From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Christoph Hellwig <hch@lst.de>,
Ming Lei <ming.lei@redhat.com>, Hannes Reinecke <hare@suse.de>,
Junichi Nomura <j-nomura@ce.jp.nec.com>,
Jens Axboe <axboe@kernel.dk>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.3 027/105] block: check bi_size overflow before merge
Date: Wed, 11 Dec 2019 16:05:16 +0100 [thread overview]
Message-ID: <20191211150229.642179241@linuxfoundation.org> (raw)
In-Reply-To: <20191211150221.153659747@linuxfoundation.org>
From: Junichi Nomura <j-nomura@ce.jp.nec.com>
[ Upstream commit e3a5d8e386c3fb973fa75f2403622a8f3640ec06 ]
__bio_try_merge_page() may merge a page to bio without bio_full() check
and cause bi_size overflow.
The overflow typically ends up with sd_init_command() warning on zero
segment request with call trace like this:
------------[ cut here ]------------
WARNING: CPU: 2 PID: 1986 at drivers/scsi/scsi_lib.c:1025 scsi_init_io+0x156/0x180
CPU: 2 PID: 1986 Comm: kworker/2:1H Kdump: loaded Not tainted 5.4.0-rc7 #1
Workqueue: kblockd blk_mq_run_work_fn
RIP: 0010:scsi_init_io+0x156/0x180
RSP: 0018:ffffa11487663bf0 EFLAGS: 00010246
RAX: 00000000002be0a0 RBX: ffff8e6e9ff30118 RCX: 0000000000000000
RDX: 00000000ffffffe1 RSI: 0000000000000000 RDI: ffff8e6e9ff30118
RBP: ffffa11487663c18 R08: ffffa11487663d28 R09: ffff8e6e9ff30150
R10: 0000000000000001 R11: 0000000000000000 R12: ffff8e6e9ff30000
R13: 0000000000000001 R14: ffff8e74a1cf1800 R15: ffff8e6e9ff30000
FS: 0000000000000000(0000) GS:ffff8e6ea7680000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff18cf0fe8 CR3: 0000000659f0a001 CR4: 00000000001606e0
Call Trace:
sd_init_command+0x326/0xb40 [sd_mod]
scsi_queue_rq+0x502/0xaa0
? blk_mq_get_driver_tag+0xe7/0x120
blk_mq_dispatch_rq_list+0x256/0x5a0
? elv_rb_del+0x24/0x30
? deadline_remove_request+0x7b/0xc0
blk_mq_do_dispatch_sched+0xa3/0x140
blk_mq_sched_dispatch_requests+0xfb/0x170
__blk_mq_run_hw_queue+0x81/0x130
blk_mq_run_work_fn+0x1b/0x20
process_one_work+0x179/0x390
worker_thread+0x4f/0x3e0
kthread+0x105/0x140
? max_active_store+0x80/0x80
? kthread_bind+0x20/0x20
ret_from_fork+0x35/0x40
---[ end trace f9036abf5af4a4d3 ]---
blk_update_request: I/O error, dev sdd, sector 2875552 op 0x1:(WRITE) flags 0x0 phys_seg 0 prio class 0
XFS (sdd1): writeback error on sector 2875552
__bio_try_merge_page() should check the overflow before actually doing
merge.
