dm snapshot: avoid snapshot space leak on crash

commit 230c83afdd9cd384348475bea1e14b80b3b6b1b8 upstream. There is a possible leak of snapshot space in case of crash. The reason for space leaking is that chunks in the snapshot device are allocated sequentially, but they are finished (and stored in the metadata) out of order, depending on the order in which copying finished. For example, supposed that the metadata contains the following records SUPERBLOCK METADATA (blocks 0 ... 250) DATA 0 DATA 1 DATA 2 ... DATA 250 Now suppose that you allocate 10 new data blocks 251-260. Suppose that copying of these blocks finish out of order (block 260 finished first and the block 251 finished last). Now, the snapshot device looks like this: SUPERBLOCK METADATA (blocks 0 ... 250, 260, 259, 258, 257, 256) DATA 0 DATA 1 DATA 2 ... DATA 250 DATA 251 DATA 252 DATA 253 DATA 254 DATA 255 METADATA (blocks 255, 254, 253, 252, 251) DATA 256 DATA 257 DATA 258 DATA 259 DATA 260 Now, if the machine crashes after writing the first metadata block but before writing the second metadata block, the space for areas DATA 250-255 is leaked, it contains no valid data and it will never be used in the future. This patch makes dm-snapshot complete exceptions in the same order they were allocated, thus fixing this bug. Note: when backporting this patch to the stable kernel, change the version field in the following way: * if version in the stable kernel is {1, 11, 1}, change it to {1, 12, 0} * if version in the stable kernel is {1, 10, 0} or {1, 10, 1}, change it to {1, 10, 2} Userspace reads the version to determine if the bug was fixed, so the version change is needed. Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Mikulas Patocka <mpatocka@redhat.com> 2013-11-29 18:13:37 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-12-20 10:45:10 -0500
commit: 20d68d38efd83f2bb598d7b3655a5c230ccc17e8 (patch)
tree: 8fbc16d3c2a26c533e94794d5b2391ef7582296a /drivers/md
parent: d468a287d01c58db4769ddd30870eb3c8a9360b2 (diff)
1 files changed, 64 insertions, 7 deletions
diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c
index aec57d76db5d..944690bafd93 100644
--- a/drivers/md/dm-snap.c
+++ b/drivers/md/dm-snap.c
@@ -66,6 +66,18 @@ struct dm_snapshot {
        atomic_t pending_exceptions_count;
+        /* Protected by "lock" */
+        sector_t exception_start_sequence;
+        /* Protected by kcopyd single-threaded callback */
+        sector_t exception_complete_sequence;
+        /*
+         * A list of pending exceptions that completed out of order.
+         * Protected by kcopyd single-threaded callback.
+         */
+        struct list_head out_of_order_list;
        mempool_t *pending_pool;
        struct dm_exception_table pending;
@@ -173,6 +185,14 @@ struct dm_snap_pending_exception {
         */
        int started;
+        /* There was copying error. */
+        int copy_error;
+        /* A sequence number, it is used for in-order completion. */
+        sector_t exception_sequence;
+        struct list_head out_of_order_entry;
        /*
         * For writing a complete chunk, bypassing the copy.
         */
@@ -1094,6 +1114,9 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv)
        s->valid = 1;
        s->active = 0;
        atomic_set(&s->pending_exceptions_count, 0);
+        s->exception_start_sequence = 0;
+        s->exception_complete_sequence = 0;
+        INIT_LIST_HEAD(&s->out_of_order_list);
        init_rwsem(&s->lock);
        INIT_LIST_HEAD(&s->list);
        spin_lock_init(&s->pe_lock);
@@ -1443,6 +1466,19 @@ static void commit_callback(void *context, int success)
        pending_complete(pe, success);
 }
+static void complete_exception(struct dm_snap_pending_exception *pe)
+{
+        struct dm_snapshot *s = pe->snap;
+        if (unlikely(pe->copy_error))
+                pending_complete(pe, 0);
+        else
+                /* Update the metadata if we are persistent */
+                s->store->type->commit_exception(s->store, &pe->e,
+                                                 commit_callback, pe);
+}
 /*
 * Called when the copy I/O has finished.  kcopyd actually runs
 * this code so don't block.
