On 1/21/2026 12:13 PM, Christoph Hellwig wrote:
> +void fs_bio_integrity_alloc(struct bio *bio)
> +{
> + struct fs_bio_integrity_buf *iib;
> + unsigned int action;
> +
> + action = bio_integrity_action(bio);
> + if (!action)
> + return;
So this may return from here, but <below>
> +
> + iib = mempool_alloc(&fs_bio_integrity_pool, GFP_NOIO);
> + bio_integrity_init(bio, &iib->bip, &iib->bvec, 1);
> +
> + bio_integrity_alloc_buf(bio, action & BI_ACT_ZERO);
> + if (action & BI_ACT_CHECK)
> + bio_integrity_setup_default(bio);
> +}
> +
> +void fs_bio_integrity_free(struct bio *bio)
> +{
> + struct bio_integrity_payload *bip = bio_integrity(bio);
> +
> + bio_integrity_free_buf(bip);
> + mempool_free(container_of(bip, struct fs_bio_integrity_buf, bip),
> + &fs_bio_integrity_pool);
> +
> + bio->bi_integrity = NULL;
> + bio->bi_opf &= ~REQ_INTEGRITY;
> +}
> +
> +void fs_bio_integrity_generate(struct bio *bio)
> +{
> + fs_bio_integrity_alloc(bio);
no check here. A potential null pointer deference in the next line as
bio has no bip?
> + bio_integrity_generate(bio);
> +}
