When we're submitting a bio from stack and this ends up being split, we
call bio_put(). bio_put() will eventually call bio_free() if the reference
count drops to 0. But freeing the bio is wrong, as it was never allocated
out of the bio's mempool.
Flag each normally allocated bio as 'BIO_ALLOCATED' and skip freeing if the
flag isn't set.
Fixes: 189ce2b9dcc3 ("block: fast-path for small and simple direct I/O
requests")
Signed-off-by: Johannes Thumshirn <[email protected]>
---
block/bio.c | 4 ++++
include/linux/blk_types.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/block/bio.c b/block/bio.c
index 8c689aed46a0..3282479d511d 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -255,6 +255,9 @@ static void bio_free(struct bio *bio)
bio_uninit(bio);
+ if (!bio_flagged(bio, BIO_ALLOCED))
+ return;
+
if (bs) {
bvec_free(&bs->bvec_pool, bio->bi_io_vec, BVEC_POOL_IDX(bio));
@@ -521,6 +524,7 @@ struct bio *bio_alloc_bioset(gfp_t gfp_mask, unsigned int
nr_iovecs,
bvl = bio->bi_inline_vecs;
}
+ bio_set_flag(bio, BIO_ALLOCED);
bio->bi_pool = bs;
bio->bi_max_vecs = nr_iovecs;
bio->bi_io_vec = bvl;
diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h
index 0273bad71a96..d0c9d6fd6e71 100644
--- a/include/linux/blk_types.h
+++ b/include/linux/blk_types.h
@@ -216,6 +216,7 @@ struct bio {
* bio flags
*/
enum {
+ BIO_ALLOCED = 0, /* bio allocated by bio_alloc_bioset */
BIO_SEG_VALID = 1, /* bi_phys_segments valid */
BIO_CLONED = 2, /* doesn't own data */
BIO_BOUNCED = 3, /* bio is a bounce bio */
--
2.16.4
