1. Patchew
  2. linux
  3. View series

[PATCH] md/raid1: fix memory leak in raid1_run()

Zilin Guan posted 1 patch 1 week, 6 days ago 
drivers/md/raid1.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] md/raid1: fix memory leak in raid1_run()
Posted by Zilin Guan 1 week, 6 days ago 
raid1_run() calls setup_conf() which registers a thread via
md_register_thread(). If raid1_set_limits() fails, the previously
registered thread is not unregistered, resulting in a memory leak
of the md_thread structure and the thread resource itself.

Add md_unregister_thread() to the error path to properly cleanup
the thread, which aligns with the error handling logic of other paths
in this function.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

Fixes: 97894f7d3c29 ("md/raid1: use the atomic queue limit update APIs")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
---
 drivers/md/raid1.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index 57d50465eed1..cc9914bd15c1 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -3254,6 +3254,7 @@ static int raid1_run(struct mddev *mddev)
 	if (!mddev_is_dm(mddev)) {
 		ret = raid1_set_limits(mddev);
 		if (ret) {
+			md_unregister_thread(mddev, &conf->thread);
 			if (!mddev->private)
 				raid1_free(mddev, conf);
 			return ret;
-- 
2.34.1
Re: [PATCH] md/raid1: fix memory leak in raid1_run()
Posted by Li Nan 1 week, 1 day ago 

在 2026/1/26 15:15, Zilin Guan 写道:
> raid1_run() calls setup_conf() which registers a thread via
> md_register_thread(). If raid1_set_limits() fails, the previously
> registered thread is not unregistered, resulting in a memory leak
> of the md_thread structure and the thread resource itself.
> 
> Add md_unregister_thread() to the error path to properly cleanup
> the thread, which aligns with the error handling logic of other paths
> in this function.
> 
> Compile tested only. Issue found using a prototype static analysis tool
> and code review.
> 
> Fixes: 97894f7d3c29 ("md/raid1: use the atomic queue limit update APIs")
> Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
> ---
>   drivers/md/raid1.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
> index 57d50465eed1..cc9914bd15c1 100644
> --- a/drivers/md/raid1.c
> +++ b/drivers/md/raid1.c
> @@ -3254,6 +3254,7 @@ static int raid1_run(struct mddev *mddev)
>   	if (!mddev_is_dm(mddev)) {
>   		ret = raid1_set_limits(mddev);
>   		if (ret) {
> +			md_unregister_thread(mddev, &conf->thread);
>   			if (!mddev->private)
>   				raid1_free(mddev, conf);
>   			return ret;

LGTM

Reviewed-by: Li Nan <linan122@huawei.com>

-- 
Thanks,
Nan

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.