[lvm-devel] Re: Deactivating volume with mounted snapshot

Mikulas Patocka mpatocka at redhat.com
Thu May 15 00:33:27 UTC 2008 

On Thu, 15 May 2008, Alasdair G Kergon wrote:

> On Wed, May 14, 2008 at 07:30:17PM -0400, Mikulas Patocka wrote:
>> With merging, it will cause corruption --- if one snapshot is merging and
>> you don't have all the other snapshots loaded, the non-active snapshots
>> won't be updated as the merging goes on. So they'll be corrupted.
>
> If that can happen it suggests the detailed set of activation steps needs
> further refining and is not correct yet.

I think I have it already correct. The patch that corrects it is 
http://lacrosse.redhat.com/~mpatocka/patches/kernel/dm-snapshot-remove-active-variable.patch

Basically, lvm suspends all the devices, then loads the dm table for all 
of them and then resumes them.

I start merging at preresume method. When I start merging, all the other 
snapshots are already loaded in the table and can allocate new exceptions. 
The patch changes it so that they can accept new exceptions always.

>> Currently the contstraint is "if the device is open, you can't deactivate
>> it". I'd like change it to "if the device is open or some of its snapshots
>> are open, you can't deactivate it".
>
> Catch-22 then.  Which do you deactivate first?  We cannot handle that
> at kernel level with the current interface.

You are right. The possible solutions:

* block opening of suspended device until the device is resumed (or 
deleted) --- easiest, but most scary. Theoretically it should be OK --- 
you already should not open a file while there is something suspended (the 
memory-allocation deadlock) --- but it may make some of these deadlocks 
very visible. Maybe making the deadlocks visible is a good thing, it's 
much easier to solve reproducible deadlock than nonreproducible.

* undo the deactivation if one of the devices can't be removed because it 
is open --- probably the hardest.

* replace the open device's table with error target --- if it has 
journaled filesystem, it will recover fine. And it won't damage other 
snapshots.

* let it be, hoping that admin won't simultaneously open and deactivate a 
device :-/

> But by all means add that extra protection to the userspace code.
> The userspace code should not assume it happened though.
>
>> Even without merging, the current approach is not perfect, as you will end
>> up with a device that you can't deactivate (the origin is deactivated, the
>> snapshot is active; lvchange -an on the snapshot will return error;
>> lvchange -an on the origin will see that it is already inactive and do
>> nothing)
>
> That can be fixed: lvchange -an on the origin should complete the process.
> (It probably used to do that before some optimisation got added.)
>
> Alasdair
> -- 
> agk at redhat.com

BTW. Tomorrow I'm going to Brno to medical exam at Red Hat on Thursday and 
meeting on Friday, so I won't be on IRC and email much.

Mikulas

More information about the lvm-devel mailing list