On Thu, Jan 26, 2017 at 02:57:54PM +0300, Kirill A. Shutemov wrote: > Do not assume length of bio segment is never larger than PAGE_SIZE. > With huge pages it's HPAGE_PMD_SIZE (2M on x86-64). I don't think we even need hugepages for BRD to be buggy. I think there are already places which allocate compound pages (not in highmem, obviously ...) and put them in biovecs. So this is pure and simple a bugfix. That said, I find the current code in brd a bit inelegant, and I don't think this patch helps... indeed, I think it's buggy: > @@ -202,12 +202,15 @@ static int copy_to_brd_setup(struct brd_device *brd, sector_t sector, size_t n) > size_t copy; > > copy = min_t(size_t, n, PAGE_SIZE - offset); > + n -= copy; > if (!brd_insert_page(brd, sector)) > return -ENOSPC; > - if (copy < n) { > + while (n) { > sector += copy >> SECTOR_SHIFT; > if (!brd_insert_page(brd, sector)) > return -ENOSPC; > + copy = min_t(size_t, n, PAGE_SIZE); > + n -= copy; > } We're decrementing 'n' to 0, then testing it, so we never fill in the last page ... right? Anyway, here's my effort. Untested. diff --git a/drivers/block/brd.c b/drivers/block/brd.c index 3adc32a3153b..0802a6abcd81 100644 --- a/drivers/block/brd.c +++ b/drivers/block/brd.c @@ -202,12 +202,14 @@ static int copy_to_brd_setup(struct brd_device *brd, sector_t sector, size_t n) size_t copy; copy = min_t(size_t, n, PAGE_SIZE - offset); - if (!brd_insert_page(brd, sector)) - return -ENOSPC; - if (copy < n) { - sector += copy >> SECTOR_SHIFT; + for (;;) { if (!brd_insert_page(brd, sector)) return -ENOSPC; + n -= copy; + if (!n) + break; + sector += copy >> SECTOR_SHIFT; + copy = min_t(size_t, n, PAGE_SIZE); } return 0; } @@ -239,26 +241,23 @@ static void copy_to_brd(struct brd_device *brd, const void *src, struct page *page; void *dst; unsigned int offset = (sector & (PAGE_SECTORS-1)) << SECTOR_SHIFT; - size_t copy; + size_t copy = min_t(size_t, n, PAGE_SIZE - offset); - copy = min_t(size_t, n, PAGE_SIZE - offset); - page = brd_lookup_page(brd, sector); - BUG_ON(!page); - - dst = kmap_atomic(page); - memcpy(dst + offset, src, copy); - kunmap_atomic(dst); - - if (copy < n) { - src += copy; - sector += copy >> SECTOR_SHIFT; - copy = n - copy; + for (;;) { page = brd_lookup_page(brd, sector); BUG_ON(!page); dst = kmap_atomic(page); - memcpy(dst, src, copy); + memcpy(dst + offset, src, copy); kunmap_atomic(dst); + + n -= copy; + if (!n) + break; + src += copy; + sector += copy >> SECTOR_SHIFT; + offset = 0; + copy = min_t(size_t, n, PAGE_SIZE); } } @@ -271,28 +270,24 @@ static void copy_from_brd(void *dst, struct brd_device *brd, struct page *page; void *src; unsigned int offset = (sector & (PAGE_SECTORS-1)) << SECTOR_SHIFT; - size_t copy; + size_t copy = min_t(size_t, n, PAGE_SIZE - offset); - copy = min_t(size_t, n, PAGE_SIZE - offset); - page = brd_lookup_page(brd, sector); - if (page) { - src = kmap_atomic(page); - memcpy(dst, src + offset, copy); - kunmap_atomic(src); - } else - memset(dst, 0, copy); - - if (copy < n) { - dst += copy; - sector += copy >> SECTOR_SHIFT; - copy = n - copy; + for (;;) { page = brd_lookup_page(brd, sector); if (page) { src = kmap_atomic(page); - memcpy(dst, src, copy); + memcpy(dst, src + offset, copy); kunmap_atomic(src); } else memset(dst, 0, copy); + + n -= copy; + if (!n) + break; + dst += copy; + sector += copy >> SECTOR_SHIFT; + offset = 0; + copy = min_t(size_t, n, PAGE_SIZE); } }