Fixes: 07173c3ec276c ("block: enable multipage bvecs")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/bio.c b/block/bio.c
index 299a0e7651ec0..31d56e7e2ce05 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -769,7 +769,7 @@ bool __bio_try_merge_page(struct bio *bio, struct page *page,
if (WARN_ON_ONCE(bio_flagged(bio, BIO_CLONED)))
return false;
- if (bio->bi_vcnt > 0) {
+ if (bio->bi_vcnt > 0 && !bio_full(bio, len)) {
struct bio_vec *bv = &bio->bi_io_vec[bio->bi_vcnt - 1];
if (page_is_mergeable(bv, page, len, off, same_page)) {
--
2.20.1
next prev parent reply other threads:[~2019-12-11 16:09 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-11 15:04 [PATCH 5.3 000/105] 5.3.16-stable review Greg Kroah-Hartman
2019-12-11 15:04 ` [PATCH 5.3 001/105] rsi: release skb if rsi_prepare_beacon fails Greg Kroah-Hartman
2019-12-11 15:04 ` [PATCH 5.3 002/105] arm64: tegra: Fix active-low warning for Jetson TX1 regulator Greg Kroah-Hartman
2019-12-11 15:04 ` [PATCH 5.3 003/105] perf scripts python: exported-sql-viewer.py: Fix use of TRUE with SQLite Greg Kroah-Hartman
2019-12-11 15:04 ` [PATCH 5.3 004/105] sparc64: implement ioremap_uc Greg Kroah-Hartman
2019-12-11 15:04 ` [PATCH 5.3 005/105] lp: fix sparc64 LPSETTIMEOUT ioctl Greg Kroah-Hartman
2019-12-11 15:04 ` [PATCH 5.3 006/105] time: Zero the upper 32-bits in __kernel_timespec on 32-bit Greg Kroah-Hartman
2019-12-11 15:04 ` [PATCH 5.3 007/105] usb: gadget: u_serial: add missing port entry locking Greg Kroah-Hartman
2019-12-11 15:04 ` [PATCH 5.3 008/105] tty: serial: fsl_lpuart: use the sg count from dma_map_sg Greg Kroah-Hartman
2019-12-11 15:04 ` [PATCH 5.3 009/105] tty: serial: msm_serial: Fix flow control Greg Kroah-Hartman
2019-12-11 15:04 ` [PATCH 5.3 010/105] serial: pl011: Fix DMA ->flush_buffer() Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 011/105] serial: serial_core: Perform NULL checks for break_ctl ops Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 012/105] serial: stm32: fix clearing interrupt error flags Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 013/105] serial: ifx6x60: add missed pm_runtime_disable Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 014/105] aio: Fix io_pgetevents() struct __compat_aio_sigset layout Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 015/105] autofs: fix a leak in autofs_expire_indirect() Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 016/105] MIPS: SGI-IP27: fix exception handler replication Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 017/105] RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 018/105] RDMA/hns: Correct the value of srq_desc_size Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 019/105] iwlwifi: pcie: dont consider IV len in A-MSDU Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 020/105] cgroup: dont put ERR_PTR() into fc->root Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 021/105] exportfs_decode_fh(): negative pinned may become positive without the parent locked Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 022/105] audit_get_nd(): dont unlock parent too early Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 023/105] ecryptfs: fix unlink and rmdir in face of underlying fs modifications Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 024/105] ALSA: hda: Add Cometlake-S PCI ID Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 025/105] NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 026/105] xfrm: release device reference for invalid state Greg Kroah-Hartman
2019-12-11 15:05 ` Greg Kroah-Hartman [this message]
2019-12-11 15:05 ` [PATCH 5.3 028/105] Input: cyttsp4_core - fix use after free bug Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 029/105] sched/core: Avoid spurious lock dependencies Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 030/105] sched/pelt: Fix update of blocked PELT ordering Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 031/105] perf/core: Consistently fail fork on allocation failures Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 032/105] ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 033/105] x86/resctrl: Fix potential lockdep warning Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 034/105] drm/sun4i: tcon: Set min division of TCON0_DCLK to 1 Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 035/105] selftests: kvm: fix build with glibc >= 2.30 Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 036/105] rbd: silence bogus uninitialized warning in rbd_object_map_update_finish() Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 037/105] rsxx: add missed destroy_workqueue calls in remove Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 038/105] ravb: implement MTU change while device is up Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 039/105] net: hns3: reallocate SSU buffer size when pfc_en changes Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 040/105] net: hns3: fix ETS bandwidth validation bug Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 041/105] afs: Fix race in commit bulk status fetch Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 042/105] net: ep93xx_eth: fix mismatch of request_mem_region in remove Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 043/105] i2c: core: fix use after free in of_i2c_notify Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 044/105] io_uring: transform send/recvmsg() -ERESTARTSYS to -EINTR Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 045/105] fuse: verify nlink Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 046/105] fuse: verify attributes Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 047/105] io_uring: ensure req->submit is copied when req is deferred Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 048/105] SUNRPC: Avoid RPC delays when exiting suspend Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 049/105] ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 050/105] ALSA: hda/realtek - Enable the headset-mic on a Xiaomis laptop Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 051/105] ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 052/105] ALSA: pcm: oss: Avoid potential buffer overflows Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 053/105] ALSA: hda - Add mute led support for HP ProBook 645 G4 Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 054/105] ALSA: hda: Modify stream stripe mask only when needed Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 055/105] Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 056/105] Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 