From: Hannes Reinecke <hare@suse.de>
Date: Wed, 20 Mar 2019 08:58:07 +0100
Subject: [PATCH] block_dev: fix crash on chained bios with O_DIRECT
Patch-Mainline: submitted linux-block 2019/03/20
References: bsc#1128094

__blkdev_direct_IO_simple() is allocating a bio on the stack.
When that bio needs to be split bio_chain_endio() invokes bio_put()
on this bio, causing the kernel to crash in mempool_free() as the
bio was never allocated from a mempool in the first place.
So call bio_get() before submitting to avoid this problem.

Signed-off-by: Hannes Reinecke <hare@suse.com>
---
 fs/block_dev.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/block_dev.c b/fs/block_dev.c
index 7a9a14df1d82..4acd35663ae7 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -256,6 +256,7 @@ __blkdev_direct_IO_simple(struct kiocb *iocb, struct iov_iter *iter,
 		task_io_account_write(ret);
 	}
 
+	bio_get(&bio);
 	qc = submit_bio(&bio);
 	for (;;) {
 		set_current_state(TASK_UNINTERRUPTIBLE);
@@ -275,7 +276,7 @@ __blkdev_direct_IO_simple(struct kiocb *iocb, struct iov_iter *iter,
 
 	if (unlikely(bio.bi_status))
 		ret = blk_status_to_errno(bio.bi_status);
-
+	bio_put(&bio);
 out:
 	if (vecs != inline_vecs)
 		kfree(vecs);
-- 
2.16.4