On Thu, Jul 02, 2020 at 10:10:10AM -0400, Qian Cai wrote: > On Mon, Jun 29, 2020 at 09:39:45PM +0200, Christoph Hellwig wrote: > > Split out a __submit_bio_noacct helper for the actual de-recursion > > algorithm, and simplify the loop by using a continue when we can't > > enter the queue for a bio. > > > > Signed-off-by: Christoph Hellwig <hch@xxxxxx> > > Reverting this commit and its dependencies, > > 5a6c35f9af41 block: remove direct_make_request > ff93ea0ce763 block: shortcut __submit_bio_noacct for blk-mq drivers > > fixed the stack-out-of-bounds during boot, > > https://lore.kernel.org/linux-block/000000000000bcdeaa05a97280e4@xxxxxxxxxx/ Yikes. bio_alloc_bioset pokes into bio_list[1] in a totally undocumented way. But even with that the problem should only show up with "block: shortcut __submit_bio_noacct for blk-mq drivers". Can you try this patch? diff --git a/block/blk-core.c b/block/blk-core.c index bf882b8d84450c..9f1bf8658b611a 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -1155,11 +1155,10 @@ static blk_qc_t __submit_bio_noacct(struct bio *bio) static blk_qc_t __submit_bio_noacct_mq(struct bio *bio) { struct gendisk *disk = bio->bi_disk; - struct bio_list bio_list; + struct bio_list bio_list[2] = { }; blk_qc_t ret = BLK_QC_T_NONE; - bio_list_init(&bio_list); - current->bio_list = &bio_list; + current->bio_list = bio_list; do { WARN_ON_ONCE(bio->bi_disk != disk); @@ -1174,7 +1173,7 @@ static blk_qc_t __submit_bio_noacct_mq(struct bio *bio) } ret = blk_mq_submit_bio(bio); - } while ((bio = bio_list_pop(&bio_list))); + } while ((bio = bio_list_pop(&bio_list[0]))); current->bio_list = NULL; return ret;
