On Fri, 23 Jan 2009, Alasdair G Kergon wrote: > On Wed, Jan 21, 2009 at 10:04:39PM -0500, Mikulas Patocka wrote: > > If someone sends signal to a process performing synchronous dm-io call, > > the kernel may crash. > > > There is no way to cancel in-progress IOs, so the best solution is to ignore > > signals at this point. > > So what is the impact of this patch at a higher level? Avoid crash if the admin kills lvm or dmsetup with SIGKILL at a certain point. AFAIK lvm blocks all the blockable signals while it is performing critical operations, so there should be no crash from pressing ^C, terminal loss or so. > - What userspace operations are there that you can interrupt now, but that > after this patch you won't be able to? When I grepped for interruptible sleep, I found one another possibility: aborting a suspend with signal. I didn't find crash condition that could be caused by this, but it could unfortunatelly confuse targets. If suspend is aborted this way, presuspend method is called, but postsuspend, preresume and resume isn't --- this will confuse target drivers --- you end up with an active mirror that stopped recovering or active snapshot that stopped merging. I don't know if aborting suspend this way should be allowed or not. > (Are there any situations where the io will not complete without a reboot, > that could actually be safe today?) If the io will not complete, you can't reboot with normal reboot script. Unmount/remount-ro waits for ios on a filesystem to complete, so they will deadlock. Mikulas > Alasdair > -- > agk@xxxxxxxxxx > -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel