From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Alex Lyakas <alex.lyakas@zadara.com>, Song Liu <song@kernel.org>,
Sasha Levin <sashal@kernel.org>,
linux-raid@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 18/22] md: Whenassemble the array, consult the superblock of the freshest device
Date: Tue, 16 Jan 2024 15:04:12 -0500 [thread overview]
Message-ID: <20240116200432.260016-18-sashal@kernel.org> (raw)
In-Reply-To: <20240116200432.260016-1-sashal@kernel.org>
From: Alex Lyakas <alex.lyakas@zadara.com>
[ Upstream commit dc1cc22ed58f11d58d8553c5ec5f11cbfc3e3039 ]
Upon assembling the array, both kernel and mdadm allow the devices to have event
counter difference of 1, and still consider them as up-to-date.
However, a device whose event count is behind by 1, may in fact not be up-to-date,
and array resync with such a device may cause data corruption.
To avoid this, consult the superblock of the freshest device about the status
of a device, whose event counter is behind by 1.
Signed-off-by: Alex Lyakas <alex.lyakas@zadara.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/1702470271-16073-1-git-send-email-alex.lyakas@zadara.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md.c | 54 ++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 44 insertions(+), 10 deletions(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 6b074c2202d5..3cc28b283607 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -1034,6 +1034,7 @@ struct super_type {
struct md_rdev *refdev,
int minor_version);
int (*validate_super)(struct mddev *mddev,
+ struct md_rdev *freshest,
struct md_rdev *rdev);
void (*sync_super)(struct mddev *mddev,
struct md_rdev *rdev);
@@ -1160,8 +1161,9 @@ static int super_90_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor
/*
* validate_super for 0.90.0
+ * note: we are not using "freshest" for 0.9 superblock
*/
-static int super_90_validate(struct mddev *mddev, struct md_rdev *rdev)
+static int super_90_validate(struct mddev *mddev, struct md_rdev *freshest, struct md_rdev *rdev)
{
mdp_disk_t *desc;
mdp_super_t *sb = page_address(rdev->sb_page);
@@ -1665,7 +1667,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
return ret;
}
-static int super_1_validate(struct mddev *mddev, struct md_rdev *rdev)
+static int super_1_validate(struct mddev *mddev, struct md_rdev *freshest, struct md_rdev *rdev)
{
struct mdp_superblock_1 *sb = page_address(rdev->sb_page);
__u64 ev1 = le64_to_cpu(sb->events);
@@ -1761,13 +1763,15 @@ static int super_1_validate(struct mddev *mddev, struct md_rdev *rdev)
}
} else if (mddev->pers == NULL) {
/* Insist of good event counter while assembling, except for
- * spares (which don't need an event count) */
- ++ev1;
+ * spares (which don't need an event count).
+ * Similar to mdadm, we allow event counter difference of 1
+ * from the freshest device.
+ */
if (rdev->desc_nr >= 0 &&
rdev->desc_nr < le32_to_cpu(sb->max_dev) &&
(le16_to_cpu(sb->dev_roles[rdev->desc_nr]) < MD_DISK_ROLE_MAX ||
le16_to_cpu(sb->dev_roles[rdev->desc_nr]) == MD_DISK_ROLE_JOURNAL))
- if (ev1 < mddev->events)
+ if (ev1 + 1 < mddev->events)
return -EINVAL;
} else if (mddev->bitmap) {
/* If adding to array with a bitmap, then we can accept an
@@ -1788,8 +1792,38 @@ static int super_1_validate(struct mddev *mddev, struct md_rdev *rdev)
rdev->desc_nr >= le32_to_cpu(sb->max_dev)) {
role = MD_DISK_ROLE_SPARE;
rdev->desc_nr = -1;
- } else
+ } else if (mddev->pers == NULL && freshest && ev1 < mddev->events) {
+ /*
+ * If we are assembling, and our event counter is smaller than the
+ * highest event counter, we cannot trust our superblock about the role.
+ * It could happen that our rdev was marked as Faulty, and all other
+ * superblocks were updated with +1 event counter.
+ * Then, before the next superblock update, which typically happens when
+ * remove_and_add_spares() removes the device from the array, there was
+ * a crash or reboot.
+ * If we allow current rdev without consulting the freshest superblock,
+ * we could cause data corruption.
+ * Note that in this case our event counter is smaller by 1 than the
+ * highest, otherwise, this rdev would not be allowed into array;
+ * both kernel and mdadm allow event counter difference of 1.
