On Fri, Nov 15, 2019 at 11:40 AM Jens Axboe <axboe@xxxxxxxxx> wrote:
>
> - Fix impossible-to-hit overflow merge condition, that still hit some
> folks very rarely (Junichi)
Hmm. This sounded intriguing, so I looked at it.
It sounds like the 32-bit "bi_size" overflowed, which is one of the
things that bio_full() checks for.
However.
Looking at the *users* of bio_full(), it's not obvious that everything
is ok. For example, in __bio_add_pc_page(), the code does that
if (((bio->bi_iter.bi_size + len) >> 9) > queue_max_hw_sectors(q))
return 0;
*before* checking for the overflow condition.
So it could cause that bio_try_merge_pc_page() to be done despite the
overflow, and happily that path ends up having the bio_full() test
later anyway, but it does look a bit worrisome.
There's also __bio_add_page(), which does have a WARN_ON_ONCE(), but
then goes on and does the bi_size update regardless. Hmm.. It does
look like all callers either check bio_full() before, or do it with a
newly allocated bio.
Linus
