linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
	alan@lxorguk.ukuu.org.uk,
	Bernd Schubert <bernd.schubert@itwm.fraunhofer.de>,
	Jens Axboe <axboe@kernel.dk>
Subject: [ 009/117] bio allocation failure due to bio_get_nr_vecs()
Date: Mon, 28 May 2012 04:12:11 +0100	[thread overview]
Message-ID: <20120528031204.124440304@decadent.org.uk> (raw)
In-Reply-To: <20120528031202.829379252@decadent.org.uk>

3.2-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bernd Schubert <bernd.schubert@itwm.fraunhofer.de>

commit f908ee9463b09ddd05e1c1a0111132212dc05fac upstream.

The number of bio_get_nr_vecs() is passed down via bio_alloc() to
bvec_alloc_bs(), which fails the bio allocation if
nr_iovecs > BIO_MAX_PAGES. For the underlying caller this causes an
unexpected bio allocation failure.
Limiting to queue_max_segments() is not sufficient, as max_segments
also might be very large.

bvec_alloc_bs(gfp_mask, nr_iovecs, ) => NULL when nr_iovecs  > BIO_MAX_PAGES
bio_alloc_bioset(gfp_mask, nr_iovecs, ...)
bio_alloc(GFP_NOIO, nvecs)
xfs_alloc_ioend_bio()

Signed-off-by: Bernd Schubert <bernd.schubert@itwm.fraunhofer.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
 fs/bio.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/bio.c b/fs/bio.c
index e453924..84da885 100644
--- a/fs/bio.c
+++ b/fs/bio.c
@@ -505,9 +505,14 @@ EXPORT_SYMBOL(bio_clone);
 int bio_get_nr_vecs(struct block_device *bdev)
 {
 	struct request_queue *q = bdev_get_queue(bdev);
-	return min_t(unsigned,
+	int nr_pages;
+
+	nr_pages = min_t(unsigned,
 		     queue_max_segments(q),
 		     queue_max_sectors(q) / (PAGE_SIZE >> 9) + 1);
+
+	return min_t(unsigned, nr_pages, BIO_MAX_PAGES);
+
 }
 EXPORT_SYMBOL(bio_get_nr_vecs);
 



  parent reply	other threads:[~2012-05-28  3:52 UTC|newest]

Thread overview: 121+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-28  3:12 [ 000/117] 3.2.19-stable review Ben Hutchings
2012-05-28  3:12 ` [ 001/117] KVM: mmu_notifier: Flush TLBs before releasing mmu_lock Ben Hutchings
2012-05-28  3:12 ` [ 002/117] KVM: Ensure all vcpus are consistent with in-kernel irqchip settings Ben Hutchings
2012-05-28  4:19   ` Jonathan Nieder
2012-05-28 11:22     ` Ben Hutchings
2012-05-28  3:12 ` [ 003/117] KVM: lock slots_lock around device assignment Ben Hutchings
2012-05-28  3:12 ` [ 004/117] KVM: nVMX: Fix erroneous exception bitmap check Ben Hutchings
2012-05-28  3:12 ` [ 005/117] KVM: VMX: vmx_set_cr0 expects kvm->srcu locked Ben Hutchings
2012-05-28  3:12 ` [ 006/117] KVM: s390: do store status after handling STOP_ON_STOP bit Ben Hutchings
2012-05-28  3:12 ` [ 007/117] KVM: s390: Sanitize fpc registers for KVM_SET_FPU Ben Hutchings
2012-05-28  3:12 ` [ 008/117] bio: dont overflow in bio_get_nr_vecs() Ben Hutchings
2012-05-28  3:12 ` Ben Hutchings [this message]
2012-05-28  3:12 ` [ 010/117] block: fix buffer overflow when printing partition UUIDs Ben Hutchings
2012-05-28  3:12 ` [ 011/117] [PARISC] fix PA1.1 oops on boot Ben Hutchings
2012-05-28  3:12 ` [ 012/117] [PARISC] fix crash in flush_icache_page_asm on PA1.1 Ben Hutchings
2012-05-28  3:12 ` [ 013/117] [PARISC] fix panic on prefetch(NULL) on PA7300LC Ben Hutchings
2012-05-28  3:12 ` [ 014/117] arch/tile/Kconfig: remove pointless "!M386" test Ben Hutchings
2012-05-28  3:12 ` [ 015/117] tilegx: enable SYSCALL_WRAPPERS support Ben Hutchings
2012-05-28  3:12 ` [ 016/117] mtd: sm_ftl: fix typo in major number Ben Hutchings
2012-05-28  3:12 ` [ 017/117] [SCSI] hpsa: Fix problem with MSA2xxx devices Ben Hutchings
2012-05-28  3:12 ` [ 018/117] SELinux: if sel_make_bools errors dont leave inconsistent state Ben Hutchings
2012-05-28  3:12 ` [ 019/117] cfg80211: warn if db.txt is empty with CONFIG_CFG80211_INTERNAL_REGDB Ben Hutchings
2012-05-28  3:12 ` [ 020/117] [SCSI] mpt2sas: Fix for panic happening because of improper memory allocation Ben Hutchings
2012-05-28  3:12 ` [ 021/117] isdn/gigaset: ratelimit CAPI message dumps Ben Hutchings
2012-05-28  3:12 ` [ 022/117] isdn/gigaset: fix CAPI disconnect B3 handling Ben Hutchings
2012-05-28  3:12 ` [ 023/117] isdn/gigaset: improve error handling querying firmware version Ben Hutchings
2012-05-28  3:12 ` [ 024/117] KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat Ben Hutchings
2012-05-28  3:12 ` [ 025/117] IB/core: Fix mismatch between locked and pinned pages Ben Hutchings
2012-05-28  3:12 ` [ 026/117] regulator: core: Release regulator-regulator supplies on error Ben Hutchings
2012-05-28  3:12 ` [ 027/117] iommu: Fix off by one in dmar_get_fault_reason() Ben Hutchings
2012-05-28  3:12 ` [ 028/117] RDMA/cxgb4: Always wake up waiters in c4iw_peer_abort_intr() Ben Hutchings
2012-05-28  3:12 ` [ 029/117] RDMA/cxgb4: Drop peer_abort when no endpoint found Ben Hutchings
2012-05-28  3:12 ` [ 030/117] s390/pfault: fix task state race Ben Hutchings
2012-05-28  3:12 ` [ 031/117] isci: fix oem parameter validation on single controller skus Ben Hutchings
2012-05-28  3:12 ` [ 032/117] Fix blocking allocations called very early during bootup Ben Hutchings
2012-05-28  3:12 ` [ 033/117] vfs: make AIO use the proper rw_verify_area() area helpers Ben Hutchings
2012-05-28  3:12 ` [ 034/117] docs: update HOWTO for 2.6.x -> 3.x versioning Ben Hutchings
2012-05-28  3:12 ` [ 035/117] drivers/staging/comedi/comedi_fops.c: add missing vfree Ben Hutchings
2012-05-28  3:12 ` [ 036/117] USB: move usb_translate_errors to linux/usb.h Ben Hutchings
2012-05-28  3:12 ` [ 037/117] USB: cdc-wdm: sanitize error returns Ben Hutchings
2012-05-28  3:12 ` [ 038/117] USB: cdc-wdm: fix memory leak Ben Hutchings
2012-05-28  3:12 ` [ 039/117] 8250_pci: fix pch uart matching Ben Hutchings
2012-05-28  3:12 ` [ 040/117] usb: add USB_QUIRK_RESET_RESUME for M-Audio 88es Ben Hutchings
