1. 07 Jul, 2016 12 commits
  2. 05 Jul, 2016 14 commits
  3. 28 Jun, 2016 1 commit
  4. 14 Jun, 2016 13 commits
    • Lars Ellenberg's avatar
      drbd: correctly handle failed crypto_alloc_hash · 1b57e663
      Lars Ellenberg authored
      crypto_alloc_hash returns an ERR_PTR(), not NULL.
      
      Also reset peer_integrity_tfm to NULL, to not call crypto_free_hash()
      on an errno in the cleanup path.
      Reported-by: default avatarInsu Yun <wuninsu@gmail.com>
      Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      1b57e663
    • Lars Ellenberg's avatar
      drbd: al_write_transaction: skip re-scanning of bitmap page pointer array · 27ea1d87
      Lars Ellenberg authored
      For larger devices, the array of bitmap page pointers can grow very
      large (8000 pointers per TB of storage).
      
      For each activity log transaction, we need to flush the associated
      bitmap pages to stable storage. Currently, we just "mark" the respective
      pages while setting up the transaction, then tell the bitmap code to
      write out all marked pages, but skip unchanged pages.
      
      But one such transaction can affect only a small number of bitmap pages,
      there is no need to scan the full array of several (ten-)thousand
      page pointers to find the few marked ones.
      
      Instead, remember the index numbers of the few affected pages,
      and later only re-check those to skip duplicates and unchanged ones.
      Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      27ea1d87
    • Lars Ellenberg's avatar
      drbd: finally report ms, not jiffies, in log message · 13c2088d
      Lars Ellenberg authored
      Also skip the message unless bitmap IO took longer than 5 ms.
      Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      13c2088d
    • Roland Kammerer's avatar
      drbd: get rid of empty statement in is_valid_state · 4e526a00
      Roland Kammerer authored
      This should silence a warning about an empty statement. Thanks to Fabian
      Frederick <fabf@skynet.be> who sent a patch I modified to be smaller and
      avoids an additional indent level.
      Signed-off-by: default avatarRoland Kammerer <roland.kammerer@linbit.com>
      Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      4e526a00
    • Fabian Frederick's avatar
      drbd: code cleanups without semantic changes · 7e5fec31
      Fabian Frederick authored
      This contains various cosmetic fixes ranging from simple typos to
      const-ifying, and using booleans properly.
      
      Original commit messages from Fabian's patch set:
      drbd: debugfs: constify drbd_version_fops
      drbd: use seq_put instead of seq_print where possible
      drbd: include linux/uaccess.h instead of asm/uaccess.h
      drbd: use const char * const for drbd strings
      drbd: kerneldoc warning fix in w_e_end_data_req()
      drbd: use unsigned for one bit fields
      drbd: use bool for peer is_ states
      drbd: fix typo
      drbd: use | for bitmask combination
      drbd: use true/false for bool
      drbd: fix drbd_bm_init() comments
      drbd: introduce peer state union
      drbd: fix maybe_pull_ahead() locking comments
      drbd: use bool for growing
      drbd: remove redundant declarations
      drbd: replace if/BUG by BUG_ON
      Signed-off-by: default avatarFabian Frederick <fabf@skynet.be>
      Signed-off-by: default avatarRoland Kammerer <roland.kammerer@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      7e5fec31
    • Lars Ellenberg's avatar
      drbd: bump current uuid when resuming IO with diskless peer · 20004e24
      Lars Ellenberg authored
      Scenario, starting with normal operation
       Connected Primary/Secondary UpToDate/UpToDate
       NetworkFailure Primary/Unknown UpToDate/DUnknown (frozen)
       ... more failures happen, secondary loses it's disk,
       but eventually is able to re-establish the replication link ...
       Connected Primary/Secondary UpToDate/Diskless (resumed; needs to bump uuid!)
      
      We used to just resume/resent suspended requests,
      without bumping the UUID.
      
      Which will lead to problems later, when we want to re-attach the disk on
      the peer, without first disconnecting, or if we experience additional
      failures, because we now have diverging data without being able to
      recognize it.
      
      Make sure we also bump the current data generation UUID,
      if we notice "peer disk unknown" -> "peer disk known bad".
      Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      20004e24
    • Lars Ellenberg's avatar
      drbd: disallow promotion during resync handshake, avoid deadlock and hard reset · 31d64604
      Lars Ellenberg authored
      We already serialize connection state changes,
      and other, non-connection state changes (role changes)
      while we are establishing a connection.
      
      But if we have an established connection,
      then trigger a resync handshake (by primary --force or similar),
      until now we just had to be "lucky".
      
      Consider this sequence (e.g. deployment scenario):
      create-md; up;
        -> Connected Secondary/Secondary Inconsistent/Inconsistent
      then do a racy primary --force on both peers.
      
       block drbd0: drbd_sync_handshake:
       block drbd0: self 0000000000000004:0000000000000000:0000000000000000:0000000000000000 bits:25590 flags:0
       block drbd0: peer 0000000000000004:0000000000000000:0000000000000000:0000000000000000 bits:25590 flags:0
       block drbd0: peer( Unknown -> Secondary ) conn( WFReportParams -> Connected ) pdsk( DUnknown -> Inconsistent )
       block drbd0: peer( Secondary -> Primary ) pdsk( Inconsistent -> UpToDate )
        *** HERE things go wrong. ***
       block drbd0: role( Secondary -> Primary )
       block drbd0: drbd_sync_handshake:
       block drbd0: self 0000000000000005:0000000000000000:0000000000000000:0000000000000000 bits:25590 flags:0
       block drbd0: peer C90D2FC716D232AB:0000000000000004:0000000000000000:0000000000000000 bits:25590 flags:0
       block drbd0: Becoming sync target due to disk states.
       block drbd0: Writing the whole bitmap, full sync required after drbd_sync_handshake.
       block drbd0: Remote failed to finish a request within 6007ms > ko-count (2) * timeout (30 * 0.1s)
       drbd s0: peer( Primary -> Unknown ) conn( Connected -> Timeout ) pdsk( UpToDate -> DUnknown )
      
