• Mikulas Patocka's avatar
    dm snapshot: wait for chunks in destructor · 879129d2
    Mikulas Patocka authored
    If there are several snapshots sharing an origin and one is removed
    while the origin is being written to, the snapshot's mempool may get
    deleted while elements are still referenced.
    
    Prior to dm-snapshot-use-per-device-mempools.patch the pending
    exceptions may still have been referenced after the snapshot was
    destroyed, but this was not a problem because the shared mempool
    was still there.
    
    This patch fixes the problem by tracking the number of mempool elements
    in use.
    
    The scenario:
    - You have an origin and two snapshots 1 and 2.
    - Someone writes to the origin.
    - It creates two exceptions in the snapshots, snapshot 1 will be primary
    exception, snapshot 2's pending_exception->primary_pe will point to the
    exception in snapshot 1.
    - The exceptions are being relocated, relocation of exception 1 finishes
    (but it's pending_exception is still allocated, because it is referenced
    by an exception from snapshot 2)
    - The user lvremoves snapshot 1 --- it calls just suspend (does nothing)
    and destructor. md->pending is zero (there is no I/O submitted to the
    snapshot by md layer), so it won't help us.
    - The destructor waits for kcopyd jobs to finish on snapshot 1 --- but
    there are none.
    - The destructor on snapshot 1 cleans up everything.
    - The relocation of exception on snapshot 2 finishes, it drops reference
    on primary_pe. This frees its primary_pe pointer. Primary_pe points to
    pending exception created for snapshot 1. So it frees memory into
    non-existing mempool.
    Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
    Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
    879129d2
dm-snap.h 5.06 KB