| commit | 3c3d3a3639463ff9fd2288693cc9ddde67b16f1e | |
| author | Matthew Dillon <dillon@apollo.backplane.com> | |
| Tue, 5 Jan 2010 19:36:56 +0000 (5 11:36 -0800) | ||
| committer | Matthew Dillon <dillon@apollo.backplane.com> | |
| Tue, 5 Jan 2010 19:43:30 +0000 (5 11:43 -0800) | ||
| tree | 3153fefe9d11666363aaffe344355dde3550bc1c | treesnapshot (tar.gz zip) |
| parent | 5e7f70848a5bacd931480d175ebf8393c932ea48 | commitdiff |
HAMMER VFS - Fix serious bug when downgrading (and later upgrading) a PFS
* When downgrading a PFS master to a slave the sync-end-tid (in the
pfs-status) is not updated. This will cause the data to become
inaccessible.
Then, when upgrading back to a master the original stale sync-end-tid
is used to rollback the PFS, effectively destroying its contents.
* We now properly update sync-end-tid when downgrading a PFS. This
makes the data accessible in slave mode and prevents the rollback
when re-upgrading the PFS from destroying any of the master's original
data.
* Why is a rollback used at all when upgrading you ask? When a PFS is
operating as a slave mirroring operations can be interrupted, leaving
a lot of partially updated records. Since sync-end-tid is not updated
until the mirroring operation completes (when in slave mode), these
partially mirrored records are not visible.
However, if the slave is upgraded to a master any records from
incomplete mirroring operations must be destroyed. Hence the rollback
during an upgrade is a necessary feature under normal operation.
Reported-by: Thomas Nikolajsen
* When downgrading a PFS master to a slave the sync-end-tid (in the
pfs-status) is not updated. This will cause the data to become
inaccessible.
Then, when upgrading back to a master the original stale sync-end-tid
is used to rollback the PFS, effectively destroying its contents.
* We now properly update sync-end-tid when downgrading a PFS. This
makes the data accessible in slave mode and prevents the rollback
when re-upgrading the PFS from destroying any of the master's original
data.
* Why is a rollback used at all when upgrading you ask? When a PFS is
operating as a slave mirroring operations can be interrupted, leaving
a lot of partially updated records. Since sync-end-tid is not updated
until the mirroring operation completes (when in slave mode), these
partially mirrored records are not visible.
However, if the slave is upgraded to a master any records from
incomplete mirroring operations must be destroyed. Hence the rollback
during an upgrade is a necessary feature under normal operation.
Reported-by: Thomas Nikolajsen
| sys/vfs/hammer/hammer_pfs.c | diffblobblamehistory |