On Wed, Aug 30, 2017 at 02:51:05PM -0700, Shaohua Li wrote: > lo_rw_aio->call_read_iter-> > 1 aops->direct_IO > 2 iov_iter_revert > lo_rw_aio_complete could happen between 1 and 2, the bio and bvec could > be freed before 2, which accesses bvec. please ignore this one, I accidentally sent it out. The correct fix is in another patch. > This conflicts with my direcio performance improvement patches, which > I'll resend. > > Signed-off-by: Shaohua Li <shli@xxxxxx> > --- > drivers/block/loop.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/block/loop.c b/drivers/block/loop.c > index ef83349..153ab3c 100644 > --- a/drivers/block/loop.c > +++ b/drivers/block/loop.c > @@ -490,6 +490,7 @@ static int lo_rw_aio(struct loop_device *lo, struct loop_cmd *cmd, > bvec = __bvec_iter_bvec(bio->bi_io_vec, bio->bi_iter); > iov_iter_bvec(&iter, ITER_BVEC | rw, bvec, > bio_segments(bio), blk_rq_bytes(cmd->rq)); > + bio_inc_remaining(bio); > /* > * This bio may be started from the middle of the 'bvec' > * because of bio splitting, so offset from the bvec must > @@ -507,6 +508,7 @@ static int lo_rw_aio(struct loop_device *lo, struct loop_cmd *cmd, > else > ret = call_read_iter(file, &cmd->iocb, &iter); > > + bio_endio(bio); > if (ret != -EIOCBQUEUED) > cmd->iocb.ki_complete(&cmd->iocb, ret, 0); > return 0; > -- > 2.9.5 >
