From: sashiko-bot@kernel.org
To: "Yu Kuai" <yukuai@kernel.org>
Cc: linux-raid@vger.kernel.org, yukuai@fygo.io
Subject: Re: [PATCH v2 05/20] md/md-llbitmap: allocate page controls independently
Date: Wed, 24 Jun 2026 07:02:01 +0000 [thread overview]
Message-ID: <20260624070202.524001F000E9@smtp.kernel.org> (raw)
In-Reply-To: <6e1ca7ea2cb90ae58c47230a90f3f08d51658829.1782282042.git.yukuai@kernel.org>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
New issues:
- [High] Eager allocation of physical memory and disk I/O for the entire unused reserved bitmap space causes severe memory consumption and I/O stall regressions.
Pre-existing issues:
- [Critical] The bitmap space validation omits BITMAP_DATA_OFFSET, potentially allowing the bitmap to overflow its physical bounds and corrupt user data.
--
commit 880054f58bccd2442566ac1e584d6d9c8fc01e7e
Author: Yu Kuai <yukuai@fygo.io>
md/md-llbitmap: allocate page controls independently
Allocate one llbitmap page-control object at a time and free each
object through the same model.
> diff --git a/drivers/md/md-llbitmap.c b/drivers/md/md-llbitmap.c
> index e3500a1a52c07..4c3fc4b35aff0 100644
> --- a/drivers/md/md-llbitmap.c
> +++ b/drivers/md/md-llbitmap.c
[ ... ]
> +static int llbitmap_alloc_pages(struct llbitmap *llbitmap)
> +{
> + unsigned int used_pages = llbitmap_used_pages(llbitmap, llbitmap->chunks);
> + unsigned int nr_pages = max(used_pages, llbitmap_reserved_pages(llbitmap));
> + int i;
[Severity: High]
Does this unconditionally eager-allocate memory and write out the entire
reserved space?
By setting nr_pages to the maximum reserved space:
nr_pages = max(used_pages, llbitmap_reserved_pages(llbitmap));
and unconditionally allocating a physical 4KB page for every index up to
this limit in llbitmap_read_page(), this seems to allocate RAM for all
reserved, unused pages.
Furthermore, will functions like __llbitmap_flush() now iterate over all
these allocated nr_pages, marking them dirty and synchronously writing them
to disk, potentially causing severe I/O stalls for arrays with large
reserved bitmap spaces?
> +
> + llbitmap->pctl = kcalloc(nr_pages, sizeof(*llbitmap->pctl), GFP_KERNEL);
> + if (!llbitmap->pctl)
> + return -ENOMEM;
[ ... ]
> @@ -923,7 +948,7 @@ static int llbitmap_init(struct llbitmap *llbitmap)
> llbitmap->sync_size = blocks;
> mddev->bitmap_info.daemon_sleep = DEFAULT_DAEMON_SLEEP;
>
> - ret = llbitmap_cache_pages(llbitmap);
> + ret = llbitmap_alloc_pages(llbitmap);
[Severity: Critical]
This is a pre-existing issue, but does the bitmap space validation here
omit BITMAP_DATA_OFFSET?
In llbitmap_init() and llbitmap_read_sb(), the validation checks ensure
the total bitmap size (chunks) doesn't exceed the reserved byte length
(space). However, they don't seem to account for the 1024-byte
BITMAP_DATA_OFFSET that is prepended to the bitmap data on disk.
If chunks is close to or exactly equal to space, the total byte size
required (chunks + BITMAP_DATA_OFFSET) could exceed the physical bounds
of the reserved space. During flushes, could llbitmap_write_page() write
across the reserved bitmap boundary and overwrite adjacent user data?
> if (ret)
> return ret;
--
Sashiko AI review · https://sashiko.dev/#/patchset/cover.1782282042.git.yukuai@kernel.org?part=5
next prev parent reply other threads:[~2026-06-24 7:02 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-05 9:15 [PATCH 00/20] md/md-llbitmap: support reshape for RAID10 and RAID5 Yu Kuai
2026-06-05 9:15 ` [PATCH] md: add exact bitmap mapping and reshape hooks Yu Kuai
2026-06-05 9:15 ` [PATCH] md: skip bitmap accounting for empty write ranges Yu Kuai
2026-06-05 9:15 ` [PATCH] md: add helper to split bios at reshape offset Yu Kuai
2026-06-05 9:15 ` [PATCH] md/md-llbitmap: track bitmap sync_size explicitly Yu Kuai
2026-06-15 10:48 ` Su Yue
2026-06-05 9:15 ` [PATCH] md/md-llbitmap: allocate page controls independently Yu Kuai
2026-06-15 11:06 ` Su Yue
2026-06-05 9:15 ` [PATCH] md/md-llbitmap: grow the page cache in place for reshape Yu Kuai
2026-06-15 11:16 ` Su Yue
2026-06-15 16:19 ` yu kuai
2026-06-05 9:15 ` [PATCH] md/md-llbitmap: track target reshape geometry fields Yu Kuai
2026-06-05 9:15 ` [PATCH] md/md-llbitmap: finish reshape geometry Yu Kuai
2026-06-05 9:15 ` [PATCH] md/md-llbitmap: refuse reshape while llbitmap still needs sync Yu Kuai
2026-06-05 9:15 ` [PATCH] md/md-llbitmap: add reshape range mapping helpers Yu Kuai
2026-06-05 9:15 ` [PATCH] md/md-llbitmap: don't skip reshape ranges from bitmap state Yu Kuai
2026-06-05 9:15 ` [PATCH] md/md-llbitmap: remap checkpointed bits as reshape progresses Yu Kuai
2026-06-05 9:15 ` [PATCH] md/md-llbitmap: clamp state-machine walks to tracked bits Yu Kuai
2026-06-05 9:15 ` [PATCH] md/raid10: reject llbitmap reshape when md chunk shrinks Yu Kuai
2026-06-05 9:15 ` [PATCH] md/raid10: wire llbitmap reshape lifecycle Yu Kuai
2026-06-05 9:15 ` [PATCH] md/raid10: split reshape bios before bitmap accounting Yu Kuai
2026-06-05 9:15 ` [PATCH] md/raid5: add exact old and new llbitmap mapping helpers Yu Kuai
2026-06-05 9:15 ` [PATCH] md/raid5: reject llbitmap reshape when md chunk shrinks Yu Kuai
2026-06-05 9:15 ` [PATCH] md/raid5: wire llbitmap reshape lifecycle Yu Kuai
2026-06-05 9:15 ` [PATCH] md/raid5: split reshape bios before bitmap accounting Yu Kuai
2026-06-05 17:27 ` kernel test robot
2026-06-06 2:15 ` kernel test robot
2026-06-24 6:41 ` [PATCH v2 00/20] md/md-llbitmap: support reshape for RAID10 and RAID5 Yu Kuai
2026-06-24 6:41 ` [PATCH v2 01/20] md: add exact bitmap mapping and reshape hooks Yu Kuai
2026-06-24 6:41 ` [PATCH v2 02/20] md: skip bitmap accounting for empty write ranges Yu Kuai
2026-06-24 7:04 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 03/20] md: add helper to split bios at reshape offset Yu Kuai
2026-06-24 7:01 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 04/20] md/md-llbitmap: track bitmap sync_size explicitly Yu Kuai
2026-06-24 7:02 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 05/20] md/md-llbitmap: allocate page controls independently Yu Kuai
2026-06-24 7:02 ` sashiko-bot [this message]
2026-06-24 6:42 ` [PATCH v2 06/20] md/md-llbitmap: grow the page cache in place for reshape Yu Kuai
2026-06-24 7:03 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 07/20] md/md-llbitmap: track target reshape geometry fields Yu Kuai
2026-06-24 7:07 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 08/20] md/md-llbitmap: finish reshape geometry Yu Kuai
2026-06-24 9:06 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 09/20] md/md-llbitmap: refuse reshape while llbitmap still needs sync Yu Kuai
2026-06-24 7:04 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 10/20] md/md-llbitmap: add reshape range mapping helpers Yu Kuai
2026-06-24 7:08 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 11/20] md/md-llbitmap: don't skip reshape ranges from bitmap state Yu Kuai
2026-06-24 6:58 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 12/20] md/md-llbitmap: remap checkpointed bits as reshape progresses Yu Kuai
2026-06-24 7:04 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 13/20] md/md-llbitmap: clamp state-machine walks to tracked bits Yu Kuai
2026-06-24 7:06 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 14/20] md/raid10: reject llbitmap reshape when md chunk shrinks Yu Kuai
2026-06-24 6:42 ` [PATCH v2 15/20] md/raid10: wire llbitmap reshape lifecycle Yu Kuai
2026-06-24 7:22 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 16/20] md/raid10: split reshape bios before bitmap accounting Yu Kuai
2026-06-24 7:20 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 17/20] md/raid5: add exact old and new llbitmap mapping helpers Yu Kuai
2026-06-24 7:16 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 18/20] md/raid5: reject llbitmap reshape when md chunk shrinks Yu Kuai
2026-06-24 7:24 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 19/20] md/raid5: wire llbitmap reshape lifecycle Yu Kuai
2026-06-24 7:20 ` sashiko-bot
2026-06-24 6:42 ` [PATCH v2 20/20] md/raid5: split reshape bios before bitmap accounting Yu Kuai
2026-06-24 7:29 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260624070202.524001F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=yukuai@fygo.io \
--cc=yukuai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.