On Wed, Jul 03, 2024 at 11:08:49AM +0800, Ming Lei wrote: > > - bip = bio_integrity_alloc(bio, gfp_mask, bip_src->bip_vcnt); > > + bip = bio_integrity_alloc(bio, gfp_mask, 0); > > if (IS_ERR(bip)) > > return PTR_ERR(bip); > > > > - memcpy(bip->bip_vec, bip_src->bip_vec, > > - bip_src->bip_vcnt * sizeof(struct bio_vec)); > > - > > - bip->bip_vcnt = bip_src->bip_vcnt; > > + bip->bip_vec = bip_src->bip_vec; > > bip->bip_iter = bip_src->bip_iter; > > bip->bip_flags = bip_src->bip_flags & ~BIP_BLOCK_INTEGRITY; > > I am curious how the patch avoids double free? Given nothing changes > in bip free code path and source bip_vec is associated with this bip. bvec_free only frees the bvec array if nr_vecs is > BIO_INLINE_VECS. bio_integrity_clone now passes 0 as nr_vecs to bio_integrity_alloc so it won't ever free the bvec array. This matches what we are doing for the data bvec array in the bio.
