From: Su Yue <l@damenly.org>
To: Li Nan <linan666@huaweicloud.com>
Cc: Su Yue <glass.su@suse.com>,
linux-raid@vger.kernel.org, song@kernel.org, xni@redhat.com,
yukuai@fnnas.com, heming.zhao@suse.com
Subject: Re: [PATCH v2 1/5] md/md-bitmap: call md_bitmap_create,destroy in location_store
Date: Mon, 13 Apr 2026 18:18:32 +0800 [thread overview]
Message-ID: <340z9n9j.fsf@damenly.org> (raw)
In-Reply-To: <5fae3215-4280-fc77-f9e0-2f607176fcd3@huaweicloud.com> (Li Nan's message of "Mon, 13 Apr 2026 15:47:54 +0800")
aOn Mon 13 Apr 2026 at 15:47, Li Nan <linan666@huaweicloud.com>
wrote:
> 在 2026/4/7 18:26, Su Yue 写道:
>> If bitmap/location is present, mdadm will call
>> update_array_info()
>> while growing bitmap from none to internal via
>> location_store().
>> md_bitmap_create() is needed to set mddev->bitmap_ops otherwise
>> mddev->bitmap_ops->get_stats() in update_array_info() will
>> trigger
>> kernel NULL pointer dereference.
>> Fixes: fb8cc3b0d9db ("md/md-bitmap: delay registration of
>> bitmap_ops until
>> creating bitmap")
>> Signed-off-by: Su Yue <glass.su@suse.com>
>> ---
>> drivers/md/md-bitmap.c | 11 ++++++++---
>> drivers/md/md.c | 4 ++--
>> drivers/md/md.h | 2 ++
>> 3 files changed, 12 insertions(+), 5 deletions(-)
>> diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
>> index 83378c033c72..2f24aae05552 100644
>> --- a/drivers/md/md-bitmap.c
>> +++ b/drivers/md/md-bitmap.c
>> @@ -2618,7 +2618,7 @@ location_store(struct mddev *mddev, const
>> char *buf, size_t len)
>> goto out;
>> }
>> - bitmap_destroy(mddev);
>> + md_bitmap_destroy(mddev);
>> mddev->bitmap_info.offset = 0;
>> if (mddev->bitmap_info.file) {
>> struct file *f = mddev->bitmap_info.file;
>> @@ -2653,15 +2653,20 @@ location_store(struct mddev *mddev,
>> const char *buf, size_t len)
>> goto out;
>> }
>> + /*
>> + * lockless bitmap shoudle have set bitmap_id
>> + * using bitmap_type, so always ID_BITMAP.
>> + */
>> + mddev->bitmap_id = ID_BITMAP;
>> mddev->bitmap_info.offset = offset;
>> - rv = bitmap_create(mddev);
>> + rv = md_bitmap_create(mddev);
>> if (rv)
>> goto out;
>> rv = bitmap_load(mddev);
>
> mddev->bitmap_ops->load() should also be used here.
/NOD.
location_store() is only used for ID_BITMAP_NONE and ID_BITMAP, so
mddev->bitmap_ops->load() is always bitmap_load().
But for code consistency, mddev->bitmap_ops->load() is better,
will fix it.
--
Su
next prev parent reply other threads:[~2026-04-13 10:23 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-07 10:26 [PATCH v2 0/5] md: bitmap grow fixes Su Yue
2026-04-07 10:26 ` [PATCH v2 1/5] md/md-bitmap: call md_bitmap_create,destroy in location_store Su Yue
2026-04-13 7:47 ` Li Nan
2026-04-13 10:18 ` Su Yue [this message]
2026-04-15 10:34 ` Xiao Ni
2026-04-16 14:08 ` Su Yue
2026-04-07 10:26 ` [PATCH v2 2/5] md/md-bitmap: add an extra sysfs argument to md_bitmap_create and destroy Su Yue
2026-04-07 10:26 ` [PATCH v2 3/5] md/md-bitmap: add dummy bitmap ops for none to fix wrong bitmap offset Su Yue
2026-04-07 10:26 ` [PATCH v2 4/5] md: skip ID_BITMAP_NONE when show available bitmap types Su Yue
2026-04-13 8:15 ` Li Nan
2026-04-13 10:23 ` Su Yue
2026-04-07 10:26 ` [PATCH v2 5/5] md/md-bitmap: remove member group from bitmap_operations Su Yue
2026-04-16 14:10 ` [PATCH v2 0/5] md: bitmap grow fixes Su Yue
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=340z9n9j.fsf@damenly.org \
--to=l@damenly.org \
--cc=glass.su@suse.com \
--cc=heming.zhao@suse.com \
--cc=linan666@huaweicloud.com \
--cc=linux-raid@vger.kernel.org \
--cc=song@kernel.org \
--cc=xni@redhat.com \
--cc=yukuai@fnnas.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox