bcachefs: Use bio_iov_vecs_to_alloc()

This fixes a bug in the DIO read path where, when using a loopback
device in DIO mode, we'd allocate a biovec that would get overwritten
and leaked in bio_iov_iter_get_pages() -> bio_iov_bvec_set().

Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>

diff --git a/fs/bcachefs/fs-io.c b/fs/bcachefs/fs-io.c
index 9161125aec177eec4848bb827159bfe0edbb660c..8231c29a753470b553c3ff1b2dd6295755ead0c5 100644 (file)
--- a/fs/bcachefs/fs-io.c
+++ b/fs/bcachefs/fs-io.c
@@ -1889,7 +1889,7 @@ static int bch2_direct_IO_read(struct kiocb *req, struct iov_iter *iter)
        iter->count -= shorten;
 
        bio = bio_alloc_bioset(NULL,
-                              iov_iter_npages(iter, BIO_MAX_VECS),
+                              bio_iov_vecs_to_alloc(iter, BIO_MAX_VECS),
                               REQ_OP_READ,
                               GFP_KERNEL,
                               &c->dio_read_bioset);
@@ -1926,7 +1926,7 @@ static int bch2_direct_IO_read(struct kiocb *req, struct iov_iter *iter)
        goto start;
        while (iter->count) {
                bio = bio_alloc_bioset(NULL,
-                                      iov_iter_npages(iter, BIO_MAX_VECS),
+                                      bio_iov_vecs_to_alloc(iter, BIO_MAX_VECS),
                                       REQ_OP_READ,
                                       GFP_KERNEL,
                                       &c->bio_read);
@@ -2297,9 +2297,7 @@ ssize_t bch2_direct_write(struct kiocb *req, struct iov_iter *iter)
        }
 
        bio = bio_alloc_bioset(NULL,
-                              iov_iter_is_bvec(iter)
-                              ? 0
-                              : iov_iter_npages(iter, BIO_MAX_VECS),
+                              bio_iov_vecs_to_alloc(iter, BIO_MAX_VECS),
                               REQ_OP_WRITE,
                               GFP_KERNEL,
                               &c->dio_write_bioset);