Possibly wrong BIO usage in ide_multwrite

From: Christophe Saout
Date: Thu Jan 01 2004 - 12:19:42 EST

Next message: Anders Skovsted Buch: "Re: System lockup when playing chess"
Previous message: Trond Myklebust: "Re: [PATCH] disable gcc warnings of sign/unsigned comparison"
Next in thread: Andre Hedrick: "Re: Possibly wrong BIO usage in ide_multwrite"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

I was just investigating where bio->bi_idx gets modified in the kernel.

I found these lines in ide-disk.c in ide_multwrite (DMA off, TASKFILE_IO
off):

> if (++bio->bi_idx >= bio->bi_vcnt) {
> bio->bi_idx = 0;
> bio = bio->bi_next;
> }

(rq->bio also gets changed but it's protected by the scratch buffer)

I think changing the bi_idx here is dangerous because
end_that_request_first needs this value to be unchanged because it
tracks the progress of the bio processing and updates bi_idx itself.

And bio->bi_idx = 0 is probably wrong because the bio can be submitted
with bio->bi_idx > 0 (if the bio was splitted and there are clones that
share the bio_vec array, like raid or device-mapper code).

If it really needs to play with bi_idx itself care should be taken to
reset bi_idx to the original value, not to zero.

I wasn't able to trigger a problem though, I don't know why exactly,
perhaps there are paths in __end_that_request_first that are not
interested in bi_dx. I still think there is something wrong with it.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Anders Skovsted Buch: "Re: System lockup when playing chess"
Previous message: Trond Myklebust: "Re: [PATCH] disable gcc warnings of sign/unsigned comparison"
Next in thread: Andre Hedrick: "Re: Possibly wrong BIO usage in ide_multwrite"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]