When we're submitting a bio from stack and this ends up being split, we
call bio_put(). bio_put() will eventually call bio_free() if the reference
count drops to 0. But freeing the bio is wrong, as it was never allocated
out of the bio's mempool.
Flag each normally allocated bio as 'BIO_ALLOCATED' and skip freeing if the
flag isn't set.
Fixes: 189ce2b9dcc3 ("block: fast-path for small and simple direct I/O requests")
Signed-off-by: Johannes Thumshirn <jthumshirn@xxxxxxx>
---
block/bio.c | 4 ++++
include/linux/blk_types.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/block/bio.c b/block/bio.c
index 87a515e93bee..ba6949f111b7 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -255,6 +255,9 @@ static void bio_free(struct bio *bio)
bio_uninit(bio);
+ if (!bio_flagged(bio, BIO_ALLOCED))
+ return;
+
if (bs) {
bvec_free(&bs->bvec_pool, bio->bi_io_vec, BVEC_POOL_IDX(bio));
@@ -523,6 +526,7 @@ struct bio *bio_alloc_bioset(gfp_t gfp_mask, unsigned int nr_iovecs,
bvl = bio->bi_inline_vecs;
}
+ bio_set_flag(bio, BIO_ALLOCED);
bio->bi_pool = bs;
bio->bi_max_vecs = nr_iovecs;
bio->bi_io_vec = bvl;
diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h
index 1d28992a20f0..19d7402a9af3 100644
--- a/include/linux/blk_types.h
+++ b/include/linux/blk_types.h
@@ -229,6 +229,7 @@ enum {
* of this bio. */
BIO_QUEUE_ENTERED, /* can use blk_queue_enter_live() */
BIO_TRACKED, /* set if bio goes through the rq_qos path */
+ BIO_ALLOCED, /* bio allocated by bio_alloc_bioset */
BIO_FLAG_LAST
};
--
2.16.4
