Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bef5502d authored by xuejiufei's avatar xuejiufei Committed by Linus Torvalds
Browse files

ocfs2/dlm: ignore cleaning the migration mle that is inuse 



We have found that migration source will trigger a BUG that the refcount
of mle is already zero before put when the target is down during
migration.  The situation is as follows:

dlm_migrate_lockres
  dlm_add_migration_mle
  dlm_mark_lockres_migrating
  dlm_get_mle_inuse
  <<<<<< Now the refcount of the mle is 2.
  dlm_send_one_lockres and wait for the target to become the
  new master.
  <<<<<< o2hb detect the target down and clean the migration
  mle. Now the refcount is 1.

dlm_migrate_lockres woken, and put the mle twice when found the target
goes down which trigger the BUG with the following message:

  "ERROR: bad mle: ".

Signed-off-by: default avatarJiufei Xue <xuejiufei@huawei.com>
Reviewed-by: default avatarJoseph Qi <joseph.qi@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 1cce4df0

fs/ocfs2/dlm/dlmmaster.c

+15 −11
Original line number Diff line number Diff line
@@ -2519,6 +2519,11 @@ static int dlm_migrate_lockres(struct dlm_ctxt *dlm, 
	spin_lock(&dlm->master_lock);

	ret = dlm_add_migration_mle(dlm, res, mle, &oldmle, name,

				    namelen, target, dlm->node_num);

	/* get an extra reference on the mle.

	 * otherwise the assert_master from the new

	 * master will destroy this.

	 */

	dlm_get_mle_inuse(mle);

	spin_unlock(&dlm->master_lock);

	spin_unlock(&dlm->spinlock);
@@ -2554,6 +2559,7 @@ static int dlm_migrate_lockres(struct dlm_ctxt *dlm, 
		if (mle_added) {

			dlm_mle_detach_hb_events(dlm, mle);

			dlm_put_mle(mle);

			dlm_put_mle_inuse(mle);

		} else if (mle) {

			kmem_cache_free(dlm_mle_cache, mle);

			mle = NULL;
@@ -2571,17 +2577,6 @@ static int dlm_migrate_lockres(struct dlm_ctxt *dlm, 
	 * ensure that all assert_master work is flushed. */

	flush_workqueue(dlm->dlm_worker);



	/* get an extra reference on the mle.

	 * otherwise the assert_master from the new

	 * master will destroy this.

	 * also, make sure that all callers of dlm_get_mle

	 * take both dlm->spinlock and dlm->master_lock */

	spin_lock(&dlm->spinlock);

	spin_lock(&dlm->master_lock);

	dlm_get_mle_inuse(mle);

	spin_unlock(&dlm->master_lock);

	spin_unlock(&dlm->spinlock);



	/* notify new node and send all lock state */

	/* call send_one_lockres with migration flag.

	 * this serves as notice to the target node that a
@@ -3312,6 +3307,15 @@ void dlm_clean_master_list(struct dlm_ctxt *dlm, u8 dead_node) 
			    mle->new_master != dead_node)

				continue;



			if (mle->new_master == dead_node && mle->inuse) {

				mlog(ML_NOTICE, "%s: target %u died during "

						"migration from %u, the MLE is "

						"still keep used, ignore it!\n",

						dlm->name, dead_node,

						mle->master);

				continue;

			}



			/* If we have reached this point, this mle needs to be

			 * removed from the list and freed. */

			dlm_clean_migration_mle(dlm, mle);