* [PATCH 1/1] Don't set mddev private to NULL in raid0 pers->free
@ 2022-04-29 5:09 Xiao Ni
2022-05-09 6:24 ` Song Liu
0 siblings, 1 reply; 4+ messages in thread
From: Xiao Ni @ 2022-04-29 5:09 UTC (permalink / raw)
To: song; +Cc: linux-raid, ncroxon, heinzm, ffan
It panics when reshaping from raid0 to other raid levels. raid0 sets
mddev->private to NULL. It's the reason that causes the problem.
Function level_store finds new pers and create new conf, then it
calls oldpers->free. In oldpers->free, raid0 sets mddev->private
to NULL again. And __md_stop is the right position to set
mddev->private to NULL.
And this patch also deletes double free memory codes. io_acct_set
is free in pers->free.
Fixes: 0c031fd37f69 (md: Move alloc/free acct bioset in to personality)
Reported-by: Fine Fan <ffan@redhat.com>
Signed-off-by: Xiao Ni <xni@redhat.com>
---
drivers/md/md.c | 4 ----
drivers/md/raid0.c | 1 -
2 files changed, 5 deletions(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 707e802..55b6412e 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -5598,8 +5598,6 @@ static void md_free(struct kobject *ko)
bioset_exit(&mddev->bio_set);
bioset_exit(&mddev->sync_set);
- if (mddev->level != 1 && mddev->level != 10)
- bioset_exit(&mddev->io_acct_set);
kfree(mddev);
}
@@ -6285,8 +6283,6 @@ void md_stop(struct mddev *mddev)
__md_stop(mddev);
bioset_exit(&mddev->bio_set);
bioset_exit(&mddev->sync_set);
- if (mddev->level != 1 && mddev->level != 10)
- bioset_exit(&mddev->io_acct_set);
}
EXPORT_SYMBOL_GPL(md_stop);
diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
index e11701e..5fa0d40 100644
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -362,7 +362,6 @@ static void free_conf(struct mddev *mddev, struct r0conf *conf)
kfree(conf->strip_zone);
kfree(conf->devlist);
kfree(conf);
- mddev->private = NULL;
}
static void raid0_free(struct mddev *mddev, void *priv)
--
2.7.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] Don't set mddev private to NULL in raid0 pers->free
2022-04-29 5:09 [PATCH 1/1] Don't set mddev private to NULL in raid0 pers->free Xiao Ni
@ 2022-05-09 6:24 ` Song Liu
2022-05-11 16:15 ` Xiao Ni
0 siblings, 1 reply; 4+ messages in thread
From: Song Liu @ 2022-05-09 6:24 UTC (permalink / raw)
To: Xiao Ni; +Cc: linux-raid, Nigel Croxon, Heinz Mauelshagen, Fine Fan
Hi Xiao,
Thanks for the patch!
On Thu, Apr 28, 2022 at 10:09 PM Xiao Ni <xni@redhat.com> wrote:
>
prefix the subject with "md:", and provide more details.
> It panics when reshaping from raid0 to other raid levels. raid0 sets
> mddev->private to NULL. It's the reason that causes the problem.
> Function level_store finds new pers and create new conf, then it
> calls oldpers->free. In oldpers->free, raid0 sets mddev->private
> to NULL again. And __md_stop is the right position to set
> mddev->private to NULL.
We need more details here: the panic backtrace, and why it panics.
raid5_free also sets private to NULL. Does it has the same problem?
>
> And this patch also deletes double free memory codes. io_acct_set
> is free in pers->free.
Please put this part in a separate patch.
