From 08df0db0be41e6bea306bcf5b4d325f5a79dc7a1 Mon Sep 17 00:00:00 2001 From: Ming Lei Date: Sat, 12 Sep 2015 20:48:42 +0800 Subject: [PATCH] block: fix bounce_end_io When bio bounce is involved, one new bio and its io vector are cloned from the coming bio, which can be one fast-cloned bio and its io vector can be shared with another bio too, especially after bio_split() is introduced. So it is obviously wrong to assume the start index of the original bio's io vector is zero, which can be any value between 0 and (bi_max_vecs - 1), especially in case of bio split. Signed-off-by: Ming Lei --- block/bounce.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/block/bounce.c b/block/bounce.c index 0611aea1cfe9..1cb5dd3a5da1 100644 --- a/block/bounce.c +++ b/block/bounce.c @@ -128,12 +128,14 @@ static void bounce_end_io(struct bio *bio, mempool_t *pool) struct bio *bio_orig = bio->bi_private; struct bio_vec *bvec, *org_vec; int i; + int start = bio_orig->bi_iter.bi_idx; /* * free up bounce indirect pages used */ bio_for_each_segment_all(bvec, bio, i) { - org_vec = bio_orig->bi_io_vec + i; + org_vec = bio_orig->bi_io_vec + i + start; + if (bvec->bv_page == org_vec->bv_page) continue; -- 2.4.3