• Philipp Reisner's avatar
    drbd: panic on delayed completion of aborted requests · 1b6dd252
    Philipp Reisner authored
    "aborting" requests, or force-detaching the disk, is intended for
    completely blocked/hung local backing devices which do no longer
    complete requests at all, not even do error completions.  In this
    situation, usually a hard-reset and failover is the only way out.
    
    By "aborting", basically faking a local error-completion,
    we allow for a more graceful swichover by cleanly migrating services.
    Still the affected node has to be rebooted "soon".
    
    By completing these requests, we allow the upper layers to re-use
    the associated data pages.
    
    If later the local backing device "recovers", and now DMAs some data
    from disk into the original request pages, in the best case it will
    just put random data into unused pages; but typically it will corrupt
    meanwhile completely unrelated data, causing all sorts of damage.
    
    Which means delayed successful completion,
    especially for READ requests,
    is a reason to panic().
    
    We assume that a delayed *error* completion is OK,
    though we still will complain noisily about it.
    Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
    Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
    1b6dd252
drbd_worker.c 52.9 KB