bounce: don't rely on a zeroed bio_vec list
Jens Axboe [Tue, 23 Dec 2008 11:44:19 +0000 (12:44 +0100)]
__blk_queue_bounce() relies on a zeroed bio_vec list, since it looks
up arbitrary indexes in the allocated bio. The block layer only
guarentees that added entries are valid, so clear memory after alloc.

Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

mm/bounce.c

index bf0cf7c..e590272 100644 (file)
@@ -198,8 +198,13 @@ static void __blk_queue_bounce(struct request_queue *q, struct bio **bio_orig,
                /*
                 * irk, bounce it
                 */
-               if (!bio)
-                       bio = bio_alloc(GFP_NOIO, (*bio_orig)->bi_vcnt);
+               if (!bio) {
+                       unsigned int cnt = (*bio_orig)->bi_vcnt;
+
+                       bio = bio_alloc(GFP_NOIO, cnt);
+                       memset(bio->bi_io_vec, 0, cnt * sizeof(struct bio_vec));
+               }
+                       
 
                to = bio->bi_io_vec + i;