[dm-devel] hunt for 2.6.37 dm-crypt+ext4 corruption? (was: Re: dm-crypt barrier support is effective)
Chris Mason
chris.mason at oracle.com
Wed Dec 8 12:20:24 UTC 2010
Excerpts from Jon Nelson's message of 2010-12-07 22:29:26 -0500:
> On Tue, Dec 7, 2010 at 3:02 PM, Chris Mason <chris.mason at oracle.com> wrote:
> > Excerpts from Jon Nelson's message of 2010-12-07 15:48:58 -0500:
> >> On Tue, Dec 7, 2010 at 2:41 PM, Chris Mason <chris.mason at oracle.com> wrote:
> >> > Excerpts from Jon Nelson's message of 2010-12-07 15:25:47 -0500:
> >> >> On Tue, Dec 7, 2010 at 2:02 PM, Chris Mason <chris.mason at oracle.com> wrote:
> >> >> > Excerpts from Jon Nelson's message of 2010-12-07 14:34:40 -0500:
> >> >> >> On Tue, Dec 7, 2010 at 12:52 PM, Chris Mason <chris.mason at oracle.com> wrote:
> >> >> >> >> postgresql errors. Typically, header corruption but from the limited
> >> >> >> >> visibility I've had into this via strace, what I see is zeroed pages
> >> >> >> >> where there shouldn't be.
> >> >> >> >
> >> >> >> > This sounds a lot like a bug higher up than dm-crypt. Zeros tend to
> >> >> >> > come from some piece of code explicitly filling a page with zeros, and
> >> >> >> > that often happens in the corner cases for O_DIRECT and a few other
> >> >> >> > places in the filesystem.
> >> >> >> >
> >> >> >> > Have you tried triggering this with a regular block device?
> >> >> >>
> >> >> >> I just tried the whole set of tests, but with /dev/sdb directly (as
> >> >> >> ext4) without any crypt-y bits.
> >> >> >> It takes more iterations but out of 6 tests I had one failure: same
> >> >> >> type of thing, 'invalid page header in block ....'.
> >> >> >>
> >> >> >> I can't guarantee that it is a full-page of zeroes, just what I saw
> >> >> >> from the (limited) stracing I did.
> >> >> >
> >> >> > Fantastic. Now for our usual suspects:
>
> Maybe not so fantastic. I kept testing and had no more failures. At
> all. After 40+ iterations I gave up.
> I went back to trying ext4 on a LUKS volume. The 'hit' ratio went to
> something like 1 in 3, or better.
>
> I will continue to do testing with and without LUKS. I did /not/
> reboot between tests, but I do start with a fresh postgres database.
>
Once we trigger once without dm-crypt, dm-crypt is off the hook. Just
to verify, when you say without luks, you mean without any crypto bits
in use at all on the filesystems postgres uses?
Usually the trick to reproducing filesystem corruptions is adding memory
pressure. The corruption is probably a bad interaction between reads
and writes, and we need to make sure the reads actually happen.
http://oss.oracle.com/~mason/pin_ram.c
gcc -Wall -o pin_ram pin_ram.c
pin_ram -m 80%-of-your-ram-in-mb
The idea is to trigger constant reads without having to swap heavily.
80% might be too much.
-chris
More information about the dm-devel
mailing list