Thanks,
Song
>
> Fixes: 0c031fd37f69 (md: Move alloc/free acct bioset in to personality)
> Reported-by: Fine Fan <ffan@redhat.com>
> Signed-off-by: Xiao Ni <xni@redhat.com>
> ---
> drivers/md/md.c | 4 ----
> drivers/md/raid0.c | 1 -
> 2 files changed, 5 deletions(-)
>
> diff --git a/drivers/md/md.c b/drivers/md/md.c
> index 707e802..55b6412e 100644
> --- a/drivers/md/md.c
> +++ b/drivers/md/md.c
> @@ -5598,8 +5598,6 @@ static void md_free(struct kobject *ko)
>
> bioset_exit(&mddev->bio_set);
> bioset_exit(&mddev->sync_set);
> - if (mddev->level != 1 && mddev->level != 10)
> - bioset_exit(&mddev->io_acct_set);
> kfree(mddev);
> }
>
> @@ -6285,8 +6283,6 @@ void md_stop(struct mddev *mddev)
> __md_stop(mddev);
> bioset_exit(&mddev->bio_set);
> bioset_exit(&mddev->sync_set);
> - if (mddev->level != 1 && mddev->level != 10)
> - bioset_exit(&mddev->io_acct_set);
> }
>
> EXPORT_SYMBOL_GPL(md_stop);
> diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
> index e11701e..5fa0d40 100644
> --- a/drivers/md/raid0.c
> +++ b/drivers/md/raid0.c
> @@ -362,7 +362,6 @@ static void free_conf(struct mddev *mddev, struct r0conf *conf)
> kfree(conf->strip_zone);
> kfree(conf->devlist);
> kfree(conf);
> - mddev->private = NULL;
> }
>
> static void raid0_free(struct mddev *mddev, void *priv)
> --
> 2.7.5
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] Don't set mddev private to NULL in raid0 pers->free
2022-05-09 6:24 ` Song Liu
@ 2022-05-11 16:15 ` Xiao Ni
2022-05-11 21:34 ` Song Liu
0 siblings, 1 reply; 4+ messages in thread
From: Xiao Ni @ 2022-05-11 16:15 UTC (permalink / raw)
To: Song Liu; +Cc: linux-raid, Nigel Croxon, Heinz Mauelshagen, Fine Fan
On Mon, May 9, 2022 at 2:24 PM Song Liu <song@kernel.org> wrote:
>
> Hi Xiao,
>
> Thanks for the patch!
>
> On Thu, Apr 28, 2022 at 10:09 PM Xiao Ni <xni@redhat.com> wrote:
> >
>
> prefix the subject with "md:", and provide more details.
Hi Song
Thanks for pointing about this and I will add "md:" in v2.
>
> > It panics when reshaping from raid0 to other raid levels. raid0 sets
> > mddev->private to NULL. It's the reason that causes the problem.
> > Function level_store finds new pers and create new conf, then it
> > calls oldpers->free. In oldpers->free, raid0 sets mddev->private
> > to NULL again. And __md_stop is the right position to set
> > mddev->private to NULL.
>
> We need more details here: the panic backtrace, and why it panics.
> raid5_free also sets private to NULL. Does it has the same problem?
The backtrace will be added in v2.
I don't find raid5_free sets mddev->private to NULL.
The normal process of stopping a raid should be like this:
do_md_stop
|
__md_stop (pers->free(); mddev->private=NULL)
|
md_free (free biosets of mddev; free mddev)
personality raid doesn't set mddev->private to NULL. __md_stop does this job.
Reshaping from raid0 to raid other raid level doesn't stop the raid.
The new raid
will go on working. Now raid0_free->free_conf sets mddev->private to NULL during
reshape. The new raid can't work anymore. It will panic when dereference
mddev->private because of NULL pointer dereference.
>
> >
> > And this patch also deletes double free memory codes. io_acct_set
> > is free in pers->free.
