It is designed to be crash-safe:
- Each snapshot exception is logged to disk by overwriting the last sector
of a grow-only list of snapshot exceptions.
- Write completion is not handed back up the chain until:
- the data to be overwritten has been copied to a new exception
- the new exception has been logged to the snapshot store as above
As far as I can see, the concept is leak-proof, except for being sensitive to random garbage in the last few sector writes. I suspect that doesn't happen on modern disk drives. If it does, I hope somebody will shout.
I am not sure what you mean about barriers, perhaps you were thinking of synchronous waiting. This snapshot driver does wait for completions, but it pipelines the waits so throughput is not affected much (snapshot overhead is dominated by copyouts).