Re: [PATCH 18/20] block: refator submit_bio_noacct

From: Christoph Hellwig
Date: Thu Jul 02 2020 - 11:15:01 EST


On Thu, Jul 02, 2020 at 10:10:10AM -0400, Qian Cai wrote:
> On Mon, Jun 29, 2020 at 09:39:45PM +0200, Christoph Hellwig wrote:
> > Split out a __submit_bio_noacct helper for the actual de-recursion
> > algorithm, and simplify the loop by using a continue when we can't
> > enter the queue for a bio.
> >
> > Signed-off-by: Christoph Hellwig <hch@xxxxxx>
>
> Reverting this commit and its dependencies,
>
> 5a6c35f9af41 block: remove direct_make_request
> ff93ea0ce763 block: shortcut __submit_bio_noacct for blk-mq drivers
>
> fixed the stack-out-of-bounds during boot,
>
> https://lore.kernel.org/linux-block/000000000000bcdeaa05a97280e4@xxxxxxxxxx/

Yikes. bio_alloc_bioset pokes into bio_list[1] in a totally
undocumented way. But even with that the problem should only show
up with "block: shortcut __submit_bio_noacct for blk-mq drivers".

Can you try this patch?

diff --git a/block/blk-core.c b/block/blk-core.c
index bf882b8d84450c..9f1bf8658b611a 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -1155,11 +1155,10 @@ static blk_qc_t __submit_bio_noacct(struct bio *bio)
static blk_qc_t __submit_bio_noacct_mq(struct bio *bio)
{
struct gendisk *disk = bio->bi_disk;
- struct bio_list bio_list;
+ struct bio_list bio_list[2] = { };
blk_qc_t ret = BLK_QC_T_NONE;

- bio_list_init(&bio_list);
- current->bio_list = &bio_list;
+ current->bio_list = bio_list;

do {
WARN_ON_ONCE(bio->bi_disk != disk);
@@ -1174,7 +1173,7 @@ static blk_qc_t __submit_bio_noacct_mq(struct bio *bio)
}

ret = blk_mq_submit_bio(bio);
- } while ((bio = bio_list_pop(&bio_list)));
+ } while ((bio = bio_list_pop(&bio_list[0])));

current->bio_list = NULL;
return ret;