| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <frfwxomz.fsf@damenly.org>
Date: Thu, 19 Jun 2025 13:54:12 +0800
From: Su Yue <l@...enly.org>
To: Wang Jinchao <wangjinchao600@...il.com>
Cc: Song Liu <song@...nel.org>, Yu Kuai <yukuai3@...wei.com>,
linux-raid@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] md/raid1: change r1conf->r1bio_pool to a pointer type
On Thu 19 Jun 2025 at 10:01, Wang Jinchao
<wangjinchao600@...il.com> wrote:
> On 6/19/25 08:56, Su Yue wrote:
>> On Wed 18 Jun 2025 at 19:41, Wang Jinchao
>> <wangjinchao600@...il.com> wrote:
>>
>>> In raid1_reshape(), newpool is a stack variable.
>>> mempool_init() initializes newpool->wait with the stack
>>> address.
>>> After assigning newpool to conf->r1bio_pool, the wait queue
>>> need to be reinitialized, which is not ideal.
>>>
>>> Change raid1_conf->r1bio_pool to a pointer type and
>>> replace mempool_init() with mempool_create() to
>>> avoid referencing a stack-based wait queue.
>>>
>>> Signed-off-by: Wang Jinchao <wangjinchao600@...il.com>
>>> ---
>>> drivers/md/raid1.c | 31 +++++++++++++------------------
>>> drivers/md/raid1.h | 2 +-
>>> 2 files changed, 14 insertions(+), 19 deletions(-)
>>>
>>> diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
>>> index fd4ce2a4136f..4d4833915b5f 100644
>>> --- a/drivers/md/raid1.c
>>> +++ b/drivers/md/raid1.c
>>> @@ -255,7 +255,7 @@ static void free_r1bio(struct r1bio
>>> *r1_bio)
>>> struct r1conf *conf = r1_bio->mddev->private;
>>>
>>> put_all_bios(conf, r1_bio);
>>> - mempool_free(r1_bio, &conf->r1bio_pool);
>>> + mempool_free(r1_bio, conf->r1bio_pool);
>>> }
>>>
>>> static void put_buf(struct r1bio *r1_bio)
>>> @@ -1305,7 +1305,7 @@ alloc_r1bio(struct mddev *mddev, struct
>>> bio *bio)
>>> struct r1conf *conf = mddev->private;
>>> struct r1bio *r1_bio;
>>>
>>> - r1_bio = mempool_alloc(&conf->r1bio_pool, GFP_NOIO);
>>> + r1_bio = mempool_alloc(conf->r1bio_pool, GFP_NOIO);
>>> /* Ensure no bio records IO_BLOCKED */
>>> memset(r1_bio->bios, 0, conf->raid_disks *
>>> sizeof(r1_bio- >bios[0]));
>>> init_r1bio(r1_bio, mddev, bio);
>>> @@ -3124,9 +3124,9 @@ static struct r1conf *setup_conf(struct
>>> mddev *mddev)
>>> if (!conf->poolinfo)
>>> goto abort;
>>> conf->poolinfo->raid_disks = mddev->raid_disks * 2;
>>> - err = mempool_init(&conf->r1bio_pool, NR_RAID_BIOS,
>>> r1bio_pool_alloc,
>>> - rbio_pool_free, conf->poolinfo);
>>> - if (err)
>>> + conf->r1bio_pool = mempool_create(NR_RAID_BIOS,
>>> r1bio_pool_alloc,
>>> + rbio_pool_free, conf->poolinfo);
>>> + if (!conf->r1bio_pool)
>>>
>> err should be set to -ENOMEM.
>>
> At the beginning of the function, err is initialized to -ENOMEM.
>
Alright...
