| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ldpoy2fo.fsf@damenly.org>
Date: Thu, 19 Jun 2025 08:56:11 +0800
From: Su Yue <l@...enly.org>
To: Wang Jinchao <wangjinchao600@...il.com>
Cc: Song Liu <song@...nel.org>, Yu Kuai <yukuai3@...wei.com>,
linux-raid@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] md/raid1: change r1conf->r1bio_pool to a pointer type
On Wed 18 Jun 2025 at 19:41, Wang Jinchao
<wangjinchao600@...il.com> wrote:
> In raid1_reshape(), newpool is a stack variable.
> mempool_init() initializes newpool->wait with the stack address.
> After assigning newpool to conf->r1bio_pool, the wait queue
> need to be reinitialized, which is not ideal.
>
> Change raid1_conf->r1bio_pool to a pointer type and
> replace mempool_init() with mempool_create() to
> avoid referencing a stack-based wait queue.
>
> Signed-off-by: Wang Jinchao <wangjinchao600@...il.com>
> ---
> drivers/md/raid1.c | 31 +++++++++++++------------------
> drivers/md/raid1.h | 2 +-
> 2 files changed, 14 insertions(+), 19 deletions(-)
>
> diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
> index fd4ce2a4136f..4d4833915b5f 100644
> --- a/drivers/md/raid1.c
> +++ b/drivers/md/raid1.c
> @@ -255,7 +255,7 @@ static void free_r1bio(struct r1bio *r1_bio)
> struct r1conf *conf = r1_bio->mddev->private;
>
> put_all_bios(conf, r1_bio);
> - mempool_free(r1_bio, &conf->r1bio_pool);
> + mempool_free(r1_bio, conf->r1bio_pool);
> }
>
> static void put_buf(struct r1bio *r1_bio)
> @@ -1305,7 +1305,7 @@ alloc_r1bio(struct mddev *mddev, struct
> bio *bio)
> struct r1conf *conf = mddev->private;
> struct r1bio *r1_bio;
>
> - r1_bio = mempool_alloc(&conf->r1bio_pool, GFP_NOIO);
> + r1_bio = mempool_alloc(conf->r1bio_pool, GFP_NOIO);
> /* Ensure no bio records IO_BLOCKED */
> memset(r1_bio->bios, 0, conf->raid_disks *
> sizeof(r1_bio->bios[0]));
> init_r1bio(r1_bio, mddev, bio);
> @@ -3124,9 +3124,9 @@ static struct r1conf *setup_conf(struct
> mddev *mddev)
> if (!conf->poolinfo)
> goto abort;
> conf->poolinfo->raid_disks = mddev->raid_disks * 2;
> - err = mempool_init(&conf->r1bio_pool, NR_RAID_BIOS,
> r1bio_pool_alloc,
> - rbio_pool_free, conf->poolinfo);
> - if (err)
> + conf->r1bio_pool = mempool_create(NR_RAID_BIOS,
> r1bio_pool_alloc,
> + rbio_pool_free, conf->poolinfo);
> + if (!conf->r1bio_pool)
>
err should be set to -ENOMEM.
--
Su
> goto abort;
>
> err = bioset_init(&conf->bio_split, BIO_POOL_SIZE, 0, 0);
> @@ -3197,7 +3197,7 @@ static struct r1conf *setup_conf(struct
> mddev *mddev)
>
> abort:
> if (conf) {
> - mempool_exit(&conf->r1bio_pool);
> + mempool_destroy(conf->r1bio_pool);
> kfree(conf->mirrors);
> safe_put_page(conf->tmppage);
> kfree(conf->poolinfo);
> @@ -3310,7 +3310,7 @@ static void raid1_free(struct mddev
> *mddev, void *priv)
> {
> struct r1conf *conf = priv;
>
> - mempool_exit(&conf->r1bio_pool);
> + mempool_destroy(conf->r1bio_pool);
> kfree(conf->mirrors);
> safe_put_page(conf->tmppage);
> kfree(conf->poolinfo);
> @@ -3366,17 +3366,13 @@ static int raid1_reshape(struct mddev
> *mddev)
> * At the same time, we "pack" the devices so that all the
> missing
> * devices have the higher raid_disk numbers.
> */
> - mempool_t newpool, oldpool;
> + mempool_t *newpool, *oldpool;
> struct pool_info *newpoolinfo;
> struct raid1_info *newmirrors;
> struct r1conf *conf = mddev->private;
> int cnt, raid_disks;
> unsigned long flags;
> int d, d2;
> - int ret;
> -
> - memset(&newpool, 0, sizeof(newpool));
> - memset(&oldpool, 0, sizeof(oldpool));
>
> /* Cannot change chunk_size, layout, or level */
> if (mddev->chunk_sectors != mddev->new_chunk_sectors ||
> @@ -3408,18 +3404,18 @@ static int raid1_reshape(struct mddev
> *mddev)
> newpoolinfo->mddev = mddev;
> newpoolinfo->raid_disks = raid_disks * 2;
>
> - ret = mempool_init(&newpool, NR_RAID_BIOS, r1bio_pool_alloc,
> + newpool = mempool_create(NR_RAID_BIOS, r1bio_pool_alloc,
> rbio_pool_free, newpoolinfo);
> - if (ret) {
> + if (!newpool) {
> kfree(newpoolinfo);
> - return ret;
> + return -ENOMEM;
> }
> newmirrors = kzalloc(array3_size(sizeof(struct raid1_info),
> raid_disks, 2),
> GFP_KERNEL);
> if (!newmirrors) {
> kfree(newpoolinfo);
> - mempool_exit(&newpool);
> + mempool_destroy(newpool);
> return -ENOMEM;
> }
>
> @@ -3428,7 +3424,6 @@ static int raid1_reshape(struct mddev
> *mddev)
> /* ok, everything is stopped */
> oldpool = conf->r1bio_pool;
> conf->r1bio_pool = newpool;
> - init_waitqueue_head(&conf->r1bio_pool.wait);
>
> for (d = d2 = 0; d < conf->raid_disks; d++) {
> struct md_rdev *rdev = conf->mirrors[d].rdev;
> @@ -3460,7 +3455,7 @@ static int raid1_reshape(struct mddev
> *mddev)
> set_bit(MD_RECOVERY_NEEDED, &mddev->recovery);
> md_wakeup_thread(mddev->thread);
>
> - mempool_exit(&oldpool);
> + mempool_destroy(oldpool);
> return 0;
> }
>
> diff --git a/drivers/md/raid1.h b/drivers/md/raid1.h
> index 33f318fcc268..652c347b1a70 100644
> --- a/drivers/md/raid1.h
> +++ b/drivers/md/raid1.h
> @@ -118,7 +118,7 @@ struct r1conf {
> * mempools - it changes when the array grows or shrinks
> */
> struct pool_info *poolinfo;
> - mempool_t r1bio_pool;
> + mempool_t *r1bio_pool;
> mempool_t r1buf_pool;
>
> struct bio_set bio_split;
Powered by blists - more mailing lists