[PATCH v5 3/3] md/raid10: free r10bio before ending master_bio in raid_end_bio_io()
From: Chen Cheng
Date: Mon Jun 22 2026 - 08:16:05 EST
From: Chen Cheng <chencheng@xxxxxxxxx>
origin flow:
bio_endio(master_bio); /* may drop active_io to zero */
allow_barrier(conf);
free_r10bio(r10_bio); /* reads conf->geo, returns to pool */
one scenario is:
CPU A (softirq, raid_end_bio_io) CPU B (action_store) --> reshape
================================ ===============================
bio_endio(master_bio)
md_end_clone_io
percpu_ref_put -> 0
wait_event wakeup, and,
mddev_suspend return
raid10_start_reshape:
setup_geo(&conf->geo, new)
...
mempool_destroy(old_pool)
conf->r10bio_pool = new_pool
allow_barrier(conf)
free_r10bio(r10_bio)
put_all_bios:
for (i=0; i<conf->geo.raid_disks; i++)
==> old obj, new geo, OOB
mempool_free(r10_bio, conf->r10bio_pool)
==> old-geometry obj freed into new pool
so .. fix by reorder the flow:
free_r10bio(r10_bio)
allow_barrier(conf)
bio_endio(master_io)
Signed-off-by: Chen Cheng <chencheng@xxxxxxxxx>
---
drivers/md/raid10.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index d740744a9746..a4642c903b20 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -330,24 +330,27 @@ static void reschedule_retry(struct r10bio *r10_bio)
*/
static void raid_end_bio_io(struct r10bio *r10_bio)
{
struct bio *bio = r10_bio->master_bio;
struct r10conf *conf = r10_bio->mddev->private;
+ bool returned = test_and_set_bit(R10BIO_Returned, &r10_bio->state);
+ blk_status_t status = test_bit(R10BIO_Uptodate, &r10_bio->state)
+ ? BLK_STS_OK : BLK_STS_IOERR;
- if (!test_and_set_bit(R10BIO_Returned, &r10_bio->state)) {
- if (!test_bit(R10BIO_Uptodate, &r10_bio->state))
- bio->bi_status = BLK_STS_IOERR;
- bio_endio(bio);
- }
+ put_all_bios(conf, r10_bio);
+ mempool_free(r10_bio, conf->r10bio_pool);
/*
* Wake up any possible resync thread that waits for the device
* to go idle.
*/
allow_barrier(conf);
- free_r10bio(r10_bio);
+ if (!returned) {
+ bio->bi_status = status;
+ bio_endio(bio);
+ }
}
/*
* Update disk head position estimator based on IRQ completion info.
*/
--
2.54.0