Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp697229pxb;
        Tue, 5 Apr 2022 19:12:06 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyvv8iLibQtQT3TGEuQXiPCfdqWMOor3dcQ41+VmRynhiI9+WwmPyIgS6YhxeOYU+3oJmOX
X-Received: by 2002:a17:907:da0:b0:6df:d4a4:9d0f with SMTP id go32-20020a1709070da000b006dfd4a49d0fmr6425041ejc.407.1649211126580;
        Tue, 05 Apr 2022 19:12:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649211126; cv=none;
        d=google.com; s=arc-20160816;
        b=UM/tc7V1Z0diUDsTvdn8uEjP2beWdlnn693OPh3XvWrbHoG2X+45xVDxuzycx8FIva
         TgKBkwfeCQkvCcLl2G7AfUJO6VeWzlCBLtzSXe1qb3bfBZobA9Fg3Si39i5+n28u2E5p
         LqqZ2NCrbVYvXAnOBYz7RIW5JsbFpPCP5lkyy8cjg2MyAuJsnV9qzyS4SQoBFDC00HiB
         0+X/hz5es7LnreivexHS2LtuGboKBxjMRRBhpFUsZ1GhdDInpp2zz91kZkBbsDDzjiKz
         aDH1PwPA9cIGwIAkL4gm5XXGMIeUpjiZbUYjb/JRqvJvOtCDxeebsAHw1vNyCS+a/Dvo
         U7sQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=swHCvxKXuMoF68o4KTmqm4Szi7JCWUhCEIOk2Hep/ng=;
        b=xE7rF7ivpVHMI/HMQF81tr+E7/o9r0/QzrpjvwekoI44xB8H42In66CRLFD2qlRV2P
         ZC8b1QAj/fObWHuvMYmrCOOy11P+DUnsAARaai22Y7H8/JiT3200O2LipL1tcepX000H
         U7b9D2txeNif3f3mO2VDPqtbi7zihejZ5+ch0H+XMg7uDUf81y4UCnB8kL/RrrtMn8Xn
         TvQRhkdLg1oCePvRTc3z/JSthysjDZLL6M76wGrg5D3GBgw8/Gv+QSY+2OMKaoHl7ErN
         YAwWBca5EyltllXlXYjSJ5XhDziSOKDfThl1urkm2qq90Iv5KpmZLzb4dZ2CbghVdI2q
         A/hQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eDuzgrhl;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id q15-20020a056402518f00b00418c2b5bdd1si11056168edd.179.2022.04.05.19.11.40;
        Tue, 05 Apr 2022 19:12:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eDuzgrhl;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232991AbiDEH4k (ORCPT <rfc822;arunks.linux@gmail.com>
        + 99 others); Tue, 5 Apr 2022 03:56:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48248 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233597AbiDEHsH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 Apr 2022 03:48:07 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24FEA2AC;
        Tue,  5 Apr 2022 00:46:09 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id B42EB616BF;
        Tue,  5 Apr 2022 07:46:08 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C4F7EC340EE;
        Tue,  5 Apr 2022 07:46:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1649144768;
        bh=FUcnqxzjXH5u3vbw4nDqrygn9TouK/7YERh2EEo0v3w=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=eDuzgrhlNeklkZzJdNsL+RRPXrVCFmpVD0vpiONQz65KGU2gLUyV+TA3KITRTq4Kh
         v8pMdfoojP1gJg+Yd47V5tRaKNkTKgO/ytcSYoEfff5a3cer1HK0+P2lERJ3BegWWk
         3u4EBi7GEeL/bQL4uTQeheynNLpWYoxxws106m3E=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Mingzhe Zou <mingzhe.zou@easystack.cn>,
        Coly Li <colyli@suse.de>
Subject: [PATCH 5.17 0164/1126] bcache: fixup multiple threads crash
Date:   Tue,  5 Apr 2022 09:15:11 +0200
Message-Id: <20220405070412.409301981@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220405070407.513532867@linuxfoundation.org>
References: <20220405070407.513532867@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mingzhe Zou <mingzhe.zou@easystack.cn>

commit 887554ab96588de2917b6c8c73e552da082e5368 upstream.

When multiple threads to check btree nodes in parallel, the main
thread wait for all threads to stop or CACHE_SET_IO_DISABLE flag:

wait_event_interruptible(check_state->wait,
                         atomic_read(&check_state->started) == 0 ||
                         test_bit(CACHE_SET_IO_DISABLE, &c->flags));

However, the bch_btree_node_read and bch_btree_node_read_done
maybe call bch_cache_set_error, then the CACHE_SET_IO_DISABLE
will be set. If the flag already set, the main thread return
error. At the same time, maybe some threads still running and
read NULL pointer, the kernel will crash.

This patch change the event wait condition, the main thread must
wait for all threads to stop.

Fixes: 8e7102273f597 ("bcache: make bch_btree_check() to be multithreaded")
Signed-off-by: Mingzhe Zou <mingzhe.zou@easystack.cn>
Cc: stable@vger.kernel.org # v5.7+
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/md/bcache/btree.c     |    6 ++++--
 drivers/md/bcache/writeback.c |    6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -2060,9 +2060,11 @@ int bch_btree_check(struct cache_set *c)
 		}
 	}
 
+	/*
+	 * Must wait for all threads to stop.
+	 */
 	wait_event_interruptible(check_state->wait,
-				 atomic_read(&check_state->started) == 0 ||
-				  test_bit(CACHE_SET_IO_DISABLE, &c->flags));
+				 atomic_read(&check_state->started) == 0);
 
 	for (i = 0; i < check_state->total_threads; i++) {
 		if (check_state->infos[i].result) {
--- a/drivers/md/bcache/writeback.c
+++ b/drivers/md/bcache/writeback.c
@@ -998,9 +998,11 @@ void bch_sectors_dirty_init(struct bcach
 		}
 	}
 
+	/*
+	 * Must wait for all threads to stop.
+	 */
 	wait_event_interruptible(state->wait,
-		 atomic_read(&state->started) == 0 ||
-		 test_bit(CACHE_SET_IO_DISABLE, &c->flags));
+		 atomic_read(&state->started) == 0);
 
 out:
 	kfree(state);