+ */
+ struct mdp_superblock_1 *freshest_sb = page_address(freshest->sb_page);
+ u32 freshest_max_dev = le32_to_cpu(freshest_sb->max_dev);
+
+ if (rdev->desc_nr >= freshest_max_dev) {
+ /* this is unexpected, better not proceed */
+ pr_warn("md: %s: rdev[%pg]: desc_nr(%d) >= freshest(%pg)->sb->max_dev(%u)\n",
+ mdname(mddev), rdev->bdev, rdev->desc_nr,
+ freshest->bdev, freshest_max_dev);
+ return -EUCLEAN;
+ }
+
+ role = le16_to_cpu(freshest_sb->dev_roles[rdev->desc_nr]);
+ pr_debug("md: %s: rdev[%pg]: role=%d(0x%x) according to freshest %pg\n",
+ mdname(mddev), rdev->bdev, role, role, freshest->bdev);
+ } else {
role = le16_to_cpu(sb->dev_roles[rdev->desc_nr]);
+ }
switch(role) {
case MD_DISK_ROLE_SPARE: /* spare */
break;
@@ -2691,7 +2725,7 @@ static int add_bound_rdev(struct md_rdev *rdev)
* and should be added immediately.
*/
super_types[mddev->major_version].
- validate_super(mddev, rdev);
+ validate_super(mddev, NULL/*freshest*/, rdev);
if (add_journal)
mddev_suspend(mddev);
err = mddev->pers->hot_add_disk(mddev, rdev);
@@ -3593,7 +3627,7 @@ static void analyze_sbs(struct mddev *mddev)
}
super_types[mddev->major_version].
- validate_super(mddev, freshest);
+ validate_super(mddev, NULL/*freshest*/, freshest);
i = 0;
rdev_for_each_safe(rdev, tmp, mddev) {
@@ -3608,7 +3642,7 @@ static void analyze_sbs(struct mddev *mddev)
}
if (rdev != freshest) {
if (super_types[mddev->major_version].
- validate_super(mddev, rdev)) {
+ validate_super(mddev, freshest, rdev)) {
pr_warn("md: kicking non-fresh %s from array!\n",
bdevname(rdev->bdev,b));
md_kick_rdev_from_array(rdev);
@@ -6453,7 +6487,7 @@ static int add_new_disk(struct mddev *mddev, mdu_disk_info_t *info)
rdev->saved_raid_disk = rdev->raid_disk;
} else
super_types[mddev->major_version].
- validate_super(mddev, rdev);
+ validate_super(mddev, NULL/*freshest*/, rdev);
if ((info->state & (1<<MD_DISK_SYNC)) &&
rdev->raid_disk != info->raid_disk) {
/* This was a hot-add request, but events doesn't
--
2.43.0
next prev parent reply other threads:[~2024-01-16 20:05 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-16 20:03 [PATCH AUTOSEL 4.19 01/22] scsi: lpfc: Fix possible file string name overflow when updating firmware Sasha Levin
2024-01-16 20:03 ` [PATCH AUTOSEL 4.19 02/22] PCI: Add no PM reset quirk for NVIDIA Spectrum devices Sasha Levin
2024-01-16 20:03 ` [PATCH AUTOSEL 4.19 03/22] bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk Sasha Levin
2024-01-16 20:03 ` [PATCH AUTOSEL 4.19 04/22] ARM: dts: imx7s: Fix lcdif compatible Sasha Levin
2024-01-16 20:03 ` Sasha Levin
2024-01-16 20:03 ` [PATCH AUTOSEL 4.19 05/22] ARM: dts: imx7s: Fix nand-controller #size-cells Sasha Levin
2024-01-16 20:03 ` Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 06/22] wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 07/22] bpf: Add map and need_defer parameters to .map_fd_put_ptr() Sasha Levin
2024-01-17 4:16 ` Hou Tao
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 08/22] scsi: libfc: Don't schedule abort twice Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 09/22] scsi: libfc: Fix up timeout error in fc_fcp_rec_error() Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 10/22] ARM: dts: rockchip: fix rk3036 hdmi ports node Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 11/22] ARM: dts: imx25/27-eukrea: Fix RTC node name Sasha Levin
2024-01-16 20:04 ` Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 12/22] ARM: dts: imx: Use flash@0,0 pattern Sasha Levin
2024-01-16 20:04 ` Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 13/22] ARM: dts: imx27: Fix sram node Sasha Levin
2024-01-16 20:04 ` Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 14/22] ARM: dts: imx1: " Sasha Levin
2024-01-16 20:04 ` Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 15/22] ARM: dts: imx27-apf27dev: Fix LED name Sasha Levin
2024-01-16 20:04 ` Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 16/22] ARM: dts: imx23-sansa: Use preferred i2c-gpios properties Sasha Levin
2024-01-16 20:04 ` Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 17/22] ARM: dts: imx23/28: Fix the DMA controller node name Sasha Levin
2024-01-16 20:04 ` Sasha Levin
2024-01-16 20:04 ` Sasha Levin [this message]
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 19/22] wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 20/22] wifi: rtlwifi: add calculate_bit_shift() Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 21/22] wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() Sasha Levin
2024-01-16 20:04 ` [PATCH AUTOSEL 4.19 22/22] wifi: cfg80211: free beacon_ies when overridden from hidden BSS Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240116200432.260016-18-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=alex.lyakas@zadara.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=song@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.