commit 339421def582abb14c2217aa8c8f28bb2e299174
author Song Liu <songliubraving@fb.com> Thu Oct 08 21:54:13 2015 -0700
committer NeilBrown <neilb@suse.com> Sun Nov 01 13:48:29 2015 +1100
tree ffb4662582ae9357408d90d83a2e816923b055a3
parent f2076e7d0643d15b11db979acc7cffd2e8d69e77

MD: when RAID journal is missing/faulty, block RESTART_ARRAY_RW

When RAID-4/5/6 array suffers from missing journal device, we put
the array in read only state. We should not allow trasition to
read-write states (clean and active) before replacing journal device.

Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Shaohua Li <shli@fb.com>
Signed-off-by: NeilBrown <neilb@suse.com>

drivers/md/md.c

diff --git a/drivers/md/md.c b/drivers/md/md.c
index b505759..08a4034 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -3970,7 +3970,9 @@
 		break;
 	case clean:
 		if (mddev->pers) {
-			restart_array(mddev);
+			err = restart_array(mddev);
+			if (err)
+				break;
 			spin_lock(&mddev->lock);
 			if (atomic_read(&mddev->writes_pending) == 0) {
 				if (mddev->in_sync == 0) {
@@ -3988,7 +3990,9 @@
 		break;
 	case active:
 		if (mddev->pers) {
-			restart_array(mddev);
+			err = restart_array(mddev);
+			if (err)
+				break;
 			clear_bit(MD_CHANGE_PENDING, &mddev->flags);
 			wake_up(&mddev->sb_wait);
 			err = 0;
@@ -5351,6 +5355,25 @@
 		return -EINVAL;
 	if (!mddev->ro)
 		return -EBUSY;
+	if (test_bit(MD_HAS_JOURNAL, &mddev->flags)) {
+		struct md_rdev *rdev;
+		bool has_journal = false;
+
+		rcu_read_lock();
+		rdev_for_each_rcu(rdev, mddev) {
+			if (test_bit(Journal, &rdev->flags) &&
+			    !test_bit(Faulty, &rdev->flags)) {
+				has_journal = true;
+				break;
+			}
+		}
+		rcu_read_unlock();
+
+		/* Don't restart rw with journal missing/faulty */
+		if (!has_journal)
+			return -EINVAL;
+	}
+
 	mddev->safemode = 0;
 	mddev->ro = 0;
 	set_disk_ro(disk, 0);