Date: Tue, 30 Mar 2004 15:01:43 +0930 From: Greg 'groggy' Lehey <grog@FreeBSD.org> To: =?iso-8859-1?Q?Jo=E3o_Carlos_Mendes_Lu=EDs?= <jonny@jonny.eng.br> Cc: hackers@freebsd.org Subject: Re: Serious bug in vinum? Message-ID: <20040330053143.GN15929@wantadilla.lemis.com> In-Reply-To: <4068EA56.3060600@jonny.eng.br> References: <4068EA56.3060600@jonny.eng.br>
next in thread | previous in thread | raw e-mail | index | archive | help
--EqVOK5mkaJAMmtSx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Tuesday, 30 March 2004 at 0:32:38 -0300, Joo Carlos Mendes Lus wrote:
> Sorry for the cross-posting, but nor the Author nor freebsd-bugs did
> acknowledge my message, and I think this is a very serious bug in vinum,
> leading to loss of data...
>
> If these are not the correct foruns for this, please forgive me and
> tell me which is the correct one.
>
> PS: Please CC: me, since I'm not currently subscribed to these
> lists.
Sorry for the lack of response. Yes, I saw it, and so did Lukas Ertl,
and we've been discussing it. This list is probably not the best.
>
> ====================================================
> Hi Greg,
>
> I've been a big fan of vinum since it's beggining. I use it for RAID0
> and RAID1 solution for lots of servers.
>
> In some RAID0 (stripe) configurations, though, I've had some serious
> problems. If an underlying disk fails, the respective plex and volume do
> not fail, as they should. This leads to full corruption of data, but worst
> of that, leads to a system which believes the data is safe. In one ocasion,
> for example, the backup ran and overwrote good data with bad data, full of
> zeros.
>
> I am not fully aware of vinum programming details, but a quick look at
> 4.9-STABLE, in file vinumstate.c, dated Jul, 7, 2000, at line 588, function
> update_volume_state() sets volume state to up if plex state is corrupt or
> better for at least one plex:
>
> for (plexno = 0; plexno < vol->plexes; plexno++) {
> struct plex *plex = &PLEX[vol->plex[plexno]]; /* point to the plex */
> if (plex->state >= plex_corrupt) { /* something accessible, */
> vol->state = volume_up;
> break;
> }
> }
>
> I think this should be like:
>
> if (plex->state > plex_corrupt) { /* something accessible, */
Basically, this is a feature and not a bug. A plex that is corrupt is
still partially accessible, so we should allow access to it. If you
have two striped plexes both striped between two disks, with the same
stripe size, and one plex starts on the first drive, and the other on
the second, and one drive dies, then each plex will lose half of its
data, every second stripe. But the volume will be completely
accessible.
I think that the real issue here is that Vinum should have returned an
I/O error for accesses to the defective parts. How did you perform
the backup?
Greg
--
Note: I discard all HTML mail unseen.
Finger grog@FreeBSD.org for PGP public key.
See complete headers for address and phone numbers.
--EqVOK5mkaJAMmtSx
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (FreeBSD)
iD8DBQFAaQY/IubykFB6QiMRApoxAJ9HcP2Jv4MmuxYVHE/o/P8CKmsFEgCghhjC
jnuy11huIEnohJx+94TO2K4=
=sQYX
-----END PGP SIGNATURE-----
--EqVOK5mkaJAMmtSx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040330053143.GN15929>