This is a note to let you know that I've just added the patch titled
block: move the bi_size overflow check in __bio_try_merge_page
to the 6.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
block-move-the-bi_size-overflow-check-in-__bio_try_m.patch
and it can be found in the queue-6.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit cc90d78d953b2d33e8ab61617cd94891956ae8ff
Author: Christoph Hellwig <hch@xxxxxx>
Date: Mon Jul 24 09:54:30 2023 -0700
block: move the bi_size overflow check in __bio_try_merge_page
[ Upstream commit 613699050a49760f1d70c74f71bd0b013ca3c356 ]
Checking for availability in bi_size in a function that attempts to
merge into an existing segment is a bit odd, as the limit also applies
when adding a new segment. This code works fine as we always call
__bio_try_merge_page, but contributes to sub-optimal calling conventions
and doesn't lead to clear code.
Move it to two of the callers instead, the third one already has a more
strict check that includes max_hw_segments anyway.
Signed-off-by: Christoph Hellwig <hch@xxxxxx>
Reviewed-by: Jinyoung Choi <j-young.choi@xxxxxxxxxxx>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@xxxxxxx>
Link: https://lore.kernel.org/r/20230724165433.117645-6-hch@xxxxxx
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Stable-dep-of: 0ece1d649b6d ("bio-integrity: create multi-page bvecs in bio_integrity_add_page()")
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/block/bio.c b/block/bio.c
index 4369c9a355c3c..b9b8328d1bc82 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -949,10 +949,6 @@ static bool __bio_try_merge_page(struct bio *bio, struct page *page,
if (!page_is_mergeable(bv, page, len, off, same_page))
return false;
- if (bio->bi_iter.bi_size > UINT_MAX - len) {
- *same_page = false;
- return false;
- }
bv->bv_len += len;
bio->bi_iter.bi_size += len;
return true;
@@ -1125,6 +1121,8 @@ int bio_add_page(struct bio *bio, struct page *page,
if (WARN_ON_ONCE(bio_flagged(bio, BIO_CLONED)))
return 0;
+ if (bio->bi_iter.bi_size > UINT_MAX - len)
+ return 0;
if (bio->bi_vcnt > 0 &&
__bio_try_merge_page(bio, page, len, offset, &same_page))
@@ -1206,6 +1204,9 @@ static int bio_iov_add_page(struct bio *bio, struct page *page,
{
bool same_page = false;
+ if (WARN_ON_ONCE(bio->bi_iter.bi_size > UINT_MAX - len))
+ return -EIO;
+
if (bio->bi_vcnt > 0 &&
__bio_try_merge_page(bio, page, len, offset, &same_page)) {
if (same_page)
