md: always set MD_RECOVERY_INTR when aborting a reshape or other "resync".

commit 3991b31ea072b070081ca3bfa860a077eda67de5 upstream.

If mddev->ro is set, md_to_sync will (correctly) abort.
However in that case MD_RECOVERY_INTR isn't set.

If a RESHAPE had been requested, then ->finish_reshape() will be
called and it will think the reshape was successful even though
nothing happened.

Normally a resync will not be requested if ->ro is set, but if an
array is stopped while a reshape is on-going, then when the array is
started, the reshape will be restarted.  If the array is also set
read-only at this point, the reshape will instantly appear to success,
resulting in data corruption.

Consequently, this patch is suitable for any -stable kernel.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

diff --git a/drivers/md/md.c b/drivers/md/md.c
index db4b4a8..30a7b52 100644 (file)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -7035,8 +7035,10 @@ void md_do_sync(struct mddev *mddev)
        /* just incase thread restarts... */
        if (test_bit(MD_RECOVERY_DONE, &mddev->recovery))
                return;
-       if (mddev->ro) /* never try to sync a read-only array */
+       if (mddev->ro) {/* never try to sync a read-only array */
+               set_bit(MD_RECOVERY_INTR, &mddev->recovery);
                return;
+       }
 
        if (test_bit(MD_RECOVERY_SYNC, &mddev->recovery)) {
                if (test_bit(MD_RECOVERY_CHECK, &mddev->recovery))