ocfs2: re-queue AST or BAST if sending is failed to improve the reliability
diff mbox

Message ID 63ADC13FD55D6546B7DECE290D39E373AC2CB721@H3CMLB14-EX.srv.huawei-3com.com
State New
Headers show

Commit Message

Changwei Ge Aug. 7, 2017, 7:13 a.m. UTC
Hi,

In current code, while flushing AST, we don't handle an exception that
sending AST or BAST is failed.
But it is indeed possible that AST or BAST is lost due to some kind of
networks fault.

If above exception happens, the requesting node will never obtain an AST
back, hence, it will never acquire the lock or abort current locking.

With this patch, I'd like to fix this issue by re-queuing the AST or
BAST if sending is failed due to networks fault.

And the re-queuing AST or BAST will be dropped if the requesting node is
dead!

It will improve the reliability a lot.


Thanks.

Changwei.

Signed-off-by: Changwei Ge <ge.changwei@h3c.com>
---
 fs/ocfs2/dlm/dlmrecovery.c |   51
++++++++++++++++++++++++++++++++++++++++++--
 fs/ocfs2/dlm/dlmthread.c   |   39 +++++++++++++++++++++++++++------
 2 files changed, 81 insertions(+), 9 deletions(-)

Comments

Gang He Aug. 7, 2017, 7:43 a.m. UTC | #1
Base on your description, this case should be a corner case, NOT a fatal error.
Should we use mlog(ML_NOTICE, ...) to print these logs?

