In cases where dec_in_flight has to requeue the integrity_bio_wait work to transfer the rest of the data, the __bi_remaining field of the bio might already have been decremented to zero. Reusing the bio without reinitializing that counter to 1 can then result in integrity_end_io being called too early when the BIO_CHAIN flag is set, f.ex. due to blk_queue_split. In our case this triggered the BUG() in blk_mq_end_request when the hardware signalled completion of the bio after integrity_end_io had modified it.
Signed-off-by: Daniel Glöckner <[email protected]> --- drivers/md/dm-integrity.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index b225b3e445fa..8cea2978fc24 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -1438,6 +1438,7 @@ static void dec_in_flight(struct dm_integrity_io *dio) if (likely(!bio->bi_status) && unlikely(bio_sectors(bio) != dio->range.n_sectors)) { dio->range.logical_sector += dio->range.n_sectors; bio_advance(bio, dio->range.n_sectors << SECTOR_SHIFT); + atomic_set(&bio->__bi_remaining, 1); INIT_WORK(&dio->work, integrity_bio_wait); queue_work(ic->wait_wq, &dio->work); return; -- 2.17.1 -- dm-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/dm-devel
