diff options
author | Mikulas Patocka <mpatocka@redhat.com> | 2009-09-04 20:40:39 +0100 |
---|---|---|
committer | Alasdair G Kergon <agk@redhat.com> | 2009-09-04 20:40:39 +0100 |
commit | 61578dcd3fafe6babd72e8db32110cc0b630a432 (patch) | |
tree | 8e5bb9e66ec43666dd5079cc9203fc56c233b469 /drivers/md/dm-exception-store.h | |
parent | 02d2fd31defce6ff77146ad0fef4f19006055d86 (diff) | |
download | lwn-61578dcd3fafe6babd72e8db32110cc0b630a432.tar.gz lwn-61578dcd3fafe6babd72e8db32110cc0b630a432.zip |
dm snapshot: fix header corruption race on invalidation
If a persistent snapshot fills up, a race can corrupt the on-disk header
which causes a crash on any future attempt to activate the snapshot
(typically while booting). This patch fixes the race.
When the snapshot overflows, __invalidate_snapshot is called, which calls
snapshot store method drop_snapshot. It goes to persistent_drop_snapshot that
calls write_header. write_header constructs the new header in the "area"
location.
Concurrently, an existing kcopyd job may finish, call copy_callback
and commit_exception method, that goes to persistent_commit_exception.
persistent_commit_exception doesn't do locking, relying on the fact that
callbacks are single-threaded, but it can race with snapshot invalidation and
overwrite the header that is just being written while the snapshot is being
invalidated.
The result of this race is a corrupted header being written that can
lead to a crash on further reactivation (if chunk_size is zero in the
corrupted header).
The fix is to use separate memory areas for each.
See the bug: https://bugzilla.redhat.com/show_bug.cgi?id=461506
Cc: stable@kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Diffstat (limited to 'drivers/md/dm-exception-store.h')
0 files changed, 0 insertions, 0 deletions