Thanks
Gang


>>> 
> Hi,
> 
> In current code, while flushing AST, we don't handle an exception that
> sending AST or BAST is failed.
> But it is indeed possible that AST or BAST is lost due to some kind of
> networks fault.
> 
> If above exception happens, the requesting node will never obtain an AST
> back, hence, it will never acquire the lock or abort current locking.
> 
> With this patch, I'd like to fix this issue by re-queuing the AST or
> BAST if sending is failed due to networks fault.
> 
> And the re-queuing AST or BAST will be dropped if the requesting node is
> dead!
> 
> It will improve the reliability a lot.
> 
> 
> Thanks.
> 
> Changwei.
> 
> Signed-off-by: Changwei Ge <ge.changwei@h3c.com>
> ---
>  fs/ocfs2/dlm/dlmrecovery.c |   51
> ++++++++++++++++++++++++++++++++++++++++++--
>  fs/ocfs2/dlm/dlmthread.c   |   39 +++++++++++++++++++++++++++------
>  2 files changed, 81 insertions(+), 9 deletions(-)
> 
> diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c
> index 74407c6..ddfaf74 100644
> --- a/fs/ocfs2/dlm/dlmrecovery.c
> +++ b/fs/ocfs2/dlm/dlmrecovery.c
> @@ -2263,11 +2263,45 @@ static void dlm_revalidate_lvb(struct dlm_ctxt *dlm,
>      }
>  }
>  
> +static int dlm_drop_pending_ast_bast(struct dlm_ctxt *dlm,
> +                     struct dlm_lock *lock)
> +{
> +    int reserved = 0;
> +
> +    spin_lock(&dlm->ast_lock);
> +    if (!list_empty(&lock->ast_list)) {
> +        mlog(0, "%s: drop pending AST for lock(cookie=%u:%llu).\n",
> +             dlm->name,
> +             dlm_get_lock_cookie_node(be64_to_cpu(lock->ml.cookie)),
> +             dlm_get_lock_cookie_seq(be64_to_cpu(lock->ml.cookie)));
> +        list_del_init(&lock->ast_list);
> +        lock->ast_pending = 0;
> +        dlm_lock_put(lock);
> +        reserved++;
> +    }
> +
> +    if (!list_empty(&lock->bast_list)) {
> +        mlog(0, "%s: drop pending BAST for lock(cookie=%u:%llu).\n",
> +             dlm->name,
> +             dlm_get_lock_cookie_node(be64_to_cpu(lock->ml.cookie)),
> +             dlm_get_lock_cookie_seq(be64_to_cpu(lock->ml.cookie)));
> +        list_del_init(&lock->bast_list);
> +        lock->bast_pending = 0;
> +        dlm_lock_put(lock);
> +        reserved++;
> +    }
> +    spin_unlock(&dlm->ast_lock);
> +
> +    return reserved;
> +}
> +
>  static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
> -                struct dlm_lock_resource *res, u8 dead_node)
> +                struct dlm_lock_resource *res, u8 dead_node,
> +                int *reserved)
>  {
>      struct dlm_lock *lock, *next;
>      unsigned int freed = 0;
> +    int reserved_tmp = 0;
>  
>      /* this node is the lockres master:
>       * 1) remove any stale locks for the dead node
> @@ -2284,6 +2318,9 @@ static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
>          if (lock->ml.node == dead_node) {
>              list_del_init(&lock->list);
>              dlm_lock_put(lock);
> +
> +            reserved_tmp += dlm_drop_pending_ast_bast(dlm, lock);
> +
>              /* Can't schedule DLM_UNLOCK_FREE_LOCK - do manually */
>              dlm_lock_put(lock);
>              freed++;
> @@ -2293,6 +2330,9 @@ static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
>          if (lock->ml.node == dead_node) {
>              list_del_init(&lock->list);
>              dlm_lock_put(lock);
> +
> +            reserved_tmp += dlm_drop_pending_ast_bast(dlm, lock);
> +
>              /* Can't schedule DLM_UNLOCK_FREE_LOCK - do manually */
>              dlm_lock_put(lock);
>              freed++;
> @@ -2308,6 +2348,8 @@ static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
>          }
>      }
>  
> +    *reserved = reserved_tmp;
> +
>      if (freed) {
>          mlog(0, "%s:%.*s: freed %u locks for dead node %u, "
>               "dropping ref from lockres\n", dlm->name,
> @@ -2367,6 +2409,7 @@ static void dlm_do_local_recovery_cleanup(struct
> dlm_ctxt *dlm, u8 dead_node)
>      for (i = 0; i < DLM_HASH_BUCKETS; i++) {
>          bucket = dlm_lockres_hash(dlm, i);
>          hlist_for_each_entry_safe(res, tmp, bucket, hash_node) {
> +            int reserved = 0;
>               /* always prune any $RECOVERY entries for dead nodes,
>                * otherwise hangs can occur during later recovery */
>              if (dlm_is_recovery_lock(res->lockname.name,
