[linux-lvm] Function clone_bio

[linux-lvm] Function clone_bio

[Sumit Narayan]

[-- Attachment #1: Type: text/plain, Size: 716 bytes --]

static struct bio *clone_bio(struct bio *bio, sector_t sector,
              unsigned short idx, unsigned short bv_count,
              unsigned int len, struct bio_set *bs)
{
   struct bio *clone;

   clone = bio_alloc_bioset(GFP_NOIO, bio->bi_max_vecs, bs);
   __bio_clone(clone, bio);
   clone->bi_destructor = dm_bio_destructor;
   clone->bi_sector = sector;
   clone->bi_idx = idx;
   clone->bi_vcnt = idx + bv_count;
   clone->bi_size = to_bytes(len);
   clone->bi_flags &= ~(1 << BIO_SEG_VALID);

   return clone;
}

There is a possibility of NULL being returned from bio_alloc_bioset. 
Although unlikely, it could crash the kernel.

If required, I have attached a patch (created on linux-2.6.23.9).

--Sumit

[-- Attachment #2: dm-dm_c-fix.patch --]
[-- Type: text/x-patch, Size: 512 bytes --]

diff -uNr linux-2.6.23.9/drivers/md/dm.c linux-2.6.23.9-new/drivers/md/dm.c
--- linux-2.6.23.9/drivers/md/dm.c	2007-11-26 12:51:43.000000000 -0500
+++ linux-2.6.23.9-new/drivers/md/dm.c	2007-11-28 10:07:20.376734456 -0500
@@ -652,6 +652,13 @@
 	struct bio *clone;
 
 	clone = bio_alloc_bioset(GFP_NOIO, bio->bi_max_vecs, bs);
+
+	/*
+	 * bio_alloc_bioset could return NULL.
+	 */
+	if(!clone)
+		return clone;
+
 	__bio_clone(clone, bio);
 	clone->bi_destructor = dm_bio_destructor;
 	clone->bi_sector = sector;

Re: [linux-lvm] Function clone_bio

[Alasdair G Kergon]

On Wed, Nov 28, 2007 at 10:25:57AM -0500, Sumit Narayan wrote:
> There is a possibility of NULL being returned from bio_alloc_bioset. 
> Although unlikely, it could crash the kernel.
 
If that function can ever return NULL, then it's a bug in the function.

If there's not enough memory available immediately, it's supposed to delay
returning until there is.

Alasdair
-- 
agk@redhat.com