057/105] Input: synaptics-rmi4 - dont increment rmiaddr for SMBus transfers Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 058/105] Input: goodix - add upside-down quirk for Teclast X89 tablet Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 059/105] coresight: etm4x: Fix input validation for sysfs Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 060/105] Input: Fix memory leak in psxpad_spi_probe Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 061/105] media: rc: mark input device as pointing stick Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 062/105] x86/mm/32: Sync only to VMALLOC_END in vmalloc_sync_all() Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 063/105] x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 064/105] CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 065/105] CIFS: Fix SMB2 oplock break processing Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 066/105] tty: vt: keyboard: reject invalid keycodes Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 067/105] can: slcan: Fix use-after-free Read in slcan_open Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 068/105] nfsd: Ensure CLONE persists data and metadata changes to the target file Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 069/105] nfsd: restore NFSv3 ACL support Greg Kroah-Hartman
2019-12-11 15:05 ` [PATCH 5.3 070/105] kernfs: fix ino wrap-around detection Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 071/105] jbd2: Fix possible overflow in jbd2_log_space_left() Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 072/105] drm/msm: fix memleak on release Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 073/105] drm: damage_helper: Fix race checking plane->state->fb Greg Kroah-Hartman
2019-12-11 15:06 ` Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 074/105] drm/i810: Prevent underflow in ioctl Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 075/105] arm64: dts: exynos: Revert "Remove unneeded address space mapping for soc node" Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 076/105] KVM: PPC: Book3S HV: XIVE: Free previous EQ page when setting up a new one Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 077/105] KVM: PPC: Book3S HV: XIVE: Fix potential page leak on error path Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 078/105] KVM: PPC: Book3S HV: XIVE: Set kvm->arch.xive when VPs are allocated Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 079/105] KVM: nVMX: Always write vmcs02.GUEST_CR3 during nested VM-Enter Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 080/105] KVM: arm/arm64: vgic: Dont rely on the wrong pending table Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 081/105] KVM: x86: do not modify masked bits of shared MSRs Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 082/105] KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 083/105] KVM: x86: Remove a spurious export of a static function Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 084/105] KVM: x86: Grab KVMs srcu lock when setting nested state Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 085/105] crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 086/105] crypto: atmel-aes - Fix IV handling when req->nbytes < ivsize Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 087/105] crypto: af_alg - cast ki_complete ternary op to int Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 088/105] crypto: geode-aes - switch to skcipher for cbc(aes) fallback Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 089/105] crypto: ccp - fix uninitialized list head Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 090/105] crypto: ecdh - fix big endian bug in ECC library Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 091/105] crypto: user - fix memory leak in crypto_report Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 092/105] crypto: user - fix memory leak in crypto_reportstat Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 093/105] spi: spi-fsl-qspi: Clear TDH bits in FLSHCR register Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 094/105] spi: stm32-qspi: Fix kernel oops when unbinding driver Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 095/105] spi: atmel: Fix CS high support Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 096/105] spi: Fix SPI_CS_HIGH setting when using native and GPIO CS Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 097/105] spi: Fix NULL pointer when setting SPI_CS_HIGH for " Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 098/105] can: ucan: fix non-atomic allocation in completion handler Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 099/105] RDMA/qib: Validate ->show()/store() callbacks before calling them Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 100/105] iomap: Fix pipe page leakage during splicing Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 101/105] thermal: Fix deadlock in thermal thermal_zone_device_check Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 102/105] vcs: prevent write access to vcsu devices Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 103/105] binder: Fix race between mmap() and binder_alloc_print_pages() Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 104/105] binder: Prevent repeated use of ->mmap() via NULL mapping Greg Kroah-Hartman
2019-12-11 15:06 ` [PATCH 5.3 105/105] binder: Handle start==NULL in binder_update_page_range() Greg Kroah-Hartman
2019-12-11 16:16 ` [PATCH 5.3 000/105] 5.3.16-stable review Jeffrin Jose
2019-12-11 18:28 ` Greg Kroah-Hartman
2019-12-11 19:22 ` Jeffrin Jose
2019-12-11 21:23 ` Jeffrin Jose
2019-12-11 21:13 ` Jon Hunter
2019-12-11 21:13 ` Jon Hunter
2019-12-12 9:30 ` Greg Kroah-Hartman
2019-12-11 21:43 ` [PATCH 5.3 000/105] 5.3.16-stable review [warning related] Jeffrin Jose
2019-12-12 7:42 ` Greg Kroah-Hartman
2019-12-12 2:47 ` [PATCH 5.3 000/105] 5.3.16-stable review shuah
2019-12-12 5:22 ` Naresh Kamboju
2019-12-12 6:52 ` Jeffrin Jose
2019-12-12 7:41 ` Greg Kroah-Hartman
2019-12-12 8:05 ` Jeffrin Jose
2019-12-12 9:10 ` Greg Kroah-Hartman
2019-12-12 10:04 ` Greg Kroah-Hartman
2019-12-12 12:18 ` Greg Kroah-Hartman
2019-12-12 13:16 ` Jon Hunter
2019-12-12 13:16 ` Jon Hunter
2019-12-13 4:53 ` Naresh Kamboju
2019-12-12 18:24 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191211150229.642179241@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=axboe@kernel.dk \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=j-nomura@ce.jp.nec.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ming.lei@redhat.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.