> @@ -2420,7 +2463,7 @@ static void dlm_do_local_recovery_cleanup(struct
> dlm_ctxt *dlm, u8 dead_node)
>                      continue;
>                  }
>              } else if (res->owner == dlm->node_num) {
> -                dlm_free_dead_locks(dlm, res, dead_node);
> +                dlm_free_dead_locks(dlm, res, dead_node, &reserved);
>                  __dlm_lockres_calc_usage(dlm, res);
>              } else if (res->owner == DLM_LOCK_RES_OWNER_UNKNOWN) {
>                  if (test_bit(dead_node, res->refmap)) {
> @@ -2432,6 +2475,10 @@ static void dlm_do_local_recovery_cleanup(struct
> dlm_ctxt *dlm, u8 dead_node)
>                  }
>              }
>              spin_unlock(&res->spinlock);
> +            while (reserved) {
> +                dlm_lockres_release_ast(dlm, res);
> +                reserved--;
> +            }
>          }
>      }
>  
> diff --git a/fs/ocfs2/dlm/dlmthread.c b/fs/ocfs2/dlm/dlmthread.c
> index 838a06d..c34a619 100644
> --- a/fs/ocfs2/dlm/dlmthread.c
> +++ b/fs/ocfs2/dlm/dlmthread.c
> @@ -587,13 +587,13 @@ static int dlm_dirty_list_empty(struct dlm_ctxt *dlm)
>  
>  static void dlm_flush_asts(struct dlm_ctxt *dlm)
>  {
> -    int ret;
> +    int ret = 0;
>      struct dlm_lock *lock;
>      struct dlm_lock_resource *res;
>      u8 hi;
>  
>      spin_lock(&dlm->ast_lock);
> -    while (!list_empty(&dlm->pending_asts)) {
> +    while (!list_empty(&dlm->pending_asts) && !ret) {
>          lock = list_entry(dlm->pending_asts.next,
>                    struct dlm_lock, ast_list);
>          /* get an extra ref on lock */
> @@ -628,8 +628,20 @@ static void dlm_flush_asts(struct dlm_ctxt *dlm)
>              mlog(0, "%s: res %.*s, AST queued while flushing last "
>                   "one\n", dlm->name, res->lockname.len,
>                   res->lockname.name);
> -        } else
> -            lock->ast_pending = 0;
> +        } else {
> +            if (unlikely(ret < 0)) {
> +                /* If this AST is not sent back successfully,
> +                 * there is no chance that the second lock
> +                 * request comes.
> +                 */
> +                spin_lock(&res->spinlock);
> +                __dlm_lockres_reserve_ast(res);
> +                spin_unlock(&res->spinlock);
> +                __dlm_queue_ast(dlm, lock);
> +            } else {
> +                lock->ast_pending = 0;
> +            }
> +        }
>  
>          /* drop the extra ref.
>           * this may drop it completely. */
> @@ -637,7 +649,9 @@ static void dlm_flush_asts(struct dlm_ctxt *dlm)
>          dlm_lockres_release_ast(dlm, res);
>      }
>  
> -    while (!list_empty(&dlm->pending_basts)) {
> +    ret = 0;
> +
> +    while (!list_empty(&dlm->pending_basts) && !ret) {
>          lock = list_entry(dlm->pending_basts.next,
>                    struct dlm_lock, bast_list);
>          /* get an extra ref on lock */
> @@ -650,7 +664,6 @@ static void dlm_flush_asts(struct dlm_ctxt *dlm)
>          spin_lock(&lock->spinlock);
>          BUG_ON(lock->ml.highest_blocked <= LKM_IVMODE);
>          hi = lock->ml.highest_blocked;
> -        lock->ml.highest_blocked = LKM_IVMODE;
>          spin_unlock(&lock->spinlock);
>  
>          /* remove from list (including ref) */
> @@ -681,7 +694,19 @@ static void dlm_flush_asts(struct dlm_ctxt *dlm)
>                   "one\n", dlm->name, res->lockname.len,
>                   res->lockname.name);
>          } else
> -            lock->bast_pending = 0;
> +            if (unlikely(ret)) {
> +                spin_lock(&res->spinlock);
> +                __dlm_lockres_reserve_ast(res);
> +                spin_unlock(&res->spinlock);
> +                __dlm_queue_bast(dlm, lock);
> +            } else {
> +                lock->bast_pending = 0;
> +                /* Set ::highest_blocked to invalid after
> +                 * sending BAST successfully so that
> +                 * no more BAST would be queued.
> +                 */
> +                lock->ml.highest_blocked = LKM_IVMODE;
> +            }
>  
>          /* drop the extra ref.
>           * this may drop it completely. */
> -- 
> 1.7.9.5
> 
> 
> _______________________________________________
> Ocfs2-devel mailing list
> Ocfs2-devel@oss.oracle.com 
> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
Changwei Ge Aug. 7, 2017, 7:55 a.m. UTC | #2
Hi Gang,

