Re: [BUG] md: race between bitmap_daemon_work and __bitmap_resize leading to use-after-free

Next message: Kees Cook: "Re: [PATCH v4 0/3] Fix bugs and performance of kstack offset randomisation"
Previous message: Mark Brown: "Re: linux-next: build failure after merge of the perf tree"
In reply to: Jinpu Wang: "[BUG] md: race between bitmap_daemon_work and __bitmap_resize leading to use-after-free"
Next in thread: Jinpu Wang: "Re: [BUG] md: race between bitmap_daemon_work and __bitmap_resize leading to use-after-free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yu Kuai

Date: Mon Jan 19 2026 - 11:44:13 EST

Hi,

在 2026/1/19 23:14, Jinpu Wang 写道:
> We are looking for suggestions on the best way to synchronize this. It
> seems we need to either: a) Ensure the md thread's daemon work is
> stopped/flushed before
>
> __bitmap_resize proceeds with unmapping. b) Protect bitmap->storage
> replacement with a lock that
> bitmap_daemon_work also respects.
>
> Any thoughts on the preferred approach?

create/free/resize and access bitmap other than IO path should all be
protected with mddev->bitmap_info.mutex.

--
Thansk,
Kuai