btrfs: zoned: move btrfs_zoned_reserve_data_reloc_bg() after kthread start

btrfs_zoned_reserve_data_reloc_bg() is called on each mount of a file
system and allocates a new block-group, to assign it to be the dedicated
relocation target, if no pre-existing usable block-group for this task is
found.

If for some reason the transaction is aborted, btrfs_end_transaction()
will wake up the transaction kthread. But the transaction kthread is not
yet initialized at the time btrfs_zoned_reserve_data_reloc_bg() is
called, leading to the following NULL-pointer dereference:

  RSP: 0018:ffffc9000c617c98 EFLAGS: 00010046
  RAX: 0000000000000000 RBX: 000000000000073c RCX: 0000000000000002
  RDX: 0000000000000001 RSI: 0000000000000003 RDI: 0000000000000001
  RBP: 0000000000000207 R08: ffffffff8223c71d R09: 0000000000000635
  R10: ffff888108588000 R11: 0000000000000003 R12: 0000000000000003
  R13: 000000000000073c R14: 0000000000000000 R15: ffff888114dd6000
  FS:  00007f2993745840(0000) GS:ffff8882b508d000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 000000000000073c CR3: 0000000121a82006 CR4: 0000000000770eb0
  PKRU: 55555554
  Call Trace:
   <TASK>
   try_to_wake_up (./include/linux/spinlock.h:557 kernel/sched/core.c:4106)
   __btrfs_end_transaction (fs/btrfs/transaction.c:1115 (discriminator 2))
   btrfs_zoned_reserve_data_reloc_bg (fs/btrfs/zoned.c:2840)
   open_ctree (fs/btrfs/disk-io.c:3588)
   btrfs_get_tree.cold (fs/btrfs/super.c:982 fs/btrfs/super.c:1944 fs/btrfs/super.c:2087 fs/btrfs/super.c:2121)
   vfs_get_tree (fs/super.c:1752)
   __do_sys_fsconfig (fs/fsopen.c:231 fs/fsopen.c:295 fs/fsopen.c:473)
   do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))
   entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)
  RIP: 0033:0x7f299392740e

Move the call to btrfs_zoned_reserve_data_reloc_bg() after the
transaction_kthread has been initialized to fix this problem.

Fixes: 694ce5e143d6 ("btrfs: zoned: reserve data_reloc block group on mount")
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index 49987334dd15631dc4adf01d312f8a62d24546a3..2aeb85e3ece97587899695f74d987643570f7bfb 100644 (file)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -3594,7 +3594,6 @@ int __cold open_ctree(struct super_block *sb, struct btrfs_fs_devices *fs_device
                }
        }
 
-       btrfs_zoned_reserve_data_reloc_bg(fs_info);
        btrfs_free_zone_cache(fs_info);
 
        btrfs_check_active_zone_reservation(fs_info);
@@ -3622,6 +3621,12 @@ int __cold open_ctree(struct super_block *sb, struct btrfs_fs_devices *fs_device
                goto fail_cleaner;
        }
 
+       /*
+        * Starts a transaction, must be called after the transaction kthread
+        * is initialized.
+        */
+       btrfs_zoned_reserve_data_reloc_bg(fs_info);
+
        ret = btrfs_read_qgroup_config(fs_info);
        if (ret)
                goto fail_trans_kthread;