On Mon, Dec 09, 2019 at 08:11:14PM +0100, Andreas Gruenbacher wrote:
> This partially reverts commit e3a5d8e386c3fb973fa75f2403622a8f3640ec06.
>
> Commit e3a5d8e386c3 ("check bi_size overflow before merge") adds a bio_full
> check to __bio_try_merge_page. This will cause __bio_try_merge_page to fail
> when the last bi_io_vec has been reached. Instead, what we want here is only
> the bi_size overflow check.
>
> Fixes: e3a5d8e386c3 ("block: check bi_size overflow before merge")
> Cc: stable@xxxxxxxxxxxxxxx # v5.4+
> Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
> ---
> block/bio.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/block/bio.c b/block/bio.c
> index 9d54aa37ce6c..a5d75f6bf4c7 100644
> --- a/block/bio.c
> +++ b/block/bio.c
> @@ -754,10 +754,12 @@ bool __bio_try_merge_page(struct bio *bio, struct page *page,
> if (WARN_ON_ONCE(bio_flagged(bio, BIO_CLONED)))
> return false;
>
> - if (bio->bi_vcnt > 0 && !bio_full(bio, len)) {
> + if (bio->bi_vcnt > 0) {
> struct bio_vec *bv = &bio->bi_io_vec[bio->bi_vcnt - 1];
>
> if (page_is_mergeable(bv, page, len, off, same_page)) {
> + if (bio->bi_iter.bi_size > UINT_MAX - len)
> + return false;
> bv->bv_len += len;
> bio->bi_iter.bi_size += len;
> return true;
page merging doesn't consume new bvec, so this patch is correct:
Reviewed-by: Ming Lei <ming.lei@xxxxxxxxxx>
Thanks,
Ming
