..b24fd6e 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -581,6 +581,10 @@ void __bio_clone_fast(struct bio *bio, struct bio *bio_src)
bio_set_flag(bio, BIO_CLONED);
bio->bi_rw = bio_src->bi_rw;
bio->bi_iter = bio_src->bi_iter;
+
+ if (bio_flagged(bio, BIO_OWNS_VEC))
+ bvec_free(bio->bi_pool->bvec_pool,
+ bio->bi_io_vec, BIO_POOL_IDX(bio));
bio->bi_io_vec = bio_src->bi_io_vec;
}
EXPORT_SYMBOL(__bio_clone_fast);
--
2.6.3
Sorry to bother you, since I have missed the nr_iovecs in
bio_clone_fast.
Nacked this patch.
Thanks
Minfei
On 12/18/15 at 11:02P, Minfei Huang wrote:
> This is a memory leaking during splitting the bio by the caller
> bio_clone_fast.
>
> Clone bio may allocate its own bvec, if demanding bvec is more than
> inline bvec in function bio_alloc_bioset.
>
> bi_io_vec is assigned to the source bio's bvec directly without freeing
> it firstly in function __bio_clone_fast.
>
> To fix it, freeing the own bvec firstly before assigning the source
> bio's bvec.
>
> Signed-off-by: Minfei Huang <[email protected]>
> ---
> block/bio.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/block/bio.c b/block/bio.c
> index 70d9814..b24fd6e 100644
> --- a/block/bio.c
> +++ b/block/bio.c
> @@ -581,6 +581,10 @@ void __bio_clone_fast(struct bio *bio, struct bio *bio_src)
> bio_set_flag(bio, BIO_CLONED);
> bio->bi_rw = bio_src->bi_rw;
> bio->bi_iter = bio_src->bi_iter;
> +
> + if (bio_flagged(bio, BIO_OWNS_VEC))
> + bvec_free(bio->bi_pool->bvec_pool,
> + bio->bi_io_vec, BIO_POOL_IDX(bio));
> bio->bi_io_vec = bio_src->bi_io_vec;
> }
> EXPORT_SYMBOL(__bio_clone_fast);
> --
> 2.6.3
>
On 12/18/15 at 11:02P, Minfei Huang wrote:
> It is more lucky that kernel crash does not happen, since we test the
> bi_pool in function __bio_clone_fast. Now bi_flags is used to flag the
> idx, so it is incorrect to test the bi_pool.
>
> For now, the bio in function __bio_clone_fast may have its own bvec, if
> the caller is bio_clone_fast.
>
> Removing the test to fix this issue.
>
> Signed-off-by: Minfei Huang <[email protected]>
> ---
> block/bio.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/block/bio.c b/block/bio.c
> index 4f184d9..70d9814 100644
> --- a/block/bio.c
> +++ b/block/bio.c
> @@ -573,8 +573,6 @@ EXPORT_SYMBOL(bio_phys_segments);
> */
> void __bio_clone_fast(struct bio *bio, struct bio *bio_src)
> {
> - BUG_ON(bio->bi_pool && BIO_POOL_IDX(bio) != BIO_POOL_NONE);
> -
Sorry to bother you, since I have missed the nr_iovecs in function
bio_clone_fast.
Will update this patch to make test correct, instead of removing it.
Thanks
Minfei
> /*
> * most users will be overriding ->bi_bdev with a new target,
> * so we don't set nor calculate new physical/hw segment counts here
> --
> 2.6.3
>