Message ID | 20190417011126.20430-1-ming.lei@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [V2] block: make sure that bvec length can't be overflow | expand |
On 4/16/19 7:11 PM, Ming Lei wrote: > bvec->bv_offset may be bigger than PAGE_SIZE sometimes, such as, > when one bio is splitted in the middle of one bvec via bio_split(), > and bi_iter.bi_bvec_done is used to build offset of the 1st bvec of > remained bio. And the remained bio's bvec may be re-submitted to fs > layer via ITER_IBVEC, such as loop and nvme-loop. > > So we have to make sure that every bvec's offset is less than > PAGE_SIZE from bio_for_each_segment_all() because some drivers(loop, > nvme-loop) passes the splitted bvec to fs layer via ITER_BVEC. > > This patch fixes this issue reported by Zhang Yi When running nvme/011. Applied, thanks.
diff --git a/include/linux/bvec.h b/include/linux/bvec.h index 3bc91879e1e2..ff13cbc1887d 100644 --- a/include/linux/bvec.h +++ b/include/linux/bvec.h @@ -160,8 +160,9 @@ static inline void bvec_advance(const struct bio_vec *bvec, bv->bv_page = nth_page(bv->bv_page, 1); bv->bv_offset = 0; } else { - bv->bv_page = bvec->bv_page; - bv->bv_offset = bvec->bv_offset; + bv->bv_page = bvec_nth_page(bvec->bv_page, bvec->bv_offset / + PAGE_SIZE); + bv->bv_offset = bvec->bv_offset & ~PAGE_MASK; } bv->bv_len = min_t(unsigned int, PAGE_SIZE - bv->bv_offset, bvec->bv_len - iter_all->done);