From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from va-2-35.ptr.blmpb.com (va-2-35.ptr.blmpb.com [209.127.231.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 537DC36D4E4 for ; Tue, 16 Jun 2026 13:13:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.127.231.35 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781615618; cv=none; b=tfd2hFh2sId7dPNvZNFsFQf9zGxQWIRbexMRdw3clIPYOGb333HcZzylyvB0PBx+KOISjjzKImuVGTt6FNIkkf829YItucfGQOvJYLx8NI4xnW+Zn0UNa2cd62w4UbesSAcN9fEvDIN2lv70BzzVYbTpBamwccWPCsfh4j5OyEc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781615618; c=relaxed/simple; bh=Jkm6X4qXZsK2bQdvZGeWUWQo/QTKe/G4bFBs5DrlrVE=; h=Content-Type:To:Cc:Subject:Mime-Version:Date:Message-Id:From; b=fV2w33BSSFQjf4/vuT2/n3SUnQ1h5o6hcz2m55dx9XA0kAnCcMNJyI7zHgBfnRtSvzX6baLlt9eph+sHTRsxeK85anR/2DxHVaa+szW9a0IeQzcFgfJUnvWi6FYFNQr4nBR+yK0FQ8+JC9gMMlhsMz1Ci3/CrIqBOk6ucrmlblo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fnnas.com; spf=pass smtp.mailfrom=fnnas.com; dkim=pass (2048-bit key) header.d=fnnas-com.20200927.dkim.feishu.cn header.i=@fnnas-com.20200927.dkim.feishu.cn header.b=Z3isqUAi; arc=none smtp.client-ip=209.127.231.35 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fnnas.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fnnas.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fnnas-com.20200927.dkim.feishu.cn header.i=@fnnas-com.20200927.dkim.feishu.cn header.b="Z3isqUAi" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=s1; d=fnnas-com.20200927.dkim.feishu.cn; t=1781615604; h=from:subject:mime-version:from:date:message-id:subject:to:cc: reply-to:content-type:mime-version:in-reply-to:message-id; bh=OuP1GXhMV1TD9B/cVZF+4n6ekwipHeQdYBo8RabLLMM=; b=Z3isqUAidEaqEUhmkeGN0/VqaZM+X25OO28D28546Oc4nqKxnkxjPzF1FQ12KNE5dFkE1a Ii8FqBm1j0iQkYUVFR3XBNIdV8KkOxGZgcKOHyyv+LZ0vBVYt3fEMrSkyf7j2rhKytKjCV 7JpSBPbbQuz0TgxgcWOtmNqFTHitAvcvqQCUWMpCJPow5HQ5+sOStrE2K9e9B4elRWdXS+ d3Qp1CUjs5bitAilfWQHODuj6+LcH11pJ6+eopa0015OvxyS/wIxbji8HkaSdWbvjJvs5H WWk0k3zc8aA1AbIzxsxVdGnWen8jBgpNtV+L5rTuKraFeN0d4XC3mquaxCjSMg== Content-Type: text/plain; charset=UTF-8 To: , , Cc: , Subject: [PATCH] md/raid5: protect bitmap batch counters aka seq_flush/seq_write Precedence: bulk X-Mailing-List: linux-raid@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Date: Tue, 16 Jun 2026 21:13:10 +0800 X-Original-From: chencheng@fnnas.com Content-Transfer-Encoding: 7bit Received: from localhost.localdomain ([183.34.162.81]) by smtp.feishu.cn with ESMTPS; Tue, 16 Jun 2026 21:13:21 +0800 Message-Id: <20260616131310.3790554-1-chencheng@fnnas.com> X-Mailer: git-send-email 2.54.0 From: "Chen Cheng" X-Lms-Return-Path: From: Chen Cheng kcsan detect race : - raid5d() closes the current bitmap batch by updating conf->seq_flush under conf->device_lock. - __add_stripe_bio() read conf->seq_flush without that lock when assigning sh->bm_seq. so, protect seq_flush/seq_write by READ_ONCE()/WRITE_ONCE(). re-explain the stripe batch sequence number update flow: 1. sh->bm_seq declare which batch number the stripe belongs to when perform bitmap-related write. ==> bm_seq = seq_flush+1 2. stripe be handled, * if sh->bm_seq - conf->seq_write > 0, means the batch stripes **newer than** the last written batch, it cannot proceed yet, queued on bitmap_list. * otherwise , has already proceed. 3. raid5d() `++seq_flush` to closes the current batch, means * no more stripes join that old batch * just-closed batch ready to write-out to disk 4. raid5d() calls bitmap hooks unplug() or writeout, then, `++seq_write` to the same as bm_seq. - seq_flush - for producer, to close batches. - seq_write - for consumer, the checkpoint number. the report: ==================================== BUG: KCSAN: data-race in __add_stripe_bio / raid5d write to 0xffff88ba5625d470 of 4 bytes by task 82401 on cpu 0: raid5d+0x1d9/0xba0 [.....] read to 0xffff88ba5625d470 of 4 bytes by task 82421 on cpu 8: __add_stripe_bio+0x332/0x400 raid5_make_request+0x6ac/0x2930 md_handle_request+0x4a2/0xa40 md_submit_bio+0x109/0x1a0 __submit_bio+0x2ec/0x390 [.....] Signed-off-by: Chen Cheng --- drivers/md/raid5.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c index a320b71d7117..f3c2959b5606 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -3536,11 +3536,11 @@ static void __add_stripe_bio(struct stripe_head *sh, struct bio *bi, pr_debug("added bi b#%llu to stripe s#%llu, disk %d, logical %llu\n", (*bip)->bi_iter.bi_sector, sh->sector, dd_idx, sh->dev[dd_idx].sector); if (conf->mddev->bitmap && firstwrite && !sh->batch_head) { - sh->bm_seq = conf->seq_flush+1; + sh->bm_seq = READ_ONCE(conf->seq_flush) + 1; set_bit(STRIPE_BIT_DELAY, &sh->state); } } /* @@ -5827,11 +5827,11 @@ static void make_discard_request(struct mddev *mddev, struct bio *bi) md_write_inc(mddev, bi); sh->overwrite_disks++; } spin_unlock_irq(&sh->stripe_lock); if (conf->mddev->bitmap) { - sh->bm_seq = conf->seq_flush + 1; + sh->bm_seq = READ_ONCE(conf->seq_flush) + 1; set_bit(STRIPE_BIT_DELAY, &sh->state); } set_bit(STRIPE_HANDLE, &sh->state); clear_bit(STRIPE_DELAYED, &sh->state); @@ -6877,16 +6877,17 @@ static void raid5d(struct md_thread *thread) clear_bit(R5_DID_ALLOC, &conf->cache_state); if ( !list_empty(&conf->bitmap_list)) { /* Now is a good time to flush some bitmap updates */ - conf->seq_flush++; + int seq = READ_ONCE(conf->seq_flush) + 1; + WRITE_ONCE(conf->seq_flush, seq); spin_unlock_irq(&conf->device_lock); if (md_bitmap_enabled(mddev, true)) mddev->bitmap_ops->unplug(mddev, true); spin_lock_irq(&conf->device_lock); - conf->seq_write = conf->seq_flush; + WRITE_ONCE(conf->seq_write, seq); activate_bit_delay(conf, conf->temp_inactive_list); } raid5_activate_delayed(conf); while ((bio = remove_bio_from_retry(conf, &offset))) { -- 2.54.0