md: fix possible corruption of array metadata on shutdown.

commit 30b8aa9172dfeaac6d77897c67ee9f9fc574cdbb upstream.

commit c744a65c1e2d59acc54333ce8
  md: don't set md arrays to readonly on shutdown.

removed the possibility of a 'BUG' when data is written to an array
that has just been switched to read-only, but also introduced the
possibility that the array metadata could be corrupted.

If, when md_notify_reboot gets the mddev lock, the array is
in a state where it is assembled but hasn't been started (as can
happen if the personality module is not available, or in other unusual
situations), then incorrect metadata will be written out making it
impossible to re-assemble the array.

So only call __md_stop_writes() if the array has actually been
activated.

This patch is needed for any stable kernel which has had the above
commit applied.

Reported-by: Christoph Nelles <evilazrael@evilazrael.de>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

diff --git a/drivers/md/md.c b/drivers/md/md.c
index 6f37aa4..065ab4f 100644 (file)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8100,7 +8100,8 @@ static int md_notify_reboot(struct notifier_block *this,
 
        for_each_mddev(mddev, tmp) {
                if (mddev_trylock(mddev)) {
 
        for_each_mddev(mddev, tmp) {
                if (mddev_trylock(mddev)) {

-                       __md_stop_writes(mddev);
+                       if (mddev->pers)
+                               __md_stop_writes(mddev);

                        mddev->safemode = 2;
                        mddev_unlock(mddev);
                }
                        mddev->safemode = 2;
                        mddev_unlock(mddev);
                }