diff --git a/block/blk-lib.c b/block/blk-lib.c
index e90614fd8d6a420fad17b34f372deb7c99ea8c22..59ff99bc46981081383298d44cab4855add6f6f0 100644
--- a/block/blk-lib.c
+++ b/block/blk-lib.c
@@ -27,7 +27,7 @@ int __blkdev_issue_discard(struct block_device *bdev, sector_t sector,
 		struct bio **biop)
 {
 	struct request_queue *q = bdev_get_queue(bdev);
-	struct bio *bio = *biop;
+	struct bio *bio = NULL;
 	unsigned int op;
 	sector_t bs_mask, part_offset = 0;
 
@@ -92,6 +92,17 @@ int __blkdev_issue_discard(struct block_device *bdev, sector_t sector,
 			req_sects = min_t(sector_t, nr_sects,
 					  granularity_aligned_lba - sector_mapped);
 
+		if (!req_sects) {
+			/* just put the bio allocated in this function */
+			if (bio) {
+				bio_io_error(bio);
+				bio_put(bio);
+			}
+			return -EOPNOTSUPP;
+		}
+		if (!bio)
+			bio = *biop;
+
 		WARN_ON_ONCE((req_sects << 9) > UINT_MAX);
 
 		bio = blk_next_bio(bio, 0, gfp_mask);
diff --git a/block/ioctl.c b/block/ioctl.c
index c8945df2e2833cd9c2c2b7edc526bac577b69cdf..746d3fdf3cb7bd18d9c12e06f95581f45b80e938 100644
--- a/block/ioctl.c
+++ b/block/ioctl.c
@@ -101,7 +101,7 @@ static int blk_ioctl_discard(struct block_device *bdev, fmode_t mode,
 		unsigned long arg, unsigned long flags)
 {
 	uint64_t range[2];
-	uint64_t start, len;
+	uint64_t start, len, end;
 	struct request_queue *q = bdev_get_queue(bdev);
 	int err;
 
@@ -122,7 +122,8 @@ static int blk_ioctl_discard(struct block_device *bdev, fmode_t mode,
 	if (len & 511)
 		return -EINVAL;
 
-	if (start + len > i_size_read(bdev->bd_inode))
+	if (check_add_overflow(start, len, &end) ||
+	    end > i_size_read(bdev->bd_inode))
 		return -EINVAL;
 
 	err = truncate_bdev_range(bdev, mode, start, start + len - 1);