Trim bio to sensible size in bio_trim() or something bad may happen.
Signed-off-by: Miaohe Lin <[email protected]>
---
block/bio.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/block/bio.c b/block/bio.c
index a9931f23d933..94e4f97d3d4e 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -1509,7 +1509,8 @@ void bio_trim(struct bio *bio, int offset, int size)
return;
bio_advance(bio, offset << 9);
- bio->bi_iter.bi_size = size;
+ if (likely(bio->bi_iter.bi_size >= size))
+ bio->bi_iter.bi_size = size;
if (bio_integrity(bio))
bio_integrity_trim(bio);
--
2.19.1
On 8/29/20 3:37 AM, Miaohe Lin wrote:
> Trim bio to sensible size in bio_trim() or something bad may happen.
This really needs a LOT more detail. What is "something bad"? How does
this condition trigger to begin with?
--
Jens Axboe
Jens Axboe <[email protected]> wrote:
>On 8/29/20 3:37 AM, Miaohe Lin wrote:
>> Trim bio to sensible size in bio_trim() or something bad may happen.
>
>This really needs a LOT more detail. What is "something bad"? How does this condition trigger to begin with?
>
Many thanks for your reply.
I do this mainly by code review, so I didn't find the condition trigger to begin with. But I think it's better
to do such a check as this is a external Interface. Also If bio_trim() set bio->bi_iter.bi_size to a value larger than the origin one,
we may access the bio_vec past the last one of bio->bi_io_vec in for_each_bvec macro.
>--
>Jens Axboe
>