block: fix page leak when merging to same page (45691804) · Commits · 戴 / test

When multiple iovecs reference the same page, each get_user_page call will add a reference to the page. But once we've created the bio that information gets lost and only a single reference will be dropped after I/O completion. Use the same_page information returned from __bio_try_merge_page to drop additional references to pages that were already present in the bio. Based on a patch from Ming Lei. Link: https://lkml.org/lkml/2019/4/23/64 Fixes: ("block: use bio_add_page in bio_iov_iter_get_pages") Reported-by:

David Gibson <david@gibson.dropbear.id.au> Signed-off-by:

Christoph Hellwig <hch@lst.de> Reviewed-by:

Ming Lei <ming.lei@redhat.com> Signed-off-by:

Jens Axboe <axboe@kernel.dk>

block/bio.c

+10 −2

Original line number	Original line	Diff line number	Diff line
	@@ -896,6 +896,7 @@ static int __bio_iov_iter_get_pages(struct bio bio, struct iov_iter iter)
	unsigned short entries_left = bio->bi_max_vecs - bio->bi_vcnt;		unsigned short entries_left = bio->bi_max_vecs - bio->bi_vcnt;
	struct bio_vec *bv = bio->bi_io_vec + bio->bi_vcnt;		struct bio_vec *bv = bio->bi_io_vec + bio->bi_vcnt;
	struct page pages = (struct page )bv;		struct page pages = (struct page )bv;
			bool same_page = false;
	ssize_t size, left;		ssize_t size, left;
	unsigned len, i;		unsigned len, i;
	size_t offset;		size_t offset;
	@@ -916,8 +917,15 @@ static int __bio_iov_iter_get_pages(struct bio bio, struct iov_iter iter)
	struct page *page = pages[i];		struct page *page = pages[i];

	len = min_t(size_t, PAGE_SIZE - offset, left);		len = min_t(size_t, PAGE_SIZE - offset, left);
	if (WARN_ON_ONCE(bio_add_page(bio, page, len, offset) != len))
			if (__bio_try_merge_page(bio, page, len, offset, &same_page)) {
			if (same_page)
			put_page(page);
			} else {
			if (WARN_ON_ONCE(bio_full(bio)))
	return -EINVAL;		return -EINVAL;
			__bio_add_page(bio, page, len, offset);
			}
	offset = 0;		offset = 0;
	}		}

Admin message