md/raid1: fix memory leak in raid1_run()

raid1_run() calls setup_conf() which registers a thread via
md_register_thread(). If raid1_set_limits() fails, the previously
registered thread is not unregistered, resulting in a memory leak
of the md_thread structure and the thread resource itself.

Add md_unregister_thread() to the error path to properly cleanup
the thread, which aligns with the error handling logic of other paths
in this function.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

Link: https://lore.kernel.org/linux-raid/20260126071533.606263-1-zilin@seu.edu.cn
Fixes: 97894f7d3c29 ("md/raid1: use the atomic queue limit update APIs")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Reviewed-by: Li Nan <linan122@huawei.com>
Signed-off-by: Yu Kuai <yukuai@fnnas.com>

diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index 79faec11b79ea81190a4571a22858ff071441ffa..867db18bc3ba1be4124722d304d72a730e1750cb 100644 (file)
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -3236,6 +3236,7 @@ static int raid1_run(struct mddev *mddev)
        if (!mddev_is_dm(mddev)) {
                ret = raid1_set_limits(mddev);
                if (ret) {
+                       md_unregister_thread(mddev, &conf->thread);
                        if (!mddev->private)
                                raid1_free(mddev, conf);
                        return ret;