On Thu, Jan 11, 2024 at 11:10 PM Gui-Dong Han <2045gemini@xxxxxxxxx> wrote:
>
[...]
>
> raid5_release_stripe(sh);
> - conf->max_nr_stripes++;
> + WRITE_ONCE(conf->max_nr_stripes, conf->max_nr_stripes + 1);
This is weird. We are reading max_nr_stripes without READ_ONCE.
> return 1;
> }
>
> @@ -2707,7 +2707,7 @@ static int drop_one_stripe(struct r5conf *conf)
> shrink_buffers(sh);
> free_stripe(conf->slab_cache, sh);
> atomic_dec(&conf->active_stripes);
> - conf->max_nr_stripes--;
> + WRITE_ONCE(conf->max_nr_stripes, conf->max_nr_stripes - 1);
Same here.
> return 1;
> }
>
> @@ -6820,7 +6820,7 @@ raid5_set_cache_size(struct mddev *mddev, int size)
> if (size <= 16 || size > 32768)
> return -EINVAL;
>
> - conf->min_nr_stripes = size;
> + WRITE_ONCE(conf->min_nr_stripes, size);
> mutex_lock(&conf->cache_size_mutex);
> while (size < conf->max_nr_stripes &&
> drop_one_stripe(conf))
> @@ -6832,7 +6832,7 @@ raid5_set_cache_size(struct mddev *mddev, int size)
> mutex_lock(&conf->cache_size_mutex);
> while (size > conf->max_nr_stripes)
> if (!grow_one_stripe(conf, GFP_KERNEL)) {
> - conf->min_nr_stripes = conf->max_nr_stripes;
> + WRITE_ONCE(conf->min_nr_stripes, conf->max_nr_stripes);
And here.
> result = -ENOMEM;
> break;
> }
Thanks,
Song
