block: fix memleak of bio integrity data

Justin Tee · gregkh · commit ccbc5d03c2bd · 2020-01-26T10:01:09.000+01:00
[ Upstream commit ece841a ] 7c20f11 ("bio-integrity: stop abusing bi_end_io") moves bio_integrity_free from bio_uninit() to bio_integrity_verify_fn() and bio_endio(). This way looks wrong because bio may be freed without calling bio_endio(), for example, blk_rq_unprep_clone() is called from dm_mq_queue_rq() when the underlying queue of dm-mpath is busy. So memory leak of bio integrity data is caused by commit 7c20f11. Fixes this issue by re-adding bio_integrity_free() to bio_uninit(). Fixes: 7c20f11 ("bio-integrity: stop abusing bi_end_io") Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by Justin Tee <justin.tee@broadcom.com> Add commit log, and simplify/fix the original patch wroten by Justin. Signed-off-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>
diff --git a/block/bio-integrity.c b/block/bio-integrity.c
@@ -87,7 +87,7 @@ EXPORT_SYMBOL(bio_integrity_alloc);
  * Description: Used to free the integrity portion of a bio. Usually
  * called from bio_free().
  */
-static void bio_integrity_free(struct bio *bio)
+void bio_integrity_free(struct bio *bio)
 {
 	struct bio_integrity_payload *bip = bio_integrity(bio);
 	struct bio_set *bs = bio->bi_pool;
diff --git a/block/bio.c b/block/bio.c
@@ -233,6 +233,9 @@ struct bio_vec *bvec_alloc(gfp_t gfp_mask, int nr, unsigned long *idx,
 void bio_uninit(struct bio *bio)
 {
 	bio_disassociate_blkg(bio);
+
+	if (bio_integrity(bio))
+		bio_integrity_free(bio);
 }
 EXPORT_SYMBOL(bio_uninit);
 
diff --git a/block/blk.h b/block/blk.h
@@ -122,6 +122,7 @@ static inline void blk_rq_bio_prep(struct request *rq, struct bio *bio,
 #ifdef CONFIG_BLK_DEV_INTEGRITY
 void blk_flush_integrity(void);
 bool __bio_integrity_endio(struct bio *);
+void bio_integrity_free(struct bio *bio);
 static inline bool bio_integrity_endio(struct bio *bio)
 {
 	if (bio_integrity(bio))
@@ -167,6 +168,9 @@ static inline bool bio_integrity_endio(struct bio *bio)
 {
 	return true;
 }
+static inline void bio_integrity_free(struct bio *bio)
+{
+}
 #endif /* CONFIG_BLK_DEV_INTEGRITY */
 
 unsigned long blk_rq_timeout(unsigned long timeout);

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ EXPORT_SYMBOL(bio_integrity_alloc);`
`87`	`87`	`* Description: Used to free the integrity portion of a bio. Usually`
`88`	`88`	`* called from bio_free().`
`89`	`89`	`*/`
`90`		`-static void bio_integrity_free(struct bio *bio)`
	`90`	`+void bio_integrity_free(struct bio *bio)`
`91`	`91`	`{`
`92`	`92`	`struct bio_integrity_payload *bip = bio_integrity(bio);`
`93`	`93`	`struct bio_set *bs = bio->bi_pool;`
Original file line number	Diff line number	Diff line change
`@@ -233,6 +233,9 @@ struct bio_vec bvec_alloc(gfp_t gfp_mask, int nr, unsigned long idx,`
`233`	`233`	`void bio_uninit(struct bio *bio)`
`234`	`234`	`{`
`235`	`235`	`bio_disassociate_blkg(bio);`
	`236`	`+`
	`237`	`+ if (bio_integrity(bio))`
	`238`	`+ bio_integrity_free(bio);`
`236`	`239`	`}`
`237`	`240`	`EXPORT_SYMBOL(bio_uninit);`
`238`	`241`
Original file line number	Diff line number	Diff line change
`@@ -122,6 +122,7 @@ static inline void blk_rq_bio_prep(struct request rq, struct bio bio,`
`122`	`122`	`#ifdef CONFIG_BLK_DEV_INTEGRITY`
`123`	`123`	`void blk_flush_integrity(void);`
`124`	`124`	`bool __bio_integrity_endio(struct bio *);`
	`125`	`+void bio_integrity_free(struct bio *bio);`
`125`	`126`	`static inline bool bio_integrity_endio(struct bio *bio)`
`126`	`127`	`{`
`127`	`128`	`if (bio_integrity(bio))`
`@@ -167,6 +168,9 @@ static inline bool bio_integrity_endio(struct bio *bio)`
`167`	`168`	`{`
`168`	`169`	`return true;`
`169`	`170`	`}`
	`171`	`+static inline void bio_integrity_free(struct bio *bio)`
	`172`	`+{`
	`173`	`+}`
`170`	`174`	`#endif /* CONFIG_BLK_DEV_INTEGRITY */`
`171`	`175`
`172`	`176`	`unsigned long blk_rq_timeout(unsigned long timeout);`