Date: Wed, 31 Mar 2004 10:16:30 +0930 From: Greg 'groggy' Lehey <grog@FreeBSD.org> To: Lukas Ertl <le@FreeBSD.org>, =?iso-8859-1?Q?Jo=E3o_Carlos_Mendes_Lu=EDs?= <jonny@jonny.eng.br> Cc: robert <robert@fledge.watson.org> Subject: Re: Serious bug in vinum? Message-ID: <20040331004630.GA15929@wantadilla.lemis.com> In-Reply-To: <40697F3B.2020202@jonny.eng.br> <20040330143257.C72259@pcle2.cc.univie.ac.at> References: <4068EA56.3060600@jonny.eng.br> <20040330053143.GN15929@wantadilla.lemis.com> <40697F3B.2020202@jonny.eng.br> <20040326222853.GA93269@zeus.faperj.br> <20040330143257.C72259@pcle2.cc.univie.ac.at>
next in thread | previous in thread | raw e-mail | index | archive | help
--abYdCjSRCBwcb+dP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tuesday, 30 March 2004 at 14:37:00 +0200, Lukas Ertl wrote: > On Fri, 26 Mar 2004, Joao Carlos Mendes Luis wrote: > >> I think this should be like: >> >> if (plex->state > plex_corrupt) { /* something = accessible, */ >> >> Or, in other words, volume state is up only if plex state is degraded >> or better. > > You are right, this is a bug, No, see my reply. > The correct solution, of course, is to check if the data is valid > before changing the volume state, but turn might turn out to be a > very complex check. Well, the minimum correct solution is to return an error if somebody tries to access the inaccessible part of the volume. That should happen, and I'm confused that it doesn't appear to be doing so in this case. On Tuesday, 30 March 2004 at 11:07:55 -0300, Joo Carlos Mendes Lus wrote: > Greg 'groggy' Lehey wrote: >> On Tuesday, 30 March 2004 at 0:32:38 -0300, Joo Carlos Mendes Lus wrote: >>> >> Basically, this is a feature and not a bug. A plex that is corrupt is >> still partially accessible, so we should allow access to it. If you >> have two striped plexes both striped between two disks, with the same >> stripe size, and one plex starts on the first drive, and the other on >> the second, and one drive dies, then each plex will lose half of its >> data, every second stripe. But the volume will be completely >> accessible. > > A good idea if you have both stripe and mirror, to avoid discarding t= he > whole disk. But, IMHO, if some part of the disk is inacessible, the volu= me > should go down, and IFF the operator wants to try recovery, should use the > setstate command. This is the safe state. setstate is not safe. It bypasses a lot of consistency checking. One possibility would be:=20 1. Based on the plex states, check if all of the volume is still accessible. 2. If not, take the volume into a "flaky" state. =20 3. *Somehow* ensure that the volume can't be accessed again as a file system until it has been remounted. 4. Refuse to remount the file system without the -f option. The last two are outside the scope of Vinum, of course. Discussion? -- Note: I discard all HTML mail unseen. Finger grog@FreeBSD.org for PGP public key. See complete headers for address and phone numbers. --abYdCjSRCBwcb+dP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQFAahTmIubykFB6QiMRApT4AJ95EOhURnt8Iw9gnFw8h17aU+G2QACgkkf1 0tqn+ehtbZoIOnfvK6Fhqqc= =ee6M -----END PGP SIGNATURE----- --abYdCjSRCBwcb+dP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040331004630.GA15929>