1. 04 3月, 2014 1 次提交
    • M
      dm snapshot: fix metadata corruption · 2c945820
      Mikulas Patocka 提交于
      Commit 55494bf2 ("dm snapshot: use dm-bufio") broke snapshots.
      Before that 3.14-rc1 commit, loading a snapshot's list of exceptions
      involved reading exception areas one by one into ps->area and inserting
      those exceptions into the hash table.  Commit 55494bf2 changed
      it so that dm-bufio with prefetch is used to load exceptions in batchs.
      Exceptions are loaded correctly, but ps->area is left uninitialized.
      When a new exception is allocated, it is stored in this uninitialized
      ps->area which will be written to the disk.  This causes metadata
      corruption.
      
      Fix this corruption by copying the last area that was read via dm-bufio
      into ps->area.
      Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: NMike Snitzer <snitzer@redhat.com>
      2c945820
  2. 15 1月, 2014 3 次提交
  3. 07 1月, 2014 1 次提交
  4. 16 10月, 2013 1 次提交
    • M
      dm snapshot: fix data corruption · e9c6a182
      Mikulas Patocka 提交于
      This patch fixes a particular type of data corruption that has been
      encountered when loading a snapshot's metadata from disk.
      
      When we allocate a new chunk in persistent_prepare, we increment
      ps->next_free and we make sure that it doesn't point to a metadata area
      by further incrementing it if necessary.
      
      When we load metadata from disk on device activation, ps->next_free is
      positioned after the last used data chunk. However, if this last used
      data chunk is followed by a metadata area, ps->next_free is positioned
      erroneously to the metadata area. A newly-allocated chunk is placed at
      the same location as the metadata area, resulting in data or metadata
      corruption.
      
      This patch changes the code so that ps->next_free skips the metadata
      area when metadata are loaded in function read_exceptions.
      
      The patch also moves a piece of code from persistent_prepare_exception
      to a separate function skip_metadata to avoid code duplication.
      
      CVE-2013-4299
      Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@vger.kernel.org
      Cc: Mike Snitzer <snitzer@redhat.com>
      Signed-off-by: NAlasdair G Kergon <agk@redhat.com>
      e9c6a182
  5. 20 9月, 2013 1 次提交
    • M
      dm snapshot: workaround for a false positive lockdep warning · 5ea330a7
      Mikulas Patocka 提交于
      The kernel reports a lockdep warning if a snapshot is invalidated because
      it runs out of space.
      
      The lockdep warning was triggered by commit 0976dfc1
      ("workqueue: Catch more locking problems with flush_work()") in v3.5.
      
      The warning is false positive.  The real cause for the warning is that
      the lockdep engine treats different instances of md->lock as a single
      lock.
      
      This patch is a workaround - we use flush_workqueue instead of flush_work.
      This code path is not performance sensitive (it is called only on
      initialization or invalidation), thus it doesn't matter that we flush the
      whole workqueue.
      
      The real fix for the problem would be to teach the lockdep engine to treat
      different instances of md->lock as separate locks.
      Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
      Acked-by: NAlasdair G Kergon <agk@redhat.com>
      Signed-off-by: NMike Snitzer <snitzer@redhat.com>
      Cc: stable@vger.kernel.org # 3.5+
      5ea330a7
  6. 01 11月, 2011 1 次提交
  7. 02 8月, 2011 4 次提交
  8. 29 5月, 2011 1 次提交
    • M
      dm io: use fixed initial mempool size · bda8efec
      Mikulas Patocka 提交于
      Replace the arbitrary calculation of an initial io struct mempool size
      with a constant.
      
      The code calculated the number of reserved structures based on the request
      size and used a "magic" multiplication constant of 4.  This patch changes
      it to reserve a fixed number - itself still chosen quite arbitrarily.
      Further testing might show if there is a better number to choose.
      
      Note that if there is no memory pressure, we can still allocate an
      arbitrary number of "struct io" structures.  One structure is enough to
      process the whole request.
      Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: NAlasdair G Kergon <agk@redhat.com>
      bda8efec
  9. 14 1月, 2011 2 次提交
  10. 27 10月, 2010 1 次提交
  11. 10 9月, 2010 1 次提交
    • T
      dm: implement REQ_FLUSH/FUA support for bio-based dm · d87f4c14
      Tejun Heo 提交于
      This patch converts bio-based dm to support REQ_FLUSH/FUA instead of
      now deprecated REQ_HARDBARRIER.
      
      * -EOPNOTSUPP handling logic dropped.
      
