From: Abd-Alrhman Masalkhi <abd.masalkhi@gmail.com>
To: yu kuai <yukuai@fygo.io>, sashiko-reviews@lists.linux.dev
Cc: linux-raid@vger.kernel.org, yukuai@fygo.io
Subject: Re: [PATCH v2 2/4] md/raid10: fix writes_pending leak on write request failures
Date: Sun, 21 Jun 2026 13:05:46 +0200 [thread overview]
Message-ID: <m21pe02lx1.fsf@gmail.com> (raw)
In-Reply-To: <ecaef394-23a2-43ec-a85b-2e25786914aa@fygo.io>
Hi Kaui,
On Sun, Jun 21, 2026 at 02:25 +0800, yu kuai wrote:
> Hi,
>
> 在 2026/6/14 2:40, sashiko-bot@kernel.org 写道:
>> Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
>>
>> Pre-existing issues:
>> - [High] The `r10_bio` structure allocated from the mempool is leaked when `raid10_write_request()` bails out early due to `REQ_NOWAIT`.
>> --
> This looks like a real issue, do you plan to fix this as well?
Yes, I plan to fix that issue as well. I'll include this fix along with
the other patches.
>>
>> commit 3940ccdb4c7c7e19c20f9b5e2e1d12545c2558b5
>> Author: Abd-Alrhman Masalkhi <abd.masalkhi@gmail.com>
>>
>> md/raid10: fix writes_pending leak on write request failures
>>
>> raid10_make_request() acquires a writes_pending reference with
>> md_write_start() before dispatching write requests. Several failure
>> paths in raid10_write_request() complete the bio and return without
>> reaching the normal write completion path, causing the corresponding
>> md_write_end() to be skipped.
>>
>>> diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
>>> index cee5a253a281d..c123a8c76ddcd 100644
>>> --- a/drivers/md/raid10.c
>>> +++ b/drivers/md/raid10.c
>> [ ... ]
>>> @@ -1365,7 +1365,7 @@ static void raid10_write_request(struct mddev *mddev, struct bio *bio,
>>> /* Bail out if REQ_NOWAIT is set for the bio */
>>> if (bio->bi_opf & REQ_NOWAIT) {
>>> bio_wouldblock_error(bio);
>>> - return;
>>> + return false;
>> [Severity: High]
>> This isn't a bug introduced by this patch, but does this early return leak
>> the r10_bio structure?
>>
>> __make_request() allocates r10_bio using:
>> r10_bio = mempool_alloc(&conf->r10bio_pool, GFP_NOIO);
>>
>> It then passes it to raid10_write_request(). When the bio has REQ_NOWAIT set
>> during a clustered area resync, we complete the bio with an error and return
>> false without freeing the r10_bio. Could repeatedly triggering this exhaust
>> the r10bio_pool, causing deadlocks on subsequent operations?
>>
>> Note that the regular_request_wait() error path right below correctly calls
>> free_r10bio(r10_bio) before returning.
>>
>>> }
>>> for (;;) {
>> [ ... ]
>>> @@ -1398,7 +1398,7 @@ static void raid10_write_request(struct mddev *mddev, struct bio *bio,
>>> if (bio->bi_opf & REQ_NOWAIT) {
>>> allow_barrier(conf);
>>> bio_wouldblock_error(bio);
>>> - return;
>>> + return false;
>> [Severity: High]
>> This is a pre-existing issue, but does this path also leak the r10_bio
>> mempool allocation when waiting for a reshape metadata update?
>>
>> Similar to the clustered area resync case above, the r10_bio allocated in
>> __make_request() does not appear to be freed before returning here.
>>
>>> }
>>> mddev_add_trace_msg(conf->mddev,
>
> --
> Thanks,
> Kuai
--
Best Regards,
Abd-Alrhman
next prev parent reply other threads:[~2026-06-21 11:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-13 18:28 [PATCH v2 0/4] md/raid1,raid10: fix write-path reference leaks and clean up error handling Abd-Alrhman Masalkhi
2026-06-13 18:28 ` [PATCH v2 1/4] md/raid1: fix writes_pending and barrier reference leaks on write failures Abd-Alrhman Masalkhi
2026-06-13 18:28 ` [PATCH v2 2/4] md/raid10: fix writes_pending leak on write request failures Abd-Alrhman Masalkhi
2026-06-13 18:40 ` sashiko-bot
2026-06-20 18:25 ` yu kuai
2026-06-21 11:05 ` Abd-Alrhman Masalkhi [this message]
2026-06-13 18:28 ` [PATCH v2 3/4] md/raid10: fix writes_pending and barrier reference leaks on discard failures Abd-Alrhman Masalkhi
2026-06-13 18:28 ` [PATCH v2 4/4] md/raid1: simplify raid1_write_request() error handling Abd-Alrhman Masalkhi
2026-06-13 18:47 ` sashiko-bot
2026-06-15 8:11 ` Abd-Alrhman Masalkhi
2026-06-20 18:31 ` [PATCH v2 0/4] md/raid1,raid10: fix write-path reference leaks and clean up " yu kuai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m21pe02lx1.fsf@gmail.com \
--to=abd.masalkhi@gmail.com \
--cc=linux-raid@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=yukuai@fygo.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox