On 11/15/19 2:17 PM, Linus Torvalds wrote: > On Fri, Nov 15, 2019 at 11:40 AM Jens Axboe <axboe@xxxxxxxxx> wrote: >> >> - Fix impossible-to-hit overflow merge condition, that still hit some >> folks very rarely (Junichi) > > Hmm. This sounded intriguing, so I looked at it. > > It sounds like the 32-bit "bi_size" overflowed, which is one of the > things that bio_full() checks for. > > However. > > Looking at the *users* of bio_full(), it's not obvious that everything > is ok. For example, in __bio_add_pc_page(), the code does that > > if (((bio->bi_iter.bi_size + len) >> 9) > queue_max_hw_sectors(q)) > return 0; > > *before* checking for the overflow condition. > > So it could cause that bio_try_merge_pc_page() to be done despite the > overflow, and happily that path ends up having the bio_full() test > later anyway, but it does look a bit worrisome. > > There's also __bio_add_page(), which does have a WARN_ON_ONCE(), but > then goes on and does the bi_size update regardless. Hmm.. It does > look like all callers either check bio_full() before, or do it with a > newly allocated bio. We'll go over these asap. As a note, the 'pc' variants are not for normal file system IO, they are only for requests submitted through some sort of packet command, generally ioctls and such. Should of course be correct, but it's not as critical as the normal IO path. -- Jens Axboe
