Hi, Junxiao, Jiufei,
Before the function dlm_drop_lockres_ref called, the dlm spinlock is unlocked.
As the master node responded, the node will lock the dlm spinlock again and
determine whether the res is used. In this window, the master of the res may
down and recovered.
So res state may be recovering. So BUG may be occurred in the dlm_purge_lockres.
Thanks.
Guozhonghua.
Date: Mon, 14 Dec 2015 10:56:18 +0800
From: Junxiao Bi <junxiao...@oracle.com>
Subject: Re: [Ocfs2-devel] [PATCH V2] ocfs2/dlm: fix a race between
purge and migration
To: xuejiu...@huawei.com, Andrew Morton <a...@linux-foundation.org>,
Mark Fasheh <mfas...@suse.com>
Cc: "ocfs2-devel@oss.oracle.com" <ocfs2-devel@oss.oracle.com>
Message-ID: <566e2fd2.7050...@oracle.com>
Content-Type: text/plain; charset=windows-1252
On 12/11/2015 11:09 AM, Xue jiufei wrote:
> We found a race between purge and migration when doing code review. Node
> A put lockres to purgelist before receiving the migrate message from node
> B which is the master. Node A call dlm_mig_lockres_handler to handle
> this message.
>
> dlm_mig_lockres_handler
> dlm_lookup_lockres
> >>>>>> race window, dlm_run_purge_list may run and send
> deref message to master, waiting the response
> spin_lock(&res->spinlock);
> res->state |= DLM_LOCK_RES_MIGRATING;
> spin_unlock(&res->spinlock);
> dlm_mig_lockres_handler returns
>
> >>>>>> dlm_thread receives the response from master for the deref
> message and triggers the BUG because the lockres has the state
> DLM_LOCK_RES_MIGRATING with the following message:
>
> dlm_purge_lockres:209 ERROR: 6633EB681FA7474A9C280A4E1A836F0F:
> res M0000000000000000030c0300000000 in use after deref
>
> Signed-off-by: Jiufei Xue <xuejiu...@huawei.com>
> Reviewed-by: Joseph Qi <joseph...@huawei.com>
Looks good.
Reviewed-by: Junxiao Bi <junxiao...@oracle.com>
> ---
> fs/ocfs2/dlm/dlmrecovery.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c
> index 58eaa5c..4055909 100644
> --- a/fs/ocfs2/dlm/dlmrecovery.c
> +++ b/fs/ocfs2/dlm/dlmrecovery.c
> @@ -1373,6 +1373,7 @@ int dlm_mig_lockres_handler(struct o2net_msg *msg, u32
> len, void *data,
> char *buf = NULL;
> struct dlm_work_item *item = NULL;
> struct dlm_lock_resource *res = NULL;
> + unsigned int hash;
>
> if (!dlm_grab(dlm))
> return -EINVAL;
> @@ -1400,7 +1401,10 @@ int dlm_mig_lockres_handler(struct o2net_msg *msg, u32
> len, void *data,
> /* lookup the lock to see if we have a secondary queue for this
> * already... just add the locks in and this will have its owner
> * and RECOVERY flag changed when it completes. */
> - res = dlm_lookup_lockres(dlm, mres->lockname, mres->lockname_len);
> + hash = dlm_lockid_hash(mres->lockname, mres->lockname_len);
> + spin_lock(&dlm->spinlock);
> + res = __dlm_lookup_lockres(dlm, mres->lockname, mres->lockname_len,
> + hash);
> if (res) {
> /* this will get a ref on res */
> /* mark it as recovering/migrating and hash it */
> @@ -1421,13 +1425,16 @@ int dlm_mig_lockres_handler(struct o2net_msg *msg,
> u32 len, void *data,
> mres->lockname_len, mres->lockname);
> ret = -EFAULT;
> spin_unlock(&res->spinlock);
> + spin_unlock(&dlm->spinlock);
> dlm_lockres_put(res);
> goto leave;
> }
> res->state |= DLM_LOCK_RES_MIGRATING;
> }
> spin_unlock(&res->spinlock);
> + spin_unlock(&dlm->spinlock);
> } else {
> + spin_unlock(&dlm->spinlock);
> /* need to allocate, just like if it was
> * mastered here normally */
> res = dlm_new_lockres(dlm, mres->lockname, mres->lockname_len);
>
-------------------------------------------------------------------------------------------------------------------------------------
本邮件及其附件含有杭州华三通信技术有限公司的保密信息,仅限于发送给上面地址中列出
的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、
或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本
邮件!
This e-mail and its attachments contain confidential information from H3C,
which is
intended only for the person or entity whose address is listed above. Any use
of the
information contained herein in any way (including, but not limited to, total
or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify
the sender
by phone or email immediately and delete it!
_______________________________________________
Ocfs2-devel mailing list
Ocfs2-devel@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/ocfs2-devel
