[PATCH] block: fix folio leak in bio_iov_iter_bounce

public inbox for linux-block@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] block: fix folio leak in bio_iov_iter_bounce_read()
@ 2026-02-12 11:10 Jens Axboe
  2026-02-13 12:00 ` Alexander Atanasov
  2026-02-17  6:06 ` Christoph Hellwig
  0 siblings, 2 replies; 4+ messages in thread
From: Jens Axboe @ 2026-02-12 11:10 UTC (permalink / raw)
  To: Christoph Hellwig, linux-block@vger.kernel.org

If iov_iter_extract_bvecs() returns an error or zero bytes extracted,
then the folio allocated is leaked on return. Ensure it's put before
returning.

Fixes: 8dd5e7c75d7b ("block: add helpers to bounce buffer an iov_iter into bios")
Signed-off-by: Jens Axboe <axboe@kernel.dk>

---

diff --git a/block/bio.c b/block/bio.c
index b291b9aaeee1..8203bb7455a9 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -1382,8 +1382,10 @@ static int bio_iov_iter_bounce_read(struct bio *bio, struct iov_iter *iter)
 		ret = iov_iter_extract_bvecs(iter, bio->bi_io_vec + 1, len,
 				&bio->bi_vcnt, bio->bi_max_vecs - 1, 0);
 		if (ret <= 0) {
-			if (!bio->bi_vcnt)
+			if (!bio->bi_vcnt) {
+				folio_put(folio);
 				return ret;
+			}
 			break;
 		}
 		len -= ret;

-- 
Jens Axboe


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] block: fix folio leak in bio_iov_iter_bounce_read()
  2026-02-12 11:10 [PATCH] block: fix folio leak in bio_iov_iter_bounce_read() Jens Axboe
@ 2026-02-13 12:00 ` Alexander Atanasov
  2026-02-17  6:05   ` Christoph Hellwig
  2026-02-17  6:06 ` Christoph Hellwig
  1 sibling, 1 reply; 4+ messages in thread
From: Alexander Atanasov @ 2026-02-13 12:00 UTC (permalink / raw)
  To: Jens Axboe, Christoph Hellwig, linux-block@vger.kernel.org

Hello,

On 12.02.26 13:10, Jens Axboe wrote:
> If iov_iter_extract_bvecs() returns an error or zero bytes extracted,
> then the folio allocated is leaked on return. Ensure it's put before
> returning.
> 
> Fixes: 8dd5e7c75d7b ("block: add helpers to bounce buffer an iov_iter into bios")
> Signed-off-by: Jens Axboe <axboe@kernel.dk>
> 
> ---
> 
> diff --git a/block/bio.c b/block/bio.c
> index b291b9aaeee1..8203bb7455a9 100644
> --- a/block/bio.c
> +++ b/block/bio.c
> @@ -1382,8 +1382,10 @@ static int bio_iov_iter_bounce_read(struct bio *bio, struct iov_iter *iter)
>   		ret = iov_iter_extract_bvecs(iter, bio->bi_io_vec + 1, len,
>   				&bio->bi_vcnt, bio->bi_max_vecs - 1, 0);
>   		if (ret <= 0) {
> -			if (!bio->bi_vcnt)
> +			if (!bio->bi_vcnt) {
> +				folio_put(folio);
>   				return ret;
> +			}
>   			break;
>   		}
>   		len -= ret;
> 

Isn't it better to move folio allocation after the while loop instead, 
right before it is actually used - less error prone in future updates, 
tighter loop, better cache wise.

-- 
have fun,
alex


diff --git a/block/bio.c b/block/bio.c
index 49f7548a31d6..742d395f98e1 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -1338,10 +1338,6 @@ static int bio_iov_iter_bounce_read(struct bio 
*bio, struct iov_iter *iter)
         size_t len = min(iov_iter_count(iter), SZ_1M);
         struct folio *folio;

-       folio = folio_alloc_greedy(GFP_KERNEL, &len);
-       if (!folio)
-               return -ENOMEM;
-
         do {
                 ssize_t ret;

@@ -1356,6 +1352,10 @@ static int bio_iov_iter_bounce_read(struct bio 
*bio, struct iov_iter *iter)
                 bio->bi_iter.bi_size += ret;
         } while (len && bio->bi_vcnt < bio->bi_max_vecs - 1);

+       folio = folio_alloc_greedy(GFP_KERNEL, &len);
+       if (!folio)
+               return -ENOMEM;
+
         /*
          * Set the folio directly here.  The above loop has already 
calculated
          * the correct bi_size, and we use bi_vcnt for the user 
buffers.  That



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] block: fix folio leak in bio_iov_iter_bounce_read()
  2026-02-13 12:00 ` Alexander Atanasov
@ 2026-02-17  6:05   ` Christoph Hellwig
  0 siblings, 0 replies; 4+ messages in thread
From: Christoph Hellwig @ 2026-02-17  6:05 UTC (permalink / raw)
  To: Alexander Atanasov
  Cc: Jens Axboe, Christoph Hellwig, linux-block@vger.kernel.org

On Fri, Feb 13, 2026 at 02:00:17PM +0200, Alexander Atanasov wrote:
> Isn't it better to move folio allocation after the while loop instead, 
> right before it is actually used - less error prone in future updates, 
> tighter loop, better cache wise.


We can't do that, as folio_alloc_greedy returns how much we actually
were able to allocate.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] block: fix folio leak in bio_iov_iter_bounce_read()
  2026-02-12 11:10 [PATCH] block: fix folio leak in bio_iov_iter_bounce_read() Jens Axboe
  2026-02-13 12:00 ` Alexander Atanasov
@ 2026-02-17  6:06 ` Christoph Hellwig
  1 sibling, 0 replies; 4+ messages in thread
From: Christoph Hellwig @ 2026-02-17  6:06 UTC (permalink / raw)
  To: Jens Axboe; +Cc: Christoph Hellwig, linux-block@vger.kernel.org

On Thu, Feb 12, 2026 at 04:10:09AM -0700, Jens Axboe wrote:
> If iov_iter_extract_bvecs() returns an error or zero bytes extracted,
> then the folio allocated is leaked on return. Ensure it's put before
> returning.
> 
> Fixes: 8dd5e7c75d7b ("block: add helpers to bounce buffer an iov_iter into bios")
> Signed-off-by: Jens Axboe <axboe@kernel.dk>


Looks good, thanks:

Reviewed-by: Christoph Hellwig <hch@lst.de>

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-02-17  6:06 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-12 11:10 [PATCH] block: fix folio leak in bio_iov_iter_bounce_read() Jens Axboe
2026-02-13 12:00 ` Alexander Atanasov
2026-02-17  6:05   ` Christoph Hellwig
2026-02-17  6:06 ` Christoph Hellwig

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox