Hannes recently sent a patch in [1] to fix an Oops caused by __blkdev_direct_IO_simple() doing bio submissions from the stack and which ended up being freed bio bio_free(). As bio_free() expected a bio which was allocated by bio_alloc_bioset() it crashed.
I've sent out a different aproach to tackling this problem and both Jens and Jan leaned to my solution, namely adding another bio flag tracking the allocation. As flag is the last available bit, add a compile time check as a safety net, so we're not accidentially overriding the high 3 bits of bi_flags, which are used for the BVEC_POOL_IDX(). Note, Jens also staged a patch in his io_uring-next branch taking the last flag. For this reason patch 2/2 might not be applied in this form, but 1/2 is still applicable then. [1] https://lore.kernel.org/linux-block/20190320081253.129688-1-h...@suse.de/ Johannes Thumshirn (2): block: bio: ensure newly added bio flags don't override BVEC_POOL_IDX bio: introduce BIO_ALLOCED flag and check it in bio_free block/bio.c | 12 ++++++++++++ include/linux/blk_types.h | 32 ++++++++++++++++++-------------- 2 files changed, 30 insertions(+), 14 deletions(-) -- 2.16.4