2012-05-28  3:12 ` [ 041/117] usb: usbtest: two super speed fixes for usbtest Ben Hutchings
2012-05-28  3:12 ` [ 042/117] 8250.c: less than 2400 baud fix Ben Hutchings
2012-05-28  3:12 ` [ 043/117] usb-xhci: Handle COMP_TX_ERR for isoc tds Ben Hutchings
2012-05-28  3:12 ` [ 044/117] xhci: Avoid dead ports when CONFIG_USB_XHCI_HCD=n Ben Hutchings
2012-05-28  3:12 ` [ 045/117] xhci: Add Lynx Point to list of Intel switchable hosts Ben Hutchings
2012-05-28  3:12 ` [ 046/117] usb: gadget: fsl_udc_core: dTDs next dtd pointer need to be updated once written Ben Hutchings
2012-05-28  3:12 ` [ 047/117] Add missing call to uart_update_timeout() Ben Hutchings
2012-05-28  3:12 ` [ 048/117] USB: ftdi-sio: add support for Physik Instrumente E-861 Ben Hutchings
2012-05-28  3:12 ` [ 049/117] USB: ffs-test: fix length argument of out function call Ben Hutchings
2012-05-28  3:12 ` [ 050/117] HID: wiimote: Fix IR data parser Ben Hutchings
2012-05-28  3:12 ` [ 051/117] usb-storage: unusual_devs entry for Yarvik PMP400 MP4 player Ben Hutchings
2012-05-28  3:12 ` [ 052/117] USB: ohci-at91: add a reset function to fix race condition Ben Hutchings
2012-05-28  3:12 ` [ 053/117] HID: logitech: read all 32 bits of report type bitfield Ben Hutchings
2012-05-28  3:12 ` [ 054/117] USB: serial: ti_usb_3410_5052: Add support for the FRI2 serial console Ben Hutchings
2012-05-28  3:12 ` [ 055/117] USB: cdc-wdm: poll must return POLLHUP if device is gone Ben Hutchings
2012-05-28  3:12 ` [ 056/117] USB: cdc-wdm: add debug messages on cleanup Ben Hutchings
2012-05-28  3:12 ` [ 057/117] USB: cdc-wdm: cannot use dev_printk when device is gone Ben Hutchings
2012-05-28  3:13 ` [ 058/117] tty: Allow uart_register/unregister/register Ben Hutchings
2012-05-28  3:13 ` [ 059/117] workqueue: skip nr_running sanity check in worker_enter_idle() if trustee is active Ben Hutchings
2012-05-28  3:13 ` [ 060/117] xhci: Add new short TX quirk for Fresco Logic host Ben Hutchings
2012-05-28  3:13 ` [ 061/117] usbcore: enable USB2 LPM if port suspend fails Ben Hutchings
2012-05-28  3:13 ` [ 062/117] perf/x86: Update event scheduling constraints for AMD family 15h models Ben Hutchings
2012-05-28  3:13 ` [ 063/117] USB: fix resource leak in xhci power loss path Ben Hutchings
2012-05-28  3:13 ` [ 064/117] xhci: Reset reserved command ring TRBs on cleanup Ben Hutchings
2012-05-28  3:13 ` [ 065/117] USB: Remove races in devio.c Ben Hutchings
2012-05-28  3:13 ` [ 066/117] md: using GFP_NOIO to allocate bio for flush request Ben Hutchings
2012-05-28  3:13 ` [ 067/117] um: Implement a custom pte_same() function Ben Hutchings
2012-05-28  3:13 ` [ 068/117] um: Fix __swp_type() Ben Hutchings
2012-05-28  3:13 ` [ 069/117] mm: mempolicy: Let vma_merge and vma_split handle vma->vm_policy linkages Ben Hutchings
2012-05-28  3:13 ` [ 070/117] swap: dont do discard if no discard option added Ben Hutchings
2012-05-28  3:13 ` [ 071/117] Input: wacom - relax Bamboo stylus ID check Ben Hutchings
2012-05-28  3:13 ` [ 072/117] ahci: Detect Marvell 88SE9172 SATA controller Ben Hutchings
2012-05-28  3:13 ` [ 073/117] ARM: 7365/1: drop unused parameter from flush_cache_user_range Ben Hutchings
2012-05-28  3:13 ` [ 074/117] ARM: 7409/1: Do not call flush_cache_user_range with mmap_sem held Ben Hutchings
2012-05-28  3:13 ` [ 075/117] sony-laptop: Enable keyboard backlight by default Ben Hutchings
2012-05-28  3:13 ` [ 076/117] init: dont try mounting device as nfs root unless type fully matches Ben Hutchings
2012-05-28  3:13 ` [ 077/117] memcg: free spare array to avoid memory leak Ben Hutchings
2012-05-28  3:13 ` [ 078/117] compat: Fix RT signal mask corruption via sigprocmask Ben Hutchings
2012-05-28  3:13 ` [ 079/117] ext3: Fix error handling on inode bitmap corruption Ben Hutchings
2012-05-28  3:13 ` [ 080/117] ext4: fix " Ben Hutchings
2012-05-28  3:13 ` [ 081/117] ACPI / PM: Add Sony Vaio VPCCW29FX to nonvs blacklist Ben Hutchings
