[PATCHv5 1/2] block: accumulate memory segment gaps per bio
Christoph Hellwig
hch at lst.de
Tue Nov 11 01:39:03 PST 2025
On Tue, Nov 11, 2025 at 05:36:39PM +0800, Yu Kuai wrote:
> This can be reproduced 100% with branch for-6.19/block now, just:
>
> blkdiscard /dev/md0
>
> Where discard IO will be split to different underlying disks and then
> merge. And for discard bio, bio->bi_io_vec is NULL. So when discard
> bio ends up to the merge path, bio->bi_io_vec will be dereferenced
> unconditionally.
Ah, so it's not a NULL req->bio but bio->bi_io_vec.
>
> How about following simple fix:
>
> diff --git a/block/blk-merge.c b/block/blk-merge.c
> index 3ca6fbf8b787..31f460422fe3 100644
> --- a/block/blk-merge.c
> +++ b/block/blk-merge.c
> @@ -740,6 +740,9 @@ u8 bio_seg_gap(struct request_queue *q, struct bio *prev, struct bio *next,
> gaps_bit = min_not_zero(gaps_bit, prev->bi_bvec_gap_bit);
> gaps_bit = min_not_zero(gaps_bit, next->bi_bvec_gap_bit);
>
> + if (op_is_discard(prev->bi_opf) || op_is_discard(next->bi_opf))
> + return gaps_bit;
> +
I think the problem is how we even end up here? The only merging
for discard should be the special multi-segment merge. So I think
something higher up is messed up
More information about the Linux-nvme
mailing list