From nobody Sun Feb  8 22:43:27 2026
Received: from sg-1-13.ptr.blmpb.com (sg-1-13.ptr.blmpb.com [118.26.132.13])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C306142A96
	for <linux-kernel@vger.kernel.org>; Sun, 16 Nov 2025 02:18:39 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=118.26.132.13
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1763259522; cv=none;
 b=XKPHtv3LEi/bXy8hq4MAJnS5JBdGJo+llW1H1R3Ztgw5lR/Lu4gujCl8OZcvZRMLe8WSJNR5ZWzIefczAS+qkE8xCoDHWs9fI4YZdAKK4Ya8GHY423lo7bo68VlzfVQIA4OJhmUsGw/sYkLB8TVoLBaVbyANo34Ffjao4A2Hw2Q=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1763259522; c=relaxed/simple;
	bh=TMdF1kgJKOUz9nskYdzF12bvhn21NT6x2xJt4n+ismY=;
	h=Cc:Date:Subject:Message-Id:Mime-Version:To:From:Content-Type;
 b=cxnEYAK90/U73tRmN6Vwfqk68qhHso5b4BOPWBVT2z2eqDSfzRaCUCde+0EsS0qh6dOOZUJUaNrGprV5TCpYT+16oZ4eorvPHZ3DChrA7OByZXv/3eqyEj361SVVZrF19t/JdSdmWJzBXFqJbDO1GCDhTuyBUPV+j1zMk2s76Hg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=fnnas.com;
 spf=none smtp.mailfrom=fnnas.com;
 dkim=pass (2048-bit key) header.d=fnnas-com.20200927.dkim.feishu.cn
 header.i=@fnnas-com.20200927.dkim.feishu.cn header.b=PXgq2VGh;
 arc=none smtp.client-ip=118.26.132.13
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=fnnas.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=fnnas.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fnnas-com.20200927.dkim.feishu.cn
 header.i=@fnnas-com.20200927.dkim.feishu.cn header.b="PXgq2VGh"
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 s=s1; d=fnnas-com.20200927.dkim.feishu.cn; t=1763259511;
  h=from:subject:mime-version:from:date:message-id:subject:to:cc:
 reply-to:content-type:mime-version:in-reply-to:message-id;
 bh=6WsD9BJQtsRR+smlKiizWPS+F1NxeC+sTyBGvFqHxec=;
 b=PXgq2VGhrJrMBJnZh8i2DjW4xx7wMmbB2A1fK8LEK8nVicYj0o7e26Jh76jnyQ9SSss/Tu
 usa1trle9PjOI9HlBNM/3/nW8Jrupczv4SRk0xw0h7Z2SUp/WIgDfwGsNLLNO/KLDIoVNh
 Qxdj8sisLdPvS0XmWZ/bsTCmrDJuo6Rt6la8A4Rxs980z8JI272yUWJwzX05ddJjj0pqPo
 /PIdI+P5Wru6EYQafhcgpF5QokqSjDAB/79zJszf9bbcMFZyQ4hCgl9sPIuLKVh32T1pQK
 qrqXH0aZI9TopeLlM9sX7myEu8MKZWsvBbAB6nP6qJwjXZxTvY3v0My0wGwJXg==
Cc: <yukuai@fnnas.com>, <linan122@huawei.com>, <xni@redhat.com>,
	<czhong@redhat.com>
Date: Sun, 16 Nov 2025 10:18:16 +0800
X-Original-From: Yu Kuai <yukuai@fnnas.com>
Received: from localhost.localdomain ([39.182.0.135]) by smtp.feishu.cn with
 ESMTPS; Sun, 16 Nov 2025 10:18:29 +0800
X-Lms-Return-Path: <lba+269193475+ab8bc9+vger.kernel.org+yukuai@fnnas.com>
Subject: [PATCH] md/raid0: fix NULL pointer dereference in
 create_strip_zones() for dm-raid
Message-Id: <20251116021816.107648-1-yukuai@fnnas.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
To: <song@kernel.org>, <linux-raid@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>
From: "Yu Kuai" <yukuai@fnnas.com>
X-Mailer: git-send-email 2.51.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Commit 2107457e31fa ("md/raid0: Move queue limit setup before r0conf
initialization") dereference mddev->gendisk unconditionally, which is
NULL for dm-raid.

Fix this problem by reverting to old codes for dm-raid.

Fixes: 2107457e31fa ("md/raid0: Move queue limit setup before r0conf initia=
lization")
Reported-and-tested-by: Changhui Zhong <czhong@redhat.com>
Closes: https://lore.kernel.org/all/CAGVVp+VqVnvGeneUoTbYvBv2cw6GwQRrR3B-iQ=
-_9rVfyumoKA@mail.gmail.com/
Signed-off-by: Yu Kuai <yukuai@fnnas.com>
Reviewed-by: Li Nan <linan122@huawei.com>
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Xiao Ni <xni@redhat.com>
---
 drivers/md/raid0.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
index 47aee1b1d4d1..985c377356eb 100644
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -68,7 +68,10 @@ static int create_strip_zones(struct mddev *mddev, struc=
t r0conf **private_conf)
 	struct strip_zone *zone;
 	int cnt;
 	struct r0conf *conf =3D kzalloc(sizeof(*conf), GFP_KERNEL);
-	unsigned int blksize =3D queue_logical_block_size(mddev->gendisk->queue);
+	unsigned int blksize =3D 512;
+
+	if (!mddev_is_dm(mddev))
+		blksize =3D queue_logical_block_size(mddev->gendisk->queue);
=20
 	*private_conf =3D ERR_PTR(-ENOMEM);
 	if (!conf)
@@ -84,6 +87,10 @@ static int create_strip_zones(struct mddev *mddev, struc=
t r0conf **private_conf)
 		sector_div(sectors, mddev->chunk_sectors);
 		rdev1->sectors =3D sectors * mddev->chunk_sectors;
=20
+		if (mddev_is_dm(mddev))
+			blksize =3D max(blksize, queue_logical_block_size(
+				      rdev1->bdev->bd_disk->queue));
+
 		rdev_for_each(rdev2, mddev) {
 			pr_debug("md/raid0:%s:   comparing %pg(%llu)"
 				 " with %pg(%llu)\n",
--=20
2.51.0