--
Su
>> -- Su
>>
>>> goto abort;
>>>
>>> err = bioset_init(&conf->bio_split, BIO_POOL_SIZE, 0, 0);
>>> @@ -3197,7 +3197,7 @@ static struct r1conf *setup_conf(struct
>>> mddev *mddev)
>>>
>>> abort:
>>> if (conf) {
>>> - mempool_exit(&conf->r1bio_pool);
>>> + mempool_destroy(conf->r1bio_pool);
>>> kfree(conf->mirrors);
>>> safe_put_page(conf->tmppage);
>>> kfree(conf->poolinfo);
>>> @@ -3310,7 +3310,7 @@ static void raid1_free(struct mddev
>>> *mddev, void *priv)
>>> {
>>> struct r1conf *conf = priv;
>>>
>>> - mempool_exit(&conf->r1bio_pool);
>>> + mempool_destroy(conf->r1bio_pool);
>>> kfree(conf->mirrors);
>>> safe_put_page(conf->tmppage);
>>> kfree(conf->poolinfo);
>>> @@ -3366,17 +3366,13 @@ static int raid1_reshape(struct mddev
>>> *mddev)
>>> * At the same time, we "pack" the devices so that all
>>> the missing
>>> * devices have the higher raid_disk numbers.
>>> */
>>> - mempool_t newpool, oldpool;
>>> + mempool_t *newpool, *oldpool;
>>> struct pool_info *newpoolinfo;
>>> struct raid1_info *newmirrors;
>>> struct r1conf *conf = mddev->private;
>>> int cnt, raid_disks;
>>> unsigned long flags;
>>> int d, d2;
>>> - int ret;
>>> -
>>> - memset(&newpool, 0, sizeof(newpool));
>>> - memset(&oldpool, 0, sizeof(oldpool));
>>>
>>> /* Cannot change chunk_size, layout, or level */
>>> if (mddev->chunk_sectors != mddev->new_chunk_sectors ||
>>> @@ -3408,18 +3404,18 @@ static int raid1_reshape(struct mddev
>>> *mddev)
>>> newpoolinfo->mddev = mddev;
>>> newpoolinfo->raid_disks = raid_disks * 2;
>>>
>>> - ret = mempool_init(&newpool, NR_RAID_BIOS,
>>> r1bio_pool_alloc,
>>> + newpool = mempool_create(NR_RAID_BIOS, r1bio_pool_alloc,
>>> rbio_pool_free, newpoolinfo);
>>> - if (ret) {
>>> + if (!newpool) {
>>> kfree(newpoolinfo);
>>> - return ret;
>>> + return -ENOMEM;
>>> }
>>> newmirrors = kzalloc(array3_size(sizeof(struct
>>> raid1_info),
>>> raid_disks, 2),
>>> GFP_KERNEL);
>>> if (!newmirrors) {
>>> kfree(newpoolinfo);
>>> - mempool_exit(&newpool);
>>> + mempool_destroy(newpool);
>>> return -ENOMEM;
>>> }
>>>
>>> @@ -3428,7 +3424,6 @@ static int raid1_reshape(struct mddev
>>> *mddev)
>>> /* ok, everything is stopped */
>>> oldpool = conf->r1bio_pool;
>>> conf->r1bio_pool = newpool;
>>> - init_waitqueue_head(&conf->r1bio_pool.wait);
>>>
>>> for (d = d2 = 0; d < conf->raid_disks; d++) {
>>> struct md_rdev *rdev = conf->mirrors[d].rdev;
>>> @@ -3460,7 +3455,7 @@ static int raid1_reshape(struct mddev
>>> *mddev)
>>> set_bit(MD_RECOVERY_NEEDED, &mddev->recovery);
>>> md_wakeup_thread(mddev->thread);
>>>
>>> - mempool_exit(&oldpool);
>>> + mempool_destroy(oldpool);
>>> return 0;
>>> }
>>>
>>> diff --git a/drivers/md/raid1.h b/drivers/md/raid1.h
>>> index 33f318fcc268..652c347b1a70 100644
>>> --- a/drivers/md/raid1.h
>>> +++ b/drivers/md/raid1.h
>>> @@ -118,7 +118,7 @@ struct r1conf {
>>> * mempools - it changes when the array grows or shrinks
>>> */
>>> struct pool_info *poolinfo;
>>> - mempool_t r1bio_pool;
>>> + mempool_t *r1bio_pool;
>>> mempool_t r1buf_pool;
>>>
>>> struct bio_set bio_split;
Powered by blists - more mailing lists