librbd: avoid data corruption on flatten when object map is inconsistent#61129
Merged
librbd: avoid data corruption on flatten when object map is inconsistent#61129
Conversation
By making flatten skip copyup in case the object is marked OBJECT_EXISTS or OBJECT_EXISTS_CLEAN, commit 40af4f8 ("librbd: flatten operation should use object map") introduced a critical regression. If the object map becomes inconsistent (e.g. because flatten gets interrupted by killing "rbd flatten" process or a client running on the clone crashes after updating the object map but before writing to the image), the following attempt to flatten would corrupt the clone if the copyup is actually still needed. By design, it's impossible to tell whether the object is "known to exist" based on the object map -- only telling whether the object is "known to NOT exist" is possible (i.e. only OBJECT_NONEXISTENT state is reliable). Negating OBJECT_NONEXISTENT tells that the object "may exist", not that the object is "known to exist". This is reflected in the name of object_may_exist() helper that was introduced together with the object map implementation. Something like object_may_not_exist() simply can't be constructed given the rest of librbd. This effectively reverts commits 4c86bcc ("librbd: add object_may_not_exist helper") and 40af4f8 ("librbd: flatten operation should use object map"). Fixes: https://tracker.ceph.com/issues/68998 Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Inject an object map with all possible inconsistencies before flattening to ensure that something similar to commit 40af4f8 ("librbd: flatten operation should use object map") doesn't reappear in a different form. Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
ajarr
approved these changes
Dec 18, 2024
Contributor
Author
This was referenced Dec 22, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Contribution Guidelines
To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an
xbetween the brackets:[x]. Spaces and capitalization matter when checking off items this way.Checklist
Show available Jenkins commands
jenkins retest this pleasejenkins test classic perfjenkins test crimson perfjenkins test signedjenkins test make checkjenkins test make check arm64jenkins test submodulesjenkins test dashboardjenkins test dashboard cephadmjenkins test apijenkins test docsjenkins render docsjenkins test ceph-volume alljenkins test ceph-volume toxjenkins test windowsjenkins test rook e2e