acrn-kernel/drivers/md/persistent-data
Joe Thornber a9d45396f5 dm transaction manager: fix corruption due to non-atomic transaction commit
The persistent-data library used by dm-thin, dm-cache, etc is
transactional.  If anything goes wrong, such as an io error when writing
new metadata or a power failure, then we roll back to the last
transaction.

Atomicity when committing a transaction is achieved by:

a) Never overwriting data from the previous transaction.
b) Writing the superblock last, after all other metadata has hit the
   disk.

This commit and the following commit ("dm: take care to copy the space
map roots before locking the superblock") fix a bug associated with (b).
When committing it was possible for the superblock to still be written
in spite of an io error occurring during the preceeding metadata flush.
With these commits we're careful not to take the write lock out on the
superblock until after the metadata flush has completed.

Change the transaction manager's semantics for dm_tm_commit() to assume
all data has been flushed _before_ the single superblock that is passed
in.

As a prerequisite, split the block manager's block unlocking and
flushing by simplifying dm_bm_flush_and_unlock() to dm_bm_flush().  Now
the unlocking must be done separately.

This issue was discovered by forcing io errors at the crucial time
using dm-flakey.

Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org
2014-03-27 16:56:23 -04:00
..
Kconfig dm: fix Kconfig indentation 2014-03-03 17:31:07 -05:00
Makefile
dm-array.c dm array: fix a reference counting bug in shadow_ablock 2013-12-13 14:22:10 -05:00
dm-array.h
dm-bitset.c dm bitset: only flush the current word if it has been dirtied 2014-03-27 16:56:23 -04:00
dm-bitset.h dm bitset: only flush the current word if it has been dirtied 2014-03-27 16:56:23 -04:00
dm-block-manager.c dm transaction manager: fix corruption due to non-atomic transaction commit 2014-03-27 16:56:23 -04:00
dm-block-manager.h dm transaction manager: fix corruption due to non-atomic transaction commit 2014-03-27 16:56:23 -04:00
dm-btree-internal.h
dm-btree-remove.c
dm-btree-spine.c
dm-btree.c dm btree: add dm_btree_find_lowest_key 2014-01-09 16:29:17 -05:00
dm-btree.h dm btree: add dm_btree_find_lowest_key 2014-01-09 16:29:17 -05:00
dm-persistent-data-internal.h
dm-space-map-common.c dm space map common: make sure new space is used during extend 2014-01-07 21:05:17 -05:00
dm-space-map-common.h
dm-space-map-disk.c dm space map disk: optimise sm_disk_dec_block 2013-11-09 18:20:24 -05:00
dm-space-map-disk.h
dm-space-map-metadata.c dm space map metadata: fix refcount decrement below 0 which caused corruption 2014-03-07 12:02:47 -05:00
dm-space-map-metadata.h dm thin: allow metadata space larger than supported to go unused 2014-02-27 11:49:08 -05:00
dm-space-map.h
dm-transaction-manager.c dm transaction manager: fix corruption due to non-atomic transaction commit 2014-03-27 16:56:23 -04:00
dm-transaction-manager.h dm transaction manager: fix corruption due to non-atomic transaction commit 2014-03-27 16:56:23 -04:00