Patch "block: handle bio_split_to_limits() NULL return" has been added to the 6.1-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 16 Jan 2023 15:49:53 +0100

This is a note to let you know that I've just added the patch titled

    block: handle bio_split_to_limits() NULL return

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     block-handle-bio_split_to_limits-null-return.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 613b14884b8595e20b9fac4126bf627313827fbe Mon Sep 17 00:00:00 2001
From: Jens Axboe <axboe@xxxxxxxxx>
Date: Wed, 4 Jan 2023 08:51:19 -0700
Subject: block: handle bio_split_to_limits() NULL return

From: Jens Axboe <axboe@xxxxxxxxx>

commit 613b14884b8595e20b9fac4126bf627313827fbe upstream.

This can't happen right now, but in preparation for allowing
bio_split_to_limits() returning NULL if it ended the bio, check for it
in all the callers.

Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 block/blk-merge.c             |    4 +++-
 block/blk-mq.c                |    5 ++++-
 drivers/block/drbd/drbd_req.c |    2 ++
 drivers/block/ps3vram.c       |    2 ++
 drivers/md/dm.c               |    2 ++
 drivers/md/md.c               |    2 ++
 drivers/nvme/host/multipath.c |    2 ++
 drivers/s390/block/dcssblk.c  |    2 ++
 8 files changed, 19 insertions(+), 2 deletions(-)

--- a/block/blk-merge.c
+++ b/block/blk-merge.c
@@ -358,11 +358,13 @@ struct bio *__bio_split_to_limits(struct
 	default:
 		split = bio_split_rw(bio, lim, nr_segs, bs,
 				get_max_io_size(bio, lim) << SECTOR_SHIFT);
+		if (IS_ERR(split))
+			return NULL;
 		break;
 	}
 
 	if (split) {
-		/* there isn't chance to merge the splitted bio */
+		/* there isn't chance to merge the split bio */
 		split->bi_opf |= REQ_NOMERGE;
 
 		blkcg_bio_issue_init(split);
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2919,8 +2919,11 @@ void blk_mq_submit_bio(struct bio *bio)
 	blk_status_t ret;
 
 	bio = blk_queue_bounce(bio, q);
-	if (bio_may_exceed_limits(bio, &q->limits))
+	if (bio_may_exceed_limits(bio, &q->limits)) {
 		bio = __bio_split_to_limits(bio, &q->limits, &nr_segs);
+		if (!bio)
+			return;
+	}
 
 	if (!bio_integrity_prep(bio))
 		return;
--- a/drivers/block/drbd/drbd_req.c
+++ b/drivers/block/drbd/drbd_req.c
@@ -1607,6 +1607,8 @@ void drbd_submit_bio(struct bio *bio)
 	struct drbd_device *device = bio->bi_bdev->bd_disk->private_data;
 
 	bio = bio_split_to_limits(bio);
+	if (!bio)
+		return;
 
 	/*
 	 * what we "blindly" assume:
--- a/drivers/block/ps3vram.c
+++ b/drivers/block/ps3vram.c
@@ -587,6 +587,8 @@ static void ps3vram_submit_bio(struct bi
 	dev_dbg(&dev->core, "%s\n", __func__);
 
 	bio = bio_split_to_limits(bio);
+	if (!bio)
+		return;
 
 	spin_lock_irq(&priv->lock);
 	busy = !bio_list_empty(&priv->list);
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -1755,6 +1755,8 @@ static void dm_split_and_process_bio(str
 		 * otherwise associated queue_limits won't be imposed.
 		 */
 		bio = bio_split_to_limits(bio);
+		if (!bio)
+			return;
 	}
 
 	init_clone_info(&ci, md, map, bio, is_abnormal);
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -443,6 +443,8 @@ static void md_submit_bio(struct bio *bi
 	}
 
 	bio = bio_split_to_limits(bio);
+	if (!bio)
+		return;
 
 	if (mddev->ro == 1 && unlikely(rw == WRITE)) {
 		if (bio_sectors(bio) != 0)
--- a/drivers/nvme/host/multipath.c
+++ b/drivers/nvme/host/multipath.c
@@ -351,6 +351,8 @@ static void nvme_ns_head_submit_bio(stru
 	 * pool from the original queue to allocate the bvecs from.
 	 */
 	bio = bio_split_to_limits(bio);
+	if (!bio)
+		return;
 
 	srcu_idx = srcu_read_lock(&head->srcu);
 	ns = nvme_find_path(head);
--- a/drivers/s390/block/dcssblk.c
+++ b/drivers/s390/block/dcssblk.c
@@ -865,6 +865,8 @@ dcssblk_submit_bio(struct bio *bio)
 	unsigned long bytes_done;
 
 	bio = bio_split_to_limits(bio);
+	if (!bio)
+		return;
 
 	bytes_done = 0;
 	dev_info = bio->bi_bdev->bd_disk->private_data;


Patches currently in stable-queue which might be from axboe@xxxxxxxxx are

queue-6.1/block-handle-bio_split_to_limits-null-return.patch
queue-6.1/io_uring-poll-attempt-request-issue-after-racy-poll-.patch
queue-6.1/io_uring-io-wq-only-free-worker-if-it-was-allocated-for-creation.patch
queue-6.1/blk-crypto-pass-a-gendisk-to-blk_crypto_sysfs_-un-re.patch
queue-6.1/block-drop-spurious-might_sleep-from-blk_put_queue.patch
queue-6.1/block-mark-blk_put_queue-as-potentially-blocking.patch
queue-6.1/io_uring-fdinfo-include-locked-hash-table-in-fdinfo-output.patch
queue-6.1/block-factor-out-a-blk_debugfs_remove-helper.patch
queue-6.1/block-fix-error-unwinding-in-blk_register_queue.patch
queue-6.1/io_uring-poll-add-hash-if-ready-poll-request-can-t-complete-inline.patch
queue-6.1/block-untangle-request_queue-refcounting-from-sysfs.patch
queue-6.1/io_uring-lock-overflowing-for-iopoll.patch
queue-6.1/io_uring-io-wq-free-worker-if-task_work-creation-is-canceled.patch
queue-6.1/blk-mq-move-the-srcu_struct-used-for-quiescing-to-th.patch