2012-05-28  3:13 ` [ 082/117] [SCSI] hpsa: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler Ben Hutchings
2012-05-28  3:13 ` [ 083/117] wake up s_wait_unfrozen when ->freeze_fs fails Ben Hutchings
2012-05-28  3:13 ` [ 084/117] cifs: fix revalidation test in cifs_llseek() Ben Hutchings
2012-05-28  3:13 ` [ 085/117] dl2k: Clean up rio_ioctl Ben Hutchings
2012-05-28  3:13 ` [ 086/117] OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4 Ben Hutchings
2012-05-28  3:13 ` [ 087/117] i2c-eg20t: change timeout value 50msec to 1000msec Ben Hutchings
2012-05-28  3:13 ` [ 088/117] drm/i915: [GEN7] Use HW scheduler for fixed function shaders Ben Hutchings
2012-05-28  3:13 ` [ 089/117] mmc: sdio: avoid spurious calls to interrupt handlers Ben Hutchings
2012-05-28  3:13 ` [ 090/117] [media] smsusb: add autodetection support for USB ID 2040:c0a0 Ben Hutchings
2012-05-28  3:13 ` [ 091/117] [media] uvcvideo: Fix ENUMINPUT handling Ben Hutchings
2012-05-28  3:13 ` [ 092/117] drm/i915: Avoid a double-read of PCH_IIR during interrupt handling Ben Hutchings
2012-05-28  3:13 ` [ 093/117] b43legacy: Fix error due to MMIO access with SSB unpowered Ben Hutchings
2012-05-28  3:13 ` [ 094/117] gpio: mpc8xxx: Prevent NULL pointer deref in demux handler Ben Hutchings
2012-05-28  3:13 ` [ 095/117] drm/i915: dont clobber the pipe param in sanitize_modesetting Ben Hutchings
2012-05-28  3:13 ` [ 096/117] spi/spi-fsl-spi: reference correct pdata in fsl_spi_cs_control Ben Hutchings
2012-05-28  3:13 ` [ 097/117] xen: do not map the same GSI twice in PVHVM guests Ben Hutchings
2012-05-28  3:13 ` [ 098/117] nouveau: nouveau_set_bo_placement takes TTM flags Ben Hutchings
2012-05-28  3:13 ` [ 099/117] MCE: Fix vm86 handling for 32bit mce handler Ben Hutchings
2012-05-28  3:13 ` [ 100/117] x86/mce: Fix check for processor context when machine check was taken Ben Hutchings
2012-05-28  3:13 ` [ 101/117] tile: fix bug where fls(0) was not returning 0 Ben Hutchings
2012-05-28  3:13 ` [ 102/117] intel-iommu: Add device info into list before doing context mapping Ben Hutchings
2012-05-28  3:13 ` [ 103/117] ethtool: Null-terminate filename passed to ethtool_ops::flash_device Ben Hutchings
2012-05-28  3:13 ` [ 104/117] block: dont mark buffers beyond end of disk as mapped Ben Hutchings
2012-05-28  3:13 ` [ 105/117] drivers/rtc/rtc-pl031.c: configure correct wday for 2000-01-01 Ben Hutchings
2012-05-28  3:13 ` [ 106/117] rtlwifi: Preallocate USB read buffers and eliminate kalloc in read routine Ben Hutchings
2012-05-28  3:13 ` [ 107/117] NFS4: fix compile warnings in nfs4proc.c Ben Hutchings
2012-05-28  3:13 ` [ 108/117] Avoid reading past buffer when calling GETACL Ben Hutchings
2012-05-28  3:13 ` [ 109/117] Avoid beyond bounds copy while caching ACL Ben Hutchings
2012-05-28  3:13 ` [ 110/117] i2c: tegra: notify transfer-complete after clearing status Ben Hutchings
2012-05-28  3:13 ` [ 111/117] i2c: davinci: Free requested IRQ in remove Ben Hutchings
2012-05-28  3:13 ` [ 112/117] x86, realmode: 16-bit real-mode code support for relocs tool Ben Hutchings
2012-05-28  3:13 ` [ 113/117] x86, relocs: Workaround for binutils 2.22.52.0.1 section bug Ben Hutchings
2012-05-28  3:13 ` [ 114/117] x86, relocs: When printing an error, say relative or absolute Ben Hutchings
2012-05-28  3:13 ` [ 115/117] x86, relocs: Build clean fix Ben Hutchings
2012-05-28  3:13 ` [ 116/117] x86-32, relocs: Whitelist more symbols for ld bug workaround Ben Hutchings
2012-05-28  3:13 ` [ 117/117] x86, relocs: Add jiffies and jiffies_64 to the relative whitelist Ben Hutchings
2012-05-28  3:37 ` [ 000/117] 3.2.19-stable review Ben Hutchings

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120528031204.124440304@decadent.org.uk \
    --to=ben@decadent.org.uk \
    --cc=akpm@linux-foundation.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=axboe@kernel.dk \
    --cc=bernd.schubert@itwm.fraunhofer.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).