Commit 6abc7d5d authored Jan 26, 2026 by Zilin Guan Committed by Yu Kuai Feb 02, 2026

md/raid1: fix memory leak in raid1_run()

raid1_run() calls setup_conf() which registers a thread via
md_register_thread(). If raid1_set_limits() fails, the previously
registered thread is not unregistered, resulting in a memory leak
of the md_thread structure and the thread resource itself.

Add md_unregister_thread() to the error path to properly cleanup
the thread, which aligns with the error handling logic of other paths
in this function.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

Link: https://lore.kernel.org/linux-raid/20260126071533.606263-1-zilin@seu.edu.cn


Fixes: 97894f7d ("md/raid1: use the atomic queue limit update APIs")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Reviewed-by: Li Nan <linan122@huawei.com>
Signed-off-by: Yu Kuai <yukuai@fnnas.com>

parent 5314d25a

drivers/md/raid1.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -3236,6 +3236,7 @@ static int raid1_run(struct mddev *mddev)
		if (!mddev_is_dm(mddev)) {
		ret = raid1_set_limits(mddev);
		if (ret) {
		md_unregister_thread(mddev, &conf->thread);
		if (!mddev->private)
		raid1_free(mddev, conf);
		return ret;