ANDROID: virtio_blk: Remove BUG_ON for discard/zero ops

The virtio_blk driver used by cuttlefish can crash if discard/zero ops, added in 4.20, pass through virtio_queue_rq(). Our theory is that this happens because multiple discards are merged, causing nr_phys_segments to be increased beyond the sg_elem size. This makes sense as a discard/zero is a form of I/O not backed by specific data. This patch should be submitted upstream once the true root cause has been tracked down and full analysis of the issue has been done. Originally-by: Satya Tangirala <satyat@google.com> Bug: 144592287 Test: boot cuttlefish with f2fs userdata and wait 1 minute Change-Id: Ic73e08035c91ec9c718e6496930b326d084062a4 Signed-off-by: Alistair Delva <adelva@google.com>
2026-06-07 22:14:04 +02:00 · 2019-11-15 15:38:06 -08:00 · 2019-11-15 15:38:06 -08:00 · 187c494456
commit 187c494456
parent 852619242c
1 changed files with 4 additions and 2 deletions
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@ -282,8 +282,6 @@ static blk_status_t virtio_queue_rq(struct blk_mq_hw_ctx *hctx,
 	bool unmap = false;
 	u32 type;

-	BUG_ON(req->nr_phys_segments + 2 > vblk->sg_elems);
-
 	switch (req_op(req)) {
 	case REQ_OP_READ:
 	case REQ_OP_WRITE:
@ -311,6 +309,10 @@ static blk_status_t virtio_queue_rq(struct blk_mq_hw_ctx *hctx,
 		return BLK_STS_IOERR;
 	}

+	BUG_ON(type != VIRTIO_BLK_T_DISCARD &&
+	       type != VIRTIO_BLK_T_WRITE_ZEROES &&
+	       (req->nr_phys_segments + 2 > vblk->sg_elems));
+
 	vbr->out_hdr.type = cpu_to_virtio32(vblk->vdev, type);
 	vbr->out_hdr.sector = type ?
 		0 : cpu_to_virtio64(vblk->vdev, blk_rq_pos(req));