Re: [BUG] md: race between bitmap_daemon_work and __bitmap_resize leading to use-after-free

Next message: Andy Lutomirski: "Re: [PATCH 0/2] mount: add OPEN_TREE_NAMESPACE"
Previous message: Andy Shevchenko: "Re: [PATCH v1 4/8] iio: dac: ds4424: reject -128 RAW value"
In reply to: Yu Kuai: "Re: [BUG] md: race between bitmap_daemon_work and __bitmap_resize leading to use-after-free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jinpu Wang

Date: Mon Jan 19 2026 - 14:05:24 EST

Hi Kuai,

On Mon, Jan 19, 2026 at 5:44 PM Yu Kuai <yukuai@xxxxxxxxx> wrote:
>
> Hi,
>
> 在 2026/1/19 23:14, Jinpu Wang 写道:
> > We are looking for suggestions on the best way to synchronize this. It
> > seems we need to either: a) Ensure the md thread's daemon work is
> > stopped/flushed before
> >
> > __bitmap_resize proceeds with unmapping. b) Protect bitmap->storage
> > replacement with a lock that
> > bitmap_daemon_work also respects.
> >
> > Any thoughts on the preferred approach?
>
> create/free/resize and access bitmap other than IO path should all be
> protected with mddev->bitmap_info.mutex.

Thx for the suggestion, I will work on a fix.
>
> --
> Thansk,
> Kuai
Jinpu