At present time, when AST or BAST sending is failed, it already prints
ERROR logs.

I admit that it's truly a corner case but a fatal error when networks is
not reliable.

Because if AST is not sent back to locking node, related procedure will
be pending, even the whole cluster will hang.

I think it is not permitted in enterprise-level usage scenario.

Thangks

Changwei



On 2017/8/7 15:43, Gang He wrote:
> Base on your description, this case should be a corner case, NOT a fatal error.
> Should we use mlog(ML_NOTICE, ...) to print these logs?
>
> Thanks
> Gang
>
>
>> Hi,
>>
>> In current code, while flushing AST, we don't handle an exception that
>> sending AST or BAST is failed.
>> But it is indeed possible that AST or BAST is lost due to some kind of
>> networks fault.
>>
>> If above exception happens, the requesting node will never obtain an AST
>> back, hence, it will never acquire the lock or abort current locking.
>>
>> With this patch, I'd like to fix this issue by re-queuing the AST or
>> BAST if sending is failed due to networks fault.
>>
>> And the re-queuing AST or BAST will be dropped if the requesting node is
>> dead!
>>
>> It will improve the reliability a lot.
>>
>>
>> Thanks.
>>
>> Changwei.
>>
>> Signed-off-by: Changwei Ge <ge.changwei@h3c.com>
>> ---
>>  fs/ocfs2/dlm/dlmrecovery.c |   51
>> ++++++++++++++++++++++++++++++++++++++++++--
>>  fs/ocfs2/dlm/dlmthread.c   |   39 +++++++++++++++++++++++++++------
>>  2 files changed, 81 insertions(+), 9 deletions(-)
>>
>> diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c
>> index 74407c6..ddfaf74 100644
>> --- a/fs/ocfs2/dlm/dlmrecovery.c
>> +++ b/fs/ocfs2/dlm/dlmrecovery.c
>> @@ -2263,11 +2263,45 @@ static void dlm_revalidate_lvb(struct dlm_ctxt *dlm,
>>      }
>>  }
>>  
>> +static int dlm_drop_pending_ast_bast(struct dlm_ctxt *dlm,
>> +                     struct dlm_lock *lock)
>> +{
>> +    int reserved = 0;
>> +
>> +    spin_lock(&dlm->ast_lock);
>> +    if (!list_empty(&lock->ast_list)) {
>> +        mlog(0, "%s: drop pending AST for lock(cookie=%u:%llu).\n",
>> +             dlm->name,
>> +             dlm_get_lock_cookie_node(be64_to_cpu(lock->ml.cookie)),
>> +             dlm_get_lock_cookie_seq(be64_to_cpu(lock->ml.cookie)));
>> +        list_del_init(&lock->ast_list);
>> +        lock->ast_pending = 0;
>> +        dlm_lock_put(lock);
>> +        reserved++;
>> +    }
>> +
>> +    if (!list_empty(&lock->bast_list)) {
>> +        mlog(0, "%s: drop pending BAST for lock(cookie=%u:%llu).\n",
>> +             dlm->name,
>> +             dlm_get_lock_cookie_node(be64_to_cpu(lock->ml.cookie)),
>> +             dlm_get_lock_cookie_seq(be64_to_cpu(lock->ml.cookie)));
>> +        list_del_init(&lock->bast_list);
>> +        lock->bast_pending = 0;
>> +        dlm_lock_put(lock);
>> +        reserved++;
>> +    }
>> +    spin_unlock(&dlm->ast_lock);
>> +
>> +    return reserved;
>> +}
>> +
>>  static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
>> -                struct dlm_lock_resource *res, u8 dead_node)
>> +                struct dlm_lock_resource *res, u8 dead_node,
>> +                int *reserved)
>>  {
>>      struct dlm_lock *lock, *next;
>>      unsigned int freed = 0;
>> +    int reserved_tmp = 0;
>>  
>>      /* this node is the lockres master:
>>       * 1) remove any stale locks for the dead node
>> @@ -2284,6 +2318,9 @@ static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
>>          if (lock->ml.node == dead_node) {
>>              list_del_init(&lock->list);
>>              dlm_lock_put(lock);
>> +
>> +            reserved_tmp += dlm_drop_pending_ast_bast(dlm, lock);
>> +
>>              /* Can't schedule DLM_UNLOCK_FREE_LOCK - do manually */
