diff options
| author | FengWei Shih <dannyshih@synology.com> | 2025-12-26 18:18:16 +0800 |
|---|---|---|
| committer | Yu Kuai <yukuai@fnnas.com> | 2025-12-27 09:54:50 +0800 |
| commit | 2cc583653bbe050bacd1cadcc9776d39bf449740 (patch) | |
| tree | 4043fa6dba43912e22b901e363391ab081f3616a /include/uapi/linux/string.h | |
| parent | 7ad6ef91d8745d04aff9cce7bdbc6320d8e05fe9 (diff) | |
md: suspend array while updating raid_disks via sysfs
In raid1_reshape(), freeze_array() is called before modifying the r1bio
memory pool (conf->r1bio_pool) and conf->raid_disks, and
unfreeze_array() is called after the update is completed.
However, freeze_array() only waits until nr_sync_pending and
(nr_pending - nr_queued) of all buckets reaches zero. When an I/O error
occurs, nr_queued is increased and the corresponding r1bio is queued to
either retry_list or bio_end_io_list. As a result, freeze_array() may
unblock before these r1bios are released.
This can lead to a situation where conf->raid_disks and the mempool have
already been updated while queued r1bios, allocated with the old
raid_disks value, are later released. Consequently, free_r1bio() may
access memory out of bounds in put_all_bios() and release r1bios of the
wrong size to the new mempool, potentially causing issues with the
mempool as well.
Since only normal I/O might increase nr_queued while an I/O error occurs,
suspending the array avoids this issue.
Note: Updating raid_disks via ioctl SET_ARRAY_INFO already suspends
the array. Therefore, we suspend the array when updating raid_disks
via sysfs to avoid this issue too.
Signed-off-by: FengWei Shih <dannyshih@synology.com>
Link: https://lore.kernel.org/linux-raid/20251226101816.4506-1-dannyshih@synology.com
Signed-off-by: Yu Kuai <yukuai@fnnas.com>
Diffstat (limited to 'include/uapi/linux/string.h')
0 files changed, 0 insertions, 0 deletions