From 80c739c4435707f5d680884e4d23245351cd16db Mon Sep 17 00:00:00 2001
From: Kent Overstreet <kent.overstreet@gmail.com>
Date: Wed, 13 Oct 2021 13:45:46 -0400
Subject: bcachefs: Don't allocate too-big bios

This fixes a null ptr deref in bio_alloc_bioset() -> biovec_slab()

Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
---
 fs/bcachefs/io.c   | 2 ++
 fs/bcachefs/util.c | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/fs/bcachefs/io.c b/fs/bcachefs/io.c
index 8c0697bf7828..708ba5590182 100644
--- a/fs/bcachefs/io.c
+++ b/fs/bcachefs/io.c
@@ -782,6 +782,8 @@ static struct bio *bch2_write_bio_alloc(struct bch_fs *c,
 				       ? ((unsigned long) buf & (PAGE_SIZE - 1))
 				       : 0), PAGE_SIZE);
 
+	pages = min(pages, BIO_MAX_VECS);
+
 	bio = bio_alloc_bioset(GFP_NOIO, pages, &c->bio_write);
 	wbio			= wbio_init(bio);
 	wbio->put_bio		= true;
diff --git a/fs/bcachefs/util.c b/fs/bcachefs/util.c
index 9f21f68e84d3..52de7c49cacb 100644
--- a/fs/bcachefs/util.c
+++ b/fs/bcachefs/util.c
@@ -525,7 +525,11 @@ int bch2_bio_alloc_pages(struct bio *bio, size_t size, gfp_t gfp_mask)
 		if (!page)
 			return -ENOMEM;
 
-		BUG_ON(!bio_add_page(bio, page, len, 0));
+		if (unlikely(!bio_add_page(bio, page, len, 0))) {
+			__free_page(page);
+			break;
+		}
+
 		size -= len;
 	}
 
-- 
cgit v1.2.3