>>              dlm_lock_put(lock);
>>              freed++;
>> @@ -2293,6 +2330,9 @@ static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
>>          if (lock->ml.node == dead_node) {
>>              list_del_init(&lock->list);
>>              dlm_lock_put(lock);
>> +
>> +            reserved_tmp += dlm_drop_pending_ast_bast(dlm, lock);
>> +
>>              /* Can't schedule DLM_UNLOCK_FREE_LOCK - do manually */
>>              dlm_lock_put(lock);
>>              freed++;
>> @@ -2308,6 +2348,8 @@ static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
>>          }
>>      }
>>  
>> +    *reserved = reserved_tmp;
>> +
>>      if (freed) {
>>          mlog(0, "%s:%.*s: freed %u locks for dead node %u, "
>>               "dropping ref from lockres\n", dlm->name,
>> @@ -2367,6 +2409,7 @@ static void dlm_do_local_recovery_cleanup(struct
>> dlm_ctxt *dlm, u8 dead_node)
>>      for (i = 0; i < DLM_HASH_BUCKETS; i++) {
>>          bucket = dlm_lockres_hash(dlm, i);
>>          hlist_for_each_entry_safe(res, tmp, bucket, hash_node) {
>> +            int reserved = 0;
>>               /* always prune any $RECOVERY entries for dead nodes,
>>                * otherwise hangs can occur during later recovery */
>>              if (dlm_is_recovery_lock(res->lockname.name,
>> @@ -2420,7 +2463,7 @@ static void dlm_do_local_recovery_cleanup(struct
>> dlm_ctxt *dlm, u8 dead_node)
>>                      continue;
>>                  }
>>              } else if (res->owner == dlm->node_num) {
>> -                dlm_free_dead_locks(dlm, res, dead_node);
>> +                dlm_free_dead_locks(dlm, res, dead_node, &reserved);
>>                  __dlm_lockres_calc_usage(dlm, res);
>>              } else if (res->owner == DLM_LOCK_RES_OWNER_UNKNOWN) {
>>                  if (test_bit(dead_node, res->refmap)) {
>> @@ -2432,6 +2475,10 @@ static void dlm_do_local_recovery_cleanup(struct
>> dlm_ctxt *dlm, u8 dead_node)
>>                  }
>>              }
>>              spin_unlock(&res->spinlock);
>> +            while (reserved) {
>> +                dlm_lockres_release_ast(dlm, res);
>> +                reserved--;
>> +            }
>>          }
>>      }
>>  
>> diff --git a/fs/ocfs2/dlm/dlmthread.c b/fs/ocfs2/dlm/dlmthread.c
>> index 838a06d..c34a619 100644
>> --- a/fs/ocfs2/dlm/dlmthread.c
>> +++ b/fs/ocfs2/dlm/dlmthread.c
>> @@ -587,13 +587,13 @@ static int dlm_dirty_list_empty(struct dlm_ctxt *dlm)
>>  
>>  static void dlm_flush_asts(struct dlm_ctxt *dlm)
>>  {
>> -    int ret;
>> +    int ret = 0;
>>      struct dlm_lock *lock;
>>      struct dlm_lock_resource *res;
>>      u8 hi;
>>  
>>      spin_lock(&dlm->ast_lock);
>> -    while (!list_empty(&dlm->pending_asts)) {
>> +    while (!list_empty(&dlm->pending_asts) && !ret) {
>>          lock = list_entry(dlm->pending_asts.next,
>>                    struct dlm_lock, ast_list);
>>          /* get an extra ref on lock */
>> @@ -628,8 +628,20 @@ static void dlm_flush_asts(struct dlm_ctxt *dlm)
>>              mlog(0, "%s: res %.*s, AST queued while flushing last "
>>                   "one\n", dlm->name, res->lockname.len,
>>                   res->lockname.name);
>> -        } else
>> -            lock->ast_pending = 0;
>> +        } else {
>> +            if (unlikely(ret < 0)) {
>> +                /* If this AST is not sent back successfully,
>> +                 * there is no chance that the second lock
>> +                 * request comes.
>> +                 */
>> +                spin_lock(&res->spinlock);
>> +                __dlm_lockres_reserve_ast(res);
>> +                spin_unlock(&res->spinlock);
>> +                __dlm_queue_ast(dlm, lock);
>> +            } