• Jon Paul Maloy's avatar
    tipc: delay ESTABLISH state event when link is established · 73f646ce
    Jon Paul Maloy authored
    Link establishing, just like link teardown, is a non-atomic action, in
    the sense that discovering that conditions are right to establish a link,
    and the actual adding of the link to one of the node's send slots is done
    in two different lock contexts. The link FSM is designed to help bridging
    the gap between the two contexts in a safe manner.
    
    We have now discovered a weakness in the implementaton of this FSM.
    Because we directly let the link go from state LINK_ESTABLISHING to
    state LINK_ESTABLISHED already in the first lock context, we are unable
    to distinguish between a fully established link, i.e., a link that has
    been added to its slot, and a link that has not yet reached the second
    lock context. It may hence happen that a manual intervention, e.g., when
    disabling an interface, causes the function tipc_node_link_down() to try
    removing the link from the node slots, decrementing its active link
    counter etc, although the link was never added there in the first place.
    
    We solve this by delaying the actual state change until we reach the
    second lock context, inside the function tipc_node_link_up(). This
    makes it possible for potentail callers of __tipc_node_link_down() to
    know if they should proceed or not, and the problem is solved.
    
    Unforunately, the situation described above also has a second problem.
    Since there by necessity is a tipc_node_link_up() call pending once
    the node lock has been released, we must defuse that call by setting
    the link back from LINK_ESTABLISHING to LINK_RESET state. This forces
    us to make a slight modification to the link FSM, which will now look
    as follows.
    
     +------------------------------------+
     |RESET_EVT                           |
     |                                    |
     |                             +--------------+
     |           +-----------------|   SYNCHING   |-----------------+
     |           |FAILURE_EVT      +--------------+   PEER_RESET_EVT|
     |           |                  A            |                  |
     |           |                  |            |                  |
     |           |                  |            |                  |
     |           |                  |SYNCH_      |SYNCH_            |
     |           |                  |BEGIN_EVT   |END_EVT           |
     |           |                  |            |                  |
     |           V                  |            V                  V
     |    +-------------+          +--------------+          +------------+
     |    |  RESETTING  |<---------|  ESTABLISHED |--------->| PEER_RESET |
     |    +-------------+ FAILURE_ +--------------+ PEER_    +------------+
     |           |        EVT        |    A         RESET_EVT       |
     |           |                   |    |                         |
     |           |  +----------------+    |                         |
     |  RESET_EVT|  |RESET_EVT            |                         |
     |           |  |                     |                         |
     |           |  |                     |ESTABLISH_EVT            |
     |           |  |  +-------------+    |                         |
     |           |  |  | RESET_EVT   |    |                         |
     |           |  |  |             |    |                         |
     |           V  V  V             |    |                         |
     |    +-------------+          +--------------+        RESET_EVT|
     +--->|    RESET    |--------->| ESTABLISHING |<----------------+
          +-------------+ PEER_    +--------------+
           |           A  RESET_EVT       |
           |           |                  |
           |           |                  |
           |FAILOVER_  |FAILOVER_         |FAILOVER_
           |BEGIN_EVT  |END_EVT           |BEGIN_EVT
           |           |                  |
           V           |                  |
          +-------------+                 |
          | FAILINGOVER |<----------------+
          +-------------+
    Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
    Acked-by: default avatarYing Xue <ying.xue@windriver.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    73f646ce
link.h 9.28 KB