md: protect md_thread with rcu

mainline inclusion
from mainline-v6.5-rc1
commit 44693154
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8OPEK
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4469315439827290923fce4f3f672599cabeb366



--------------------------------

Currently, there are many places that md_thread can be accessed without
protection, following are known scenarios that can cause
null-ptr-dereference or uaf:

1) sync_thread that is allocated and started from md_start_sync()
2) mddev->thread can be accessed directly from timeout_store() and
   md_bitmap_daemon_work()
3) md_unregister_thread() from action_store().

Currently, a global spinlock 'pers_lock' is borrowed to protect
'mddev->thread' in some places, this problem can be fixed likewise,
however, use a global lock for all the cases is not good.

Fix this problem by protecting all md_thread with rcu.

Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230523021017.3048783-6-yukuai1@huaweicloud.com



Conflicts:
  1) drivers/md/md.c
  commit 3ce94ce5 ("md: fix duplicate filename for rdev") adds
  declaration of export_rdev();
  commit 3ce94ce5 ("md: fix duplicate filename for rdev") adds
  md_free_rdev();
  commit 72adae23 ("md: Change active_io to percpu") remove
  synchronize_rcu() in mddev_suspend();
  2) drivers/md/raid5-cache.c
  commit ad831a16 ("md/raid5: use bdev_write_cache instead of
  open coding it") remove the use of request_queue;
  commit 913cce5a ("md: remove most calls to bdevname") remove
  the array of bdevname and change the formart of display.
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>