>
> Please put this part in a separate patch.
will do this in v2
Regards
Xiao
>
> Thanks,
> Song
>
> >
> > Fixes: 0c031fd37f69 (md: Move alloc/free acct bioset in to personality)
> > Reported-by: Fine Fan <ffan@redhat.com>
> > Signed-off-by: Xiao Ni <xni@redhat.com>
> > ---
> > drivers/md/md.c | 4 ----
> > drivers/md/raid0.c | 1 -
> > 2 files changed, 5 deletions(-)
> >
> > diff --git a/drivers/md/md.c b/drivers/md/md.c
> > index 707e802..55b6412e 100644
> > --- a/drivers/md/md.c
> > +++ b/drivers/md/md.c
> > @@ -5598,8 +5598,6 @@ static void md_free(struct kobject *ko)
> >
> > bioset_exit(&mddev->bio_set);
> > bioset_exit(&mddev->sync_set);
> > - if (mddev->level != 1 && mddev->level != 10)
> > - bioset_exit(&mddev->io_acct_set);
> > kfree(mddev);
> > }
> >
> > @@ -6285,8 +6283,6 @@ void md_stop(struct mddev *mddev)
> > __md_stop(mddev);
> > bioset_exit(&mddev->bio_set);
> > bioset_exit(&mddev->sync_set);
> > - if (mddev->level != 1 && mddev->level != 10)
> > - bioset_exit(&mddev->io_acct_set);
> > }
> >
> > EXPORT_SYMBOL_GPL(md_stop);
> > diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
> > index e11701e..5fa0d40 100644
> > --- a/drivers/md/raid0.c
> > +++ b/drivers/md/raid0.c
> > @@ -362,7 +362,6 @@ static void free_conf(struct mddev *mddev, struct r0conf *conf)
> > kfree(conf->strip_zone);
> > kfree(conf->devlist);
> > kfree(conf);
> > - mddev->private = NULL;
> > }
> >
> > static void raid0_free(struct mddev *mddev, void *priv)
> > --
> > 2.7.5
> >
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] Don't set mddev private to NULL in raid0 pers->free
2022-05-11 16:15 ` Xiao Ni
@ 2022-05-11 21:34 ` Song Liu
0 siblings, 0 replies; 4+ messages in thread
From: Song Liu @ 2022-05-11 21:34 UTC (permalink / raw)
To: Xiao Ni; +Cc: linux-raid, Nigel Croxon, Heinz Mauelshagen, Fine Fan
On Wed, May 11, 2022 at 9:14 AM Xiao Ni <xni@redhat.com> wrote:
>
> On Mon, May 9, 2022 at 2:24 PM Song Liu <song@kernel.org> wrote:
> >
> > Hi Xiao,
> >
> > Thanks for the patch!
> >
> > On Thu, Apr 28, 2022 at 10:09 PM Xiao Ni <xni@redhat.com> wrote:
> > >
> >
> > prefix the subject with "md:", and provide more details.
>
> Hi Song
>
> Thanks for pointing about this and I will add "md:" in v2.
> >
> > > It panics when reshaping from raid0 to other raid levels. raid0 sets
> > > mddev->private to NULL. It's the reason that causes the problem.
> > > Function level_store finds new pers and create new conf, then it
> > > calls oldpers->free. In oldpers->free, raid0 sets mddev->private
> > > to NULL again. And __md_stop is the right position to set
> > > mddev->private to NULL.
> >
> > We need more details here: the panic backtrace, and why it panics.
> > raid5_free also sets private to NULL. Does it has the same problem?
>
> The backtrace will be added in v2.
>
> I don't find raid5_free sets mddev->private to NULL.
> The normal process of stopping a raid should be like this:
>
> do_md_stop
> |
> __md_stop (pers->free(); mddev->private=NULL)
> |
> md_free (free biosets of mddev; free mddev)
>
> personality raid doesn't set mddev->private to NULL. __md_stop does this job.
> Reshaping from raid0 to raid other raid level doesn't stop the raid.
> The new raid
> will go on working. Now raid0_free->free_conf sets mddev->private to NULL during
> reshape. The new raid can't work anymore. It will panic when dereference
> mddev->private because of NULL pointer dereference.
Got it. Thanks for the explanation.
Thanks,
Song
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-05-11 21:35 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-29 5:09 [PATCH 1/1] Don't set mddev private to NULL in raid0 pers->free Xiao Ni
2022-05-09 6:24 ` Song Liu
2022-05-11 16:15 ` Xiao Ni
2022-05-11 21:34 ` Song Liu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.