From: "Chen Cheng" <chencheng@fnnas.com>
To: <linux-raid@vger.kernel.org>, <yukuai@fygo.io>
Cc: <chencheng@fnnas.com>, <linux-kernel@vger.kernel.org>
Subject: [PATCH] md/raid5: fix stripe_request_ctx bitmap sizing for unaligned bios
Date: Wed, 3 Jun 2026 17:04:57 +0800 [thread overview]
Message-ID: <20260603090457.638223-1-chencheng@fnnas.com> (raw)
From: Chen Cheng <chencheng@fnnas.com>
stripe_request_ctx.sectors_to_do needs one extra bit for unaligned bios,
as documented by the existing comment.
raid5_make_request() rounds the bio start down to a stripe boundary, but
keeps ctx->last_sector at bio_end_sector(bio). As a result, an unaligned
bio with len == max_hw_sectors can span one more stripe than
max_hw_sectors >> RAID5_STRIPE_SHIFT(conf).
For example, if RAID5_STRIPE_SECTORS(conf) == 8 and max_hw_sectors ==
2048, a bio at sector 1 with len 2048 sectors yields stripe_cnt = 257.
bitmap_set(ctx->sectors_to_do, 0, 257) then touches the first bit beyond
a 256-bit allocation, matching the KASAN report:
__bitmap_set
bitmap_set
raid5_make_request
Restore the missing extra bit in both ctx_pool sizing paths.
This bug is harder to reproduce from userspace on v7.1 because
lim.chunk_sectors = lim.io_opt >> 9 causes the block layer to split
large unaligned bios on full-stripe boundaries before they reach
raid5_make_request(). That masks the reproducer, but does not fix the
under-allocation.
Signed-off-by: Chen Cheng <chencheng@fnnas.com>
---
drivers/md/raid5.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index 65ae7d8930fc..9ece79e608f7 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -7756,15 +7756,15 @@ static int raid5_create_ctx_pool(struct r5conf *conf)
{
struct stripe_request_ctx *ctx;
int size;
if (mddev_is_dm(conf->mddev))
- size = BITS_TO_LONGS(RAID5_MAX_REQ_STRIPES);
+ size = BITS_TO_LONGS(RAID5_MAX_REQ_STRIPES + 1);
else
size = BITS_TO_LONGS(
- queue_max_hw_sectors(conf->mddev->gendisk->queue) >>
- RAID5_STRIPE_SHIFT(conf));
+ (queue_max_hw_sectors(conf->mddev->gendisk->queue) >>
+ RAID5_STRIPE_SHIFT(conf)) + 1);
conf->ctx_size = struct_size(ctx, sectors_to_do, size);
conf->ctx_pool = mempool_create_kmalloc_pool(NR_RAID_BIOS,
conf->ctx_size);
--
2.54.0
reply other threads:[~2026-06-03 9:05 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260603090457.638223-1-chencheng@fnnas.com \
--to=chencheng@fnnas.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=yukuai@fygo.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox