On 1/16/23 6:42 AM, Jens Axboe wrote:
> On 1/16/23 6:17?AM, Linux kernel regression tracking (Thorsten Leemhuis) wrote:
>> Hi, this is your Linux kernel regression tracker.
>>
>> I noticed a regression report in bugzilla.kernel.org. As many (most?)
>> kernel developer don't keep an eye on it, I decided to forward it by
>> mail. Quoting from https://bugzilla.kernel.org/show_bug.cgi?id=216932 :
>
> Looks like:
>
> commit 6d47e0f6a535701134d950db65eb8fe1edf0b575
> Author: Jens Axboe <axboe@xxxxxxxxx>
> Date: Wed Jan 4 08:52:06 2023 -0700
>
> block: don't allow splitting of a REQ_NOWAIT bio
>
> got picked up by stable, but not the required prep patch:
>
>
> commit 613b14884b8595e20b9fac4126bf627313827fbe
> Author: Jens Axboe <axboe@xxxxxxxxx>
> Date: Wed Jan 4 08:51:19 2023 -0700
>
> block: handle bio_split_to_limits() NULL return
>
> Greg/team, can you pick the latter too? It'll pick cleanly for
> 6.1-stable, not sure how far back the other patch has gone yet.
Looked back, and 5.15 has it too, but the cherry-pick won't work
on that kernel.
Here's one for 5.15-stable that I verified crashes before this one,
and works with it. Haven't done an allmodconfig yet...
--
Jens Axboe
From 850091593128cdbc72ce0f06ff35665d7d708a5f Mon Sep 17 00:00:00 2001
From: Jens Axboe <axboe@xxxxxxxxx>
Date: Mon, 16 Jan 2023 07:11:04 -0700
Subject: [PATCH] block: handle bio_split_to_limits() NULL return
commit 613b14884b8595e20b9fac4126bf627313827fbe upstream.
This can't happen right now, but in preparation for allowing
bio_split_to_limits() returning NULL if it ended the bio, check for it
in all the callers.
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
---
block/blk-merge.c | 4 +++-
block/blk-mq.c | 2 ++
drivers/block/drbd/drbd_req.c | 2 ++
drivers/block/pktcdvd.c | 2 ++
drivers/block/ps3vram.c | 2 ++
drivers/block/rsxx/dev.c | 2 ++
drivers/md/md.c | 2 ++
drivers/nvme/host/multipath.c | 2 ++
drivers/s390/block/dcssblk.c | 2 ++
9 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/block/blk-merge.c b/block/blk-merge.c
index bb26db93ad1d..d1435b657297 100644
--- a/block/blk-merge.c
+++ b/block/blk-merge.c
@@ -348,11 +348,13 @@ void __blk_queue_split(struct bio **bio, unsigned int *nr_segs)
break;
}
split = blk_bio_segment_split(q, *bio, &q->bio_split, nr_segs);
+ if (IS_ERR(split))
+ *bio = split = NULL;
break;
}
if (split) {
- /* there isn't chance to merge the splitted bio */
+ /* there isn't chance to merge the split bio */
split->bi_opf |= REQ_NOMERGE;
bio_chain(split, *bio);
diff --git a/block/blk-mq.c b/block/blk-mq.c
index 1a28ba9017ed..9f53b4caf977 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2193,6 +2193,8 @@ blk_qc_t blk_mq_submit_bio(struct bio *bio)
blk_queue_bounce(q, &bio);
__blk_queue_split(&bio, &nr_segs);
+ if (!bio)
+ goto queue_exit;
if (!bio_integrity_prep(bio))
goto queue_exit;
diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c
index 47e0d105b462..4281dc847bc2 100644
--- a/drivers/block/drbd/drbd_req.c
+++ b/drivers/block/drbd/drbd_req.c
@@ -1602,6 +1602,8 @@ blk_qc_t drbd_submit_bio(struct bio *bio)
struct drbd_device *device = bio->bi_bdev->bd_disk->private_data;
blk_queue_split(&bio);
+ if (!bio)
+ return BLK_QC_T_NONE;
/*
* what we "blindly" assume:
diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
index 0f26b2510a75..ca2ab977ef8e 100644
--- a/drivers/block/pktcdvd.c
+++ b/drivers/block/pktcdvd.c
@@ -2407,6 +2407,8 @@ static blk_qc_t pkt_submit_bio(struct bio *bio)
struct bio *split;
blk_queue_split(&bio);
+ if (!bio)
+ return BLK_QC_T_NONE;
pd = bio->bi_bdev->bd_disk->queue->queuedata;
if (!pd) {
diff --git a/drivers/block/ps3vram.c b/drivers/block/ps3vram.c
index c7b19e128b03..c79aa4d8ccf7 100644
--- a/drivers/block/ps3vram.c
+++ b/drivers/block/ps3vram.c
@@ -587,6 +587,8 @@ static blk_qc_t ps3vram_submit_bio(struct bio *bio)
dev_dbg(&dev->core, "%s\n", __func__);
blk_queue_split(&bio);
+ if (!bio)
+ return BLK_QC_T_NONE;
spin_lock_irq(&priv->lock);
busy = !bio_list_empty(&priv->list);
diff --git a/drivers/block/rsxx/dev.c b/drivers/block/rsxx/dev.c
index 1cc40b0ea761..6b253d99bc48 100644
--- a/drivers/block/rsxx/dev.c
+++ b/drivers/block/rsxx/dev.c
@@ -127,6 +127,8 @@ static blk_qc_t rsxx_submit_bio(struct bio *bio)
blk_status_t st = BLK_STS_IOERR;
blk_queue_split(&bio);
+ if (!bio)
+ return BLK_QC_T_NONE;
might_sleep();
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 59ab99844df8..9e54b865f30d 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -458,6 +458,8 @@ static blk_qc_t md_submit_bio(struct bio *bio)
}
blk_queue_split(&bio);
+ if (!bio)
+ return BLK_QC_T_NONE;
if (mddev->ro == 1 && unlikely(rw == WRITE)) {
if (bio_sectors(bio) != 0)
diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c
index fe199d568a4a..8d97b942de01 100644
--- a/drivers/nvme/host/multipath.c
+++ b/drivers/nvme/host/multipath.c
@@ -329,6 +329,8 @@ static blk_qc_t nvme_ns_head_submit_bio(struct bio *bio)
* pool from the original queue to allocate the bvecs from.
*/
blk_queue_split(&bio);
+ if (!bio)
+ return BLK_QC_T_NONE;
srcu_idx = srcu_read_lock(&head->srcu);
ns = nvme_find_path(head);
diff --git a/drivers/s390/block/dcssblk.c b/drivers/s390/block/dcssblk.c
index 5be3d1c39a78..54176c073547 100644
--- a/drivers/s390/block/dcssblk.c
+++ b/drivers/s390/block/dcssblk.c
@@ -866,6 +866,8 @@ dcssblk_submit_bio(struct bio *bio)
unsigned long bytes_done;
blk_queue_split(&bio);
+ if (!bio)
+ return BLK_QC_T_NONE;
bytes_done = 0;
dev_info = bio->bi_bdev->bd_disk->private_data;
--
2.39.0
