[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [linux-lvm] metadata copies



On 08/10/2011 11:00 PM, Stuart D. Gathman wrote:

> What happens if there are 2 or more metadata copies with the same sequence 
> ID, but different contents?  Not just buggy/malicious code can cause this.
> Imagine that a careless admin removes a PV, puts it on another system,
> independently updates both systems for a while, then later adds the PV back to
> the original system (and the seqnos match).

I did not mention two other checks:
- there is a checksum of text metadata in PV header, so random
corruption is detected

- the whole update process is atomic, there is a round buffer, new
version of metadata is written and if done successfully, atomic
sector update changes just pointer (so either new or old version is active)

> 2) I suspect there is no clever algorithm, and it probably uses the first
> valid copy seen with the highest sequence.  AIX had a "quorum" system 
> where the majority of metadata copies had to agree - or operator intervention
> was required to bring the VG online.

Metadata should be updated on all PVs when the code detect inconsistency.

TBH I am not sure if this happens in every malicious situation
(correct metadata versions with different content but the same ID).

Maybe if anyone want to try it - report a bug if there is a problem
handling it. (IMHO this check should be somehow added to vgck.)

Anyway, there is date, lvm version, full command and system name written
to text metadata (from the system where it was written), so manual admin
interaction should be trivial - just vgcfgrestore proper backup file.)

Milan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]