On Wed, Jul 3, 2024 at 12:46 PM Christoph Hellwig <hch@xxxxxx> wrote: > > On Wed, Jul 03, 2024 at 11:08:49AM +0800, Ming Lei wrote: > > > - bip = bio_integrity_alloc(bio, gfp_mask, bip_src->bip_vcnt); > > > + bip = bio_integrity_alloc(bio, gfp_mask, 0); > > > if (IS_ERR(bip)) > > > return PTR_ERR(bip); > > > > > > - memcpy(bip->bip_vec, bip_src->bip_vec, > > > - bip_src->bip_vcnt * sizeof(struct bio_vec)); > > > - > > > - bip->bip_vcnt = bip_src->bip_vcnt; > > > + bip->bip_vec = bip_src->bip_vec; > > > bip->bip_iter = bip_src->bip_iter; > > > bip->bip_flags = bip_src->bip_flags & ~BIP_BLOCK_INTEGRITY; > > > > I am curious how the patch avoids double free? Given nothing changes > > in bip free code path and source bip_vec is associated with this bip. > > bvec_free only frees the bvec array if nr_vecs is > BIO_INLINE_VECS. > bio_integrity_clone now passes 0 as nr_vecs to bio_integrity_alloc > so it won't ever free the bvec array. This matches what we are > doing for the data bvec array in the bio. OK, thanks for the clarification! Reviewed-by: Ming Lei <ming.lei@xxxxxxxxxx>
