bounce: don't rely on a zeroed bio_vec list

__blk_queue_bounce() relies on a zeroed bio_vec list, since it looks up arbitrary indexes in the allocated bio. The block layer only guarentees that added entries are valid, so clear memory after alloc. Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

bounce: don't rely on a zeroed bio_vec list
__blk_queue_bounce() relies on a zeroed bio_vec list, since it looks up arbitrary indexes in the allocated bio. The block layer only guarentees that added entries are valid, so clear memory after alloc. Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Jens Axboe
1 parent a0ea862291
Showing 1 changed file with 7 additions and 2 deletions Side-by-side Diff
mm/bounce.c
@@ -198,8 +198,13 @@
 		/*
 		 * irk, bounce it
 		 */
-		if (!bio)
-			bio = bio_alloc(GFP_NOIO, (*bio_orig)->bi_vcnt);
+		if (!bio) {
+			unsigned int cnt = (*bio_orig)->bi_vcnt;
+
+			bio = bio_alloc(GFP_NOIO, cnt);
+			memset(bio->bi_io_vec, 0, cnt * sizeof(struct bio_vec));
+		}
+			
  
 		to = bio->bi_io_vec + i;
...	...	@@ -198,8 +198,13 @@
198	198	/*
199	199	* irk, bounce it
200	200	*/
201		- if (!bio)
202		- bio = bio_alloc(GFP_NOIO, (*bio_orig)->bi_vcnt);
	201	+ if (!bio) {
	202	+ unsigned int cnt = (*bio_orig)->bi_vcnt;
	203	+
	204	+ bio = bio_alloc(GFP_NOIO, cnt);
	205	+ memset(bio->bi_io_vec, 0, cnt * sizeof(struct bio_vec));
	206	+ }
	207	+
203	208
204	209	to = bio->bi_io_vec + i;
205	210