[PATCH 6.5 328/739] block: move the bi_size overflow check in __bio_try_merge_page

6.5-stable review patch. If anyone has any objections, please let me know.

------------------

From: Christoph Hellwig hch@lst.de

[ Upstream commit 613699050a49760f1d70c74f71bd0b013ca3c356 ]

Checking for availability in bi_size in a function that attempts to merge into an existing segment is a bit odd, as the limit also applies when adding a new segment. This code works fine as we always call __bio_try_merge_page, but contributes to sub-optimal calling conventions and doesn't lead to clear code.

Move it to two of the callers instead, the third one already has a more strict check that includes max_hw_segments anyway.

Signed-off-by: Christoph Hellwig hch@lst.de Reviewed-by: Jinyoung Choi j-young.choi@samsung.com Reviewed-by: Johannes Thumshirn johannes.thumshirn@wdc.com Link: https://lore.kernel.org/r/20230724165433.117645-6-hch@lst.de Signed-off-by: Jens Axboe axboe@kernel.dk Stable-dep-of: 0ece1d649b6d ("bio-integrity: create multi-page bvecs in bio_integrity_add_page()") Signed-off-by: Sasha Levin sashal@kernel.org --- block/bio.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/block/bio.c b/block/bio.c index 4369c9a355c3c..b9b8328d1bc82 100644 --- a/block/bio.c +++ b/block/bio.c @@ -949,10 +949,6 @@ static bool __bio_try_merge_page(struct bio *bio, struct page *page,

if (!page_is_mergeable(bv, page, len, off, same_page)) return false; - if (bio->bi_iter.bi_size > UINT_MAX - len) { - *same_page = false; - return false; - } bv->bv_len += len; bio->bi_iter.bi_size += len; return true; @@ -1125,6 +1121,8 @@ int bio_add_page(struct bio *bio, struct page *page,

if (WARN_ON_ONCE(bio_flagged(bio, BIO_CLONED))) return 0; + if (bio->bi_iter.bi_size > UINT_MAX - len) + return 0;

if (bio->bi_vcnt > 0 && __bio_try_merge_page(bio, page, len, offset, &same_page)) @@ -1206,6 +1204,9 @@ static int bio_iov_add_page(struct bio *bio, struct page *page, { bool same_page = false;

+ if (WARN_ON_ONCE(bio->bi_iter.bi_size > UINT_MAX - len)) + return -EIO; + if (bio->bi_vcnt > 0 && __bio_try_merge_page(bio, page, len, offset, &same_page)) { if (same_page)