ocfs2/dlm: ignore cleaning the migration mle that is inuse
authorxuejiufei <xuejiufei@huawei.com>
Thu, 14 Jan 2016 23:17:38 +0000 (15:17 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 17 Feb 2016 20:30:56 +0000 (12:30 -0800)
commit bef5502de074b6f6fa647b94b73155d675694420 upstream.

We have found that migration source will trigger a BUG that the refcount
of mle is already zero before put when the target is down during
migration.  The situation is as follows:

dlm_migrate_lockres
  dlm_add_migration_mle
  dlm_mark_lockres_migrating
  dlm_get_mle_inuse
  <<<<<< Now the refcount of the mle is 2.
  dlm_send_one_lockres and wait for the target to become the
  new master.
  <<<<<< o2hb detect the target down and clean the migration
  mle. Now the refcount is 1.

dlm_migrate_lockres woken, and put the mle twice when found the target
goes down which trigger the BUG with the following message:

  "ERROR: bad mle: ".

Signed-off-by: Jiufei Xue <xuejiufei@huawei.com>
Reviewed-by: Joseph Qi <joseph.qi@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ocfs2/dlm/dlmmaster.c

index 84f2f8079466a7fc07c8a4fda50d3513a02b68f9..4e2162b355db2bbbd518040589f577b69acd10c6 100644 (file)
@@ -2519,6 +2519,11 @@ static int dlm_migrate_lockres(struct dlm_ctxt *dlm,
        spin_lock(&dlm->master_lock);
        ret = dlm_add_migration_mle(dlm, res, mle, &oldmle, name,
                                    namelen, target, dlm->node_num);
+       /* get an extra reference on the mle.
+        * otherwise the assert_master from the new
+        * master will destroy this.
+        */
+       dlm_get_mle_inuse(mle);
        spin_unlock(&dlm->master_lock);
        spin_unlock(&dlm->spinlock);
 
@@ -2554,6 +2559,7 @@ fail:
                if (mle_added) {
                        dlm_mle_detach_hb_events(dlm, mle);
                        dlm_put_mle(mle);
+                       dlm_put_mle_inuse(mle);
                } else if (mle) {
                        kmem_cache_free(dlm_mle_cache, mle);
                        mle = NULL;
@@ -2571,17 +2577,6 @@ fail:
         * ensure that all assert_master work is flushed. */
        flush_workqueue(dlm->dlm_worker);
 
-       /* get an extra reference on the mle.
-        * otherwise the assert_master from the new
-        * master will destroy this.
-        * also, make sure that all callers of dlm_get_mle
-        * take both dlm->spinlock and dlm->master_lock */
-       spin_lock(&dlm->spinlock);
-       spin_lock(&dlm->master_lock);
-       dlm_get_mle_inuse(mle);
-       spin_unlock(&dlm->master_lock);
-       spin_unlock(&dlm->spinlock);
-
        /* notify new node and send all lock state */
        /* call send_one_lockres with migration flag.
         * this serves as notice to the target node that a
@@ -3312,6 +3307,15 @@ top:
                            mle->new_master != dead_node)
                                continue;
 
+                       if (mle->new_master == dead_node && mle->inuse) {
+                               mlog(ML_NOTICE, "%s: target %u died during "
+                                               "migration from %u, the MLE is "
+                                               "still keep used, ignore it!\n",
+                                               dlm->name, dead_node,
+                                               mle->master);
+                               continue;
+                       }
+
                        /* If we have reached this point, this mle needs to be
                         * removed from the list and freed. */
                        dlm_clean_migration_mle(dlm, mle);