summaryrefslogtreecommitdiffstats
path: root/ipc/compat_mq.c
diff options
context:
space:
mode:
authorMikulas Patocka <mpatocka@redhat.com>2009-09-04 21:40:39 +0200
committerAlasdair G Kergon <agk@redhat.com>2009-09-04 21:40:39 +0200
commit61578dcd3fafe6babd72e8db32110cc0b630a432 (patch)
tree8e5bb9e66ec43666dd5079cc9203fc56c233b469 /ipc/compat_mq.c
parentdm snapshot: refactor zero_disk_area to use chunk_io (diff)
downloadlinux-61578dcd3fafe6babd72e8db32110cc0b630a432.tar.xz
linux-61578dcd3fafe6babd72e8db32110cc0b630a432.zip
dm snapshot: fix header corruption race on invalidation
If a persistent snapshot fills up, a race can corrupt the on-disk header which causes a crash on any future attempt to activate the snapshot (typically while booting). This patch fixes the race. When the snapshot overflows, __invalidate_snapshot is called, which calls snapshot store method drop_snapshot. It goes to persistent_drop_snapshot that calls write_header. write_header constructs the new header in the "area" location. Concurrently, an existing kcopyd job may finish, call copy_callback and commit_exception method, that goes to persistent_commit_exception. persistent_commit_exception doesn't do locking, relying on the fact that callbacks are single-threaded, but it can race with snapshot invalidation and overwrite the header that is just being written while the snapshot is being invalidated. The result of this race is a corrupted header being written that can lead to a crash on further reactivation (if chunk_size is zero in the corrupted header). The fix is to use separate memory areas for each. See the bug: https://bugzilla.redhat.com/show_bug.cgi?id=461506 Cc: stable@kernel.org Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Diffstat (limited to 'ipc/compat_mq.c')
0 files changed, 0 insertions, 0 deletions