On Fri, 23 Jan 2009, Mikulas Patocka wrote: > On Fri, 23 Jan 2009, Alasdair G Kergon wrote: > > > On Wed, Jan 21, 2009 at 10:04:39PM -0500, Mikulas Patocka wrote: > > > If someone sends signal to a process performing synchronous dm-io call, > > > the kernel may crash. > > > > > There is no way to cancel in-progress IOs, so the best solution is to ignore > > > signals at this point. > > > > So what is the impact of this patch at a higher level? > > Avoid crash if the admin kills lvm or dmsetup with SIGKILL at a certain > point. > > AFAIK lvm blocks all the blockable signals while it is performing critical > operations, so there should be no crash from pressing ^C, terminal loss or > so. > > > - What userspace operations are there that you can interrupt now, but that > > after this patch you won't be able to? > > When I grepped for interruptible sleep, I found one another possibility: > aborting a suspend with signal. I didn't find crash condition that could > be caused by this, but it could unfortunatelly confuse targets. > > If suspend is aborted this way, presuspend method is called, but > postsuspend, preresume and resume isn't --- this will confuse target > drivers --- you end up with an active mirror that stopped recovering or > active snapshot that stopped merging. > > I don't know if aborting suspend this way should be allowed or not. > > > (Are there any situations where the io will not complete without a reboot, > > that could actually be safe today?) > > If the io will not complete, you can't reboot with normal reboot script. > Unmount/remount-ro waits for ios on a filesystem to complete, so they will > deadlock. > > Mikulas > > > Alasdair > > -- > > agk@xxxxxxxxxx Regarding the other possibilities you suggested on the phone call: There are main architectural design decisions that can't be changed without major code rewrite: - submitted bio can't be cancelled - the device must not be closed when some bios are submitted on it So, if the function sync_io() was modified so that the structure would be allocated with kmalloc and wouldn't be on stack (so that the function could be interrupted and exit while bios are still pending), we would have to somehow make sure be that the device wouldn't be closed until all the bios finish. So there would be no benefit for the user --- the user still wouldn't be able to interrupt target contructor --- because in the error path, devices are closed and these close calls would have to wait for the interrupted bio to finish. And there would be major code blow coming from the fact that these interrupted bios would have to be tracked somehow and dm_put_device would have to wait for them. So the best solution is to make dm-io ios uninterruptible. Mikulas -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