@@ -1452,13 +1488,32 @@ static void copy_callback(int read_err, unsigned long write_err, void *context)
        struct dm_snap_pending_exception *pe = context;
        struct dm_snapshot *s = pe->snap;
-        if (read_err || write_err)
+        pe->copy_error = read_err || write_err;
-                pending_complete(pe, 0);
-        else
+        if (pe->exception_sequence == s->exception_complete_sequence) {
-                /* Update the metadata if we are persistent */
+                s->exception_complete_sequence++;
-                s->store->type->commit_exception(s->store, &pe->e,
+                complete_exception(pe);
-                                                 commit_callback, pe);
+                while (!list_empty(&s->out_of_order_list)) {
+                        pe = list_entry(s->out_of_order_list.next,
+                                        struct dm_snap_pending_exception, out_of_order_entry);
+                        if (pe->exception_sequence != s->exception_complete_sequence)
+                                break;
+                        s->exception_complete_sequence++;
+                        list_del(&pe->out_of_order_entry);
+                        complete_exception(pe);
+                }
+        } else {
+                struct list_head *lh;
+                struct dm_snap_pending_exception *pe2;
+                list_for_each_prev(lh, &s->out_of_order_list) {
+                        pe2 = list_entry(lh, struct dm_snap_pending_exception, out_of_order_entry);
+                        if (pe2->exception_sequence < pe->exception_sequence)
+                                break;
+                }
+                list_add(&pe->out_of_order_entry, lh);
+        }
 }
 /*
@@ -1553,6 +1608,8 @@ __find_pending_exception(struct dm_snapshot *s,
                return NULL;
        }
+        pe->exception_sequence = s->exception_start_sequence++;
        dm_insert_exception(&s->pending, &pe->e);
        return pe;
@@ -2192,7 +2249,7 @@ static struct target_type origin_target = {
 static struct target_type snapshot_target = {
        .name    = "snapshot",
-        .version = {1, 11, 1},
+        .version = {1, 12, 0},
        .module  = THIS_MODULE,
        .ctr     = snapshot_ctr,
        .dtr     = snapshot_dtr,
author	Mikulas Patocka <mpatocka@redhat.com>	2013-11-29 18:13:37 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-12-20 10:45:10 -0500
commit	20d68d38efd83f2bb598d7b3655a5c230ccc17e8 (patch)
tree	8fbc16d3c2a26c533e94794d5b2391ef7582296a /drivers/md
parent	d468a287d01c58db4769ddd30870eb3c8a9360b2 (diff)

diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c index aec57d76db5d..944690bafd93 100644 --- a/drivers/md/dm-snap.c +++ b/drivers/md/dm-snap.c
@@ -66,6 +66,18 @@ struct dm_snapshot {
66		66
67	atomic_t pending_exceptions_count;	67	atomic_t pending_exceptions_count;
68		68
		69	/* Protected by "lock" */
		70	sector_t exception_start_sequence;
		71
		72	/* Protected by kcopyd single-threaded callback */
		73	sector_t exception_complete_sequence;
		74
		75	/*
		76	* A list of pending exceptions that completed out of order.
		77	* Protected by kcopyd single-threaded callback.
		78	*/
		79	struct list_head out_of_order_list;
		80
69	mempool_t *pending_pool;	81	mempool_t *pending_pool;
70		82
71	struct dm_exception_table pending;	83	struct dm_exception_table pending;
@@ -173,6 +185,14 @@ struct dm_snap_pending_exception {
173	*/	185	*/
174	int started;	186	int started;
175		187
		188	/* There was copying error. */
		189	int copy_error;
		190
		191	/* A sequence number, it is used for in-order completion. */
		192	sector_t exception_sequence;
		193
		194	struct list_head out_of_order_entry;
		195
176	/*	196	/*
177	* For writing a complete chunk, bypassing the copy.	197	* For writing a complete chunk, bypassing the copy.
178	*/	198	*/
@@ -1094,6 +1114,9 @@ static int snapshot_ctr(struct dm_target ti, unsigned int argc, char *argv)
1094	s->valid = 1;	1114	s->valid = 1;
1095	s->active = 0;	1115	s->active = 0;
1096	atomic_set(&s->pending_exceptions_count, 0);	1116	atomic_set(&s->pending_exceptions_count, 0);
		1117	s->exception_start_sequence = 0;
		1118	s->exception_complete_sequence = 0;
		1119	INIT_LIST_HEAD(&s->out_of_order_list);
1097	init_rwsem(&s->lock);	1120	init_rwsem(&s->lock);
1098	INIT_LIST_HEAD(&s->list);	1121	INIT_LIST_HEAD(&s->list);
1099	spin_lock_init(&s->pe_lock);	1122	spin_lock_init(&s->pe_lock);
@@ -1443,6 +1466,19 @@ static void commit_callback(void *context, int success)
1443	pending_complete(pe, success);	1466	pending_complete(pe, success);
1444	}	1467	}
1445		1468
		1469	static void complete_exception(struct dm_snap_pending_exception *pe)
		1470	{
		1471	struct dm_snapshot *s = pe->snap;
		1472
		1473	if (unlikely(pe->copy_error))
		1474	pending_complete(pe, 0);
		1475
		1476	else
		1477	/* Update the metadata if we are persistent */
		1478	s->store->type->commit_exception(s->store, &pe->e,
		1479	commit_callback, pe);
		1480	}
		1481
1446	/*	1482	/*
1447	* Called when the copy I/O has finished. kcopyd actually runs	1483	* Called when the copy I/O has finished. kcopyd actually runs
1448	* this code so don't block.	1484	* this code so don't block.
@@ -1452,13 +1488,32 @@ static void copy_callback(int read_err, unsigned long write_err, void *context)
1452	struct dm_snap_pending_exception *pe = context;	1488	struct dm_snap_pending_exception *pe = context;
1453	struct dm_snapshot *s = pe->snap;	1489	struct dm_snapshot *s = pe->snap;
1454		1490
1455	if (read_err \|\| write_err)	1491	pe->copy_error = read_err \|\| write_err;
1456	pending_complete(pe, 0);
1457		1492
1458	else	1493	if (pe->exception_sequence == s->exception_complete_sequence) {
1459	/* Update the metadata if we are persistent */	1494	s->exception_complete_sequence++;
1460	s->store->type->commit_exception(s->store, &pe->e,	1495	complete_exception(pe);
1461	commit_callback, pe);	1496
		1497	while (!list_empty(&s->out_of_order_list)) {
		1498	pe = list_entry(s->out_of_order_list.next,
		1499	struct dm_snap_pending_exception, out_of_order_entry);
		1500	if (pe->exception_sequence != s->exception_complete_sequence)
		1501	break;
		1502	s->exception_complete_sequence++;
		1503	list_del(&pe->out_of_order_entry);
		1504	complete_exception(pe);
		1505	}
		1506	} else {
		1507	struct list_head *lh;
		1508	struct dm_snap_pending_exception *pe2;
		1509
		1510	list_for_each_prev(lh, &s->out_of_order_list) {
		1511	pe2 = list_entry(lh, struct dm_snap_pending_exception, out_of_order_entry);
		1512	if (pe2->exception_sequence < pe->exception_sequence)
		1513	break;
		1514	}
		1515	list_add(&pe->out_of_order_entry, lh);
		1516	}
1462	}	1517	}
1463		1518
1464	/*	1519	/*
@@ -1553,6 +1608,8 @@ __find_pending_exception(struct dm_snapshot *s,
1553	return NULL;	1608	return NULL;
1554	}	1609	}
1555		1610
		1611	pe->exception_sequence = s->exception_start_sequence++;
		1612
1556	dm_insert_exception(&s->pending, &pe->e);	1613	dm_insert_exception(&s->pending, &pe->e);
1557		1614
1558	return pe;	1615	return pe;
@@ -2192,7 +2249,7 @@ static struct target_type origin_target = {
2192		2249
2193	static struct target_type snapshot_target = {	2250	static struct target_type snapshot_target = {
2194	.name = "snapshot",	2251	.name = "snapshot",
2195	.version = {1, 11, 1},	2252	.version = {1, 12, 0},
2196	.module = THIS_MODULE,	2253	.module = THIS_MODULE,
2197	.ctr = snapshot_ctr,	2254	.ctr = snapshot_ctr,
2198	.dtr = snapshot_dtr,	2255	.dtr = snapshot_dtr,