@@ -255,6 +255,9 @@ static void bio_free(struct bio *bio)
bio_uninit(bio);
+ if (!bio_flagged(bio, BIO_ALLOCED))
+ return;
+
if (bs) {
bvec_free(&bs->bvec_pool, bio->bi_io_vec, BVEC_POOL_IDX(bio));
@@ -521,6 +524,7 @@ struct bio *bio_alloc_bioset(gfp_t gfp_mask, unsigned int nr_iovecs,
bvl = bio->bi_inline_vecs;
}
+ bio_set_flag(bio, BIO_ALLOCED);
bio->bi_pool = bs;
bio->bi_max_vecs = nr_iovecs;
bio->bi_io_vec = bvl;
@@ -216,6 +216,7 @@ struct bio {
* bio flags
*/
enum {
+ BIO_ALLOCED = 0, /* bio allocated by bio_alloc_bioset */
BIO_SEG_VALID = 1, /* bi_phys_segments valid */
BIO_CLONED = 2, /* doesn't own data */
BIO_BOUNCED = 3, /* bio is a bounce bio */
When we're submitting a bio from stack and this ends up being split, we call bio_put(). bio_put() will eventually call bio_free() if the reference count drops to 0. But freeing the bio is wrong, as it was never allocated out of the bio's mempool. Flag each normally allocated bio as 'BIO_ALLOCATED' and skip freeing if the flag isn't set. Fixes: 189ce2b9dcc3 ("block: fast-path for small and simple direct I/O requests") Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de> --- block/bio.c | 4 ++++ include/linux/blk_types.h | 1 + 2 files changed, 5 insertions(+)