Patch "md: use RCU lock to protect traversal in md_spares_need_change()" has been added to the 6.7-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Wed, 27 Mar 2024 07:20:38 -0400

This is a note to let you know that I've just added the patch titled

    md: use RCU lock to protect traversal in md_spares_need_change()

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     md-use-rcu-lock-to-protect-traversal-in-md_spares_ne.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 274227abca8b5f813e1d20e0759405ca33f586f9
Author: Li Lingfeng <lilingfeng3@xxxxxxxxxx>
Date:   Thu Jan 4 21:36:29 2024 +0800

    md: use RCU lock to protect traversal in md_spares_need_change()
    
    [ Upstream commit 570b9147deb6b07b955b55e06c714ca12a5f3e16 ]
    
    Since md_start_sync() will be called without the protect of mddev_lock,
    and it can run concurrently with array reconfiguration, traversal of rdev
    in it should be protected by RCU lock.
    Commit bc08041b32ab ("md: suspend array in md_start_sync() if array need
    reconfiguration") added md_spares_need_change() to md_start_sync(),
    casusing use of rdev without any protection.
    Fix this by adding RCU lock in md_spares_need_change().
    
    Fixes: bc08041b32ab ("md: suspend array in md_start_sync() if array need reconfiguration")
    Cc: stable@xxxxxxxxxxxxxxx # 6.7+
    Signed-off-by: Li Lingfeng <lilingfeng3@xxxxxxxxxx>
    Signed-off-by: Song Liu <song@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240104133629.1277517-1-lilingfeng@xxxxxxxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/md/md.c b/drivers/md/md.c
index 99b60d37114c4..40dea4c06457f 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -9302,9 +9302,14 @@ static bool md_spares_need_change(struct mddev *mddev)
 {
 	struct md_rdev *rdev;
 
-	rdev_for_each(rdev, mddev)
-		if (rdev_removeable(rdev) || rdev_addable(rdev))
+	rcu_read_lock();
+	rdev_for_each_rcu(rdev, mddev) {
+		if (rdev_removeable(rdev) || rdev_addable(rdev)) {
+			rcu_read_unlock();
 			return true;
+		}
+	}
+	rcu_read_unlock();
 	return false;
 }
 