      The problem here is that the local promotion happens before the sync handshake
      triggered by the remote promotion was completed.  Some assumptions elsewhere
      become wrong, and when the expected resync handshake is then received and
      processed, we get stuck in a deadlock, which can only be recovered by reboot :-(
      
      Fix: if we know the peer has good data,
      and our own disk is present, but NOT good,
      and there is no resync going on yet,
      we expect a sync handshake to happen "soon".
      So reject a racy promotion with SS_IN_TRANSIENT_STATE.
      
      Result:
       ... as above ...
       block drbd0: peer( Secondary -> Primary ) pdsk( Inconsistent -> UpToDate )
        *** local promotion being postponed until ... ***
       block drbd0: drbd_sync_handshake:
       block drbd0: self 0000000000000004:0000000000000000:0000000000000000:0000000000000000 bits:25590 flags:0
       block drbd0: peer 77868BDA836E12A5:0000000000000004:0000000000000000:0000000000000000 bits:25590 flags:0
        ...
       block drbd0: conn( WFBitMapT -> WFSyncUUID )
       block drbd0: updated sync uuid 85D06D0E8887AD44:0000000000000000:0000000000000000:0000000000000000
       block drbd0: conn( WFSyncUUID -> SyncTarget )
        *** ... after the resync handshake ***
       block drbd0: role( Secondary -> Primary )
      Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      31d64604
    • Lars Ellenberg's avatar
      drbd: sync_handshake: handle identical uuids with current (frozen) Primary · f2d3d75b
      Lars Ellenberg authored
      If in a two-primary scenario, we lost our peer, freeze IO,
      and are still frozen (no UUID rotation) when the peer comes back
      as Secondary after a hard crash, we will see identical UUIDs.
      
      The "rule_nr = 40" chose to use the "CRASHED_PRIMARY" bit as
      arbitration, but that would cause the still running (but frozen) Primary
      to become SyncTarget (which it typically refuses), and the handshake is
      declined.
      
      Fix: check current roles.
      If we have *one* current primary, the Primary wins.
      (rule_nr = 41)
      
      Since that is a protocol change, use the newly introduced DRBD_FF_WSAME
      to determine if rule_nr = 41 can be applied.
      Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      f2d3d75b
    • Lars Ellenberg's avatar
      drbd: introduce WRITE_SAME support · 9104d31a
      Lars Ellenberg authored
      We will support WRITE_SAME, if
       * all peers support WRITE_SAME (both in kernel and DRBD version),
       * all peer devices support WRITE_SAME
       * logical_block_size is identical on all peers.
      
      We may at some point introduce a fallback on the receiving side
      for devices/kernels that do not support WRITE_SAME,
      by open-coding a submit loop. But not yet.
      Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      9104d31a
    • Lars Ellenberg's avatar
    • Lars Ellenberg's avatar
      drbd: discard_zeroes_if_aligned allows "thin" resync for discard_zeroes_data=0 · 65f5be35
      Lars Ellenberg authored
      Even if discard_zeroes_data != 0,
      if discard_zeroes_if_aligned is set, we assume we can reliably
      zero-out/discard using the drbd_issue_peer_discard() helper.
      Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      65f5be35
    • Lars Ellenberg's avatar
      drbd: only restart frozen disk io when D_UP_TO_DATE · af61494a
      Lars Ellenberg authored
      When re-attaching the local backend device to a C_STANDALONE D_DISKLESS
      R_PRIMARY with OND_SUSPEND_IO, we may only resume IO if we recognize the
      backend that is being attached as D_UP_TO_DATE.
      Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      af61494a
    • Lars Ellenberg's avatar
      drbd: if there is no good data accessible, writes should be IO errors · 0ead5cca
      Lars Ellenberg authored
      If DRBD lost all path to good data,
      and the on-no-data-accessible policy is OND_SUSPEND_IO,
      all pending and new IO requests are suspended (will block).
      
      If that setting is OND_IO_ERROR, IO will still be completed.
      READ to "clean" areas (e.g. on an D_INCONSISTENT device,
      and bitmap indicates a block is already in sync) will succeed.
      READ to "unclean" areas (bitmap indicates block is out-of-sync),
      will return EIO.
      
      If we are already D_DISKLESS (or D_FAILED), we also return EIO.
      
      Unfortunately, on a former R_PRIMARY C_SYNC_TARGET D_INCONSISTENT,
      after replication link loss, new WRITE requests still went through OK.
      
      The would also set the "out-of-sync" bit on their way, so READ after
      WRITE would still return EIO. Also, the data generation UUIDs had not
      been bumped, we would cause data divergence, without being able to
      detect it on the next sync handshake, given the right sequence of events
      in a multiple error scenario and "improper" order of recovery actions.
      
      The right thing to do is to return EIO for all new writes,
      unless we have access to good, current, D_UP_TO_DATE data.
      
      The "established best practices" way to avoid these situations in the
      first place is to set OND_SUSPEND_IO, or even do a hard-reset from
      the pri-on-incon-degr policy helper hook.
      Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      0ead5cca