      * Preflush is handled as before but postflush is dropped and replaced
        with passing down REQ_FUA to member request_queues.  This replaces
        one array wide cache flush w/ member specific FUA writes.
      
      * __split_and_process_bio() now calls __clone_and_map_flush() directly
        for flushes and guarantees all FLUSH bio's going to targets are zero
      `  length.
      
      * It's now guaranteed that all FLUSH bio's which are passed onto dm
        targets are zero length.  bio_empty_barrier() tests are replaced
        with REQ_FLUSH tests.
      
      * Empty WRITE_BARRIERs are replaced with WRITE_FLUSHes.
      
      * Dropped unlikely() around REQ_FLUSH tests.  Flushes are not unlikely
        enough to be marked with unlikely().
      
      * Block layer now filters out REQ_FLUSH/FUA bio's if the request_queue
        doesn't support cache flushing.  Advertise REQ_FLUSH | REQ_FUA
        capability.
      
      * Request based dm isn't converted yet.  dm_init_request_based_queue()
        resets flush support to 0 for now.  To avoid disturbing request
        based dm code, dm->flush_error is added for bio based dm while
        requested based dm continues to use dm->barrier_error.
      
      Lightly tested linear, stripe, raid1, snap and crypt targets.  Please
      proceed with caution as I'm not familiar with the code base.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Cc: dm-devel@redhat.com
      Cc: Christoph Hellwig <hch@lst.de>
      Signed-off-by: NJens Axboe <jaxboe@fusionio.com>
      d87f4c14
  12. 12 8月, 2010 1 次提交
  13. 17 2月, 2010 1 次提交
  14. 11 12月, 2009 5 次提交
  15. 17 10月, 2009 1 次提交
  16. 05 9月, 2009 3 次提交
    • M
      dm snapshot: fix on disk chunk size validation · ae0b7448
      Mikulas Patocka 提交于
      Fix some problems seen in the chunk size processing when activating a
      pre-existing snapshot.
      
      For a new snapshot, the chunk size can either be supplied by the creator
      or a default value can be used.  For an existing snapshot, the
      chunk size in the snapshot header on disk should always be used.
      
      If someone attempts to load an existing snapshot and has the 'default
      chunk size' option set, the kernel uses its default value even when it
      is incorrect for the snapshot being loaded.  This patch ensures the
      correct on-disk value is always used.
      
      Secondly, when the code does use the chunk size stored on the disk it is
      prudent to revalidate it, so the code can exit cleanly if it got
      corrupted as happened in
      https://bugzilla.redhat.com/show_bug.cgi?id=461506 .
      
      Cc: stable@kernel.org
      Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: NAlasdair G Kergon <agk@redhat.com>
      ae0b7448
    • M
      dm snapshot: fix header corruption race on invalidation · 61578dcd
      Mikulas Patocka 提交于
      If a persistent snapshot fills up, a race can corrupt the on-disk header
      which causes a crash on any future attempt to activate the snapshot
      (typically while booting).  This patch fixes the race.
      
      When the snapshot overflows, __invalidate_snapshot is called, which calls
      snapshot store method drop_snapshot. It goes to persistent_drop_snapshot that
      calls write_header. write_header constructs the new header in the "area"
      location.
      
      Concurrently, an existing kcopyd job may finish, call copy_callback
      and commit_exception method, that goes to persistent_commit_exception.
      persistent_commit_exception doesn't do locking, relying on the fact that
      callbacks are single-threaded, but it can race with snapshot invalidation and
      overwrite the header that is just being written while the snapshot is being
      invalidated.
      
      The result of this race is a corrupted header being written that can
      lead to a crash on further reactivation (if chunk_size is zero in the
      corrupted header).
      
      The fix is to use separate memory areas for each.
      
      See the bug: https://bugzilla.redhat.com/show_bug.cgi?id=461506
      
      Cc: stable@kernel.org
      Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: NAlasdair G Kergon <agk@redhat.com>
      61578dcd
    • M
      dm snapshot: refactor zero_disk_area to use chunk_io · 02d2fd31
      Mikulas Patocka 提交于
      Refactor chunk_io to prepare for the fix in the following patch.
      
      Pass an area pointer to chunk_io and simplify zero_disk_area to use
      chunk_io.  No functional change.
      
      Cc: stable@kernel.org
      Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: NAlasdair G Kergon <agk@redhat.com>
      02d2fd31
  17. 22 6月, 2009 1 次提交
  18. 23 5月, 2009 1 次提交
  19. 03 4月, 2009 7 次提交
  20. 06 1月, 2009 3 次提交