1. Patchew
  2. linux
  3. View series

[PATCH] md/raid1: fix memory leak in raid1_run() if no active rdev

Zheng Qixing posted 1 patch 10 months, 1 week ago 
drivers/md/raid1.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
[PATCH] md/raid1: fix memory leak in raid1_run() if no active rdev
Posted by Zheng Qixing 10 months, 1 week ago 
From: Zheng Qixing <zhengqixing@huawei.com>

When `raid1_set_limits()` fails or when the array has no active
`rdev`, the allocated memory for `conf` is not properly freed.

Add raid1_free() call to properly free the conf in error path.

Fixes: 799af947ed13 ("md/raid1: don't free conf on raid0_run failure")
Signed-off-by: Zheng Qixing <zhengqixing@huawei.com>
---
 drivers/md/raid1.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index 9d57a88dbd26..a87eb9a3b016 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -45,6 +45,7 @@
 
 static void allow_barrier(struct r1conf *conf, sector_t sector_nr);
 static void lower_barrier(struct r1conf *conf, sector_t sector_nr);
+static void raid1_free(struct mddev *mddev, void *priv);
 
 #define RAID_1_10_NAME "raid1"
 #include "raid1-10.c"
@@ -3258,8 +3259,11 @@ static int raid1_run(struct mddev *mddev)
 
 	if (!mddev_is_dm(mddev)) {
 		ret = raid1_set_limits(mddev);
-		if (ret)
+		if (ret) {
+			if (!mddev->private)
+				raid1_free(mddev, conf);
 			return ret;
+		}
 	}
 
 	mddev->degraded = 0;
@@ -3273,6 +3277,8 @@ static int raid1_run(struct mddev *mddev)
 	 */
 	if (conf->raid_disks - mddev->degraded < 1) {
 		md_unregister_thread(mddev, &conf->thread);
+		if (!mddev->private)
+			raid1_free(mddev, conf);
 		return -EINVAL;
 	}
 
-- 
2.39.2
Re: [PATCH] md/raid1: fix memory leak in raid1_run() if no active rdev
Posted by Yu Kuai 10 months ago 
+CC Christohp

在 2025/02/15 10:01, Zheng Qixing 写道:
> From: Zheng Qixing <zhengqixing@huawei.com>
> 
> When `raid1_set_limits()` fails or when the array has no active
> `rdev`, the allocated memory for `conf` is not properly freed.
> 
> Add raid1_free() call to properly free the conf in error path.
> 
> Fixes: 799af947ed13 ("md/raid1: don't free conf on raid0_run failure")
> Signed-off-by: Zheng Qixing <zhengqixing@huawei.com>
> ---
>   drivers/md/raid1.c | 8 +++++++-
>   1 file changed, 7 insertions(+), 1 deletion(-)
> 

LGTM
Applied to md-6.15

Thanks,
Kuai

> diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
> index 9d57a88dbd26..a87eb9a3b016 100644
> --- a/drivers/md/raid1.c
> +++ b/drivers/md/raid1.c
> @@ -45,6 +45,7 @@
>   
>   static void allow_barrier(struct r1conf *conf, sector_t sector_nr);
>   static void lower_barrier(struct r1conf *conf, sector_t sector_nr);
> +static void raid1_free(struct mddev *mddev, void *priv);
>   
>   #define RAID_1_10_NAME "raid1"
>   #include "raid1-10.c"
> @@ -3258,8 +3259,11 @@ static int raid1_run(struct mddev *mddev)
>   
>   	if (!mddev_is_dm(mddev)) {
>   		ret = raid1_set_limits(mddev);
> -		if (ret)
> +		if (ret) {
> +			if (!mddev->private)
> +				raid1_free(mddev, conf);
>   			return ret;
> +		}
>   	}
>   
>   	mddev->degraded = 0;
> @@ -3273,6 +3277,8 @@ static int raid1_run(struct mddev *mddev)
>   	 */
>   	if (conf->raid_disks - mddev->degraded < 1) {
>   		md_unregister_thread(mddev, &conf->thread);
> +		if (!mddev->private)
> +			raid1_free(mddev, conf);
>   		return -EINVAL;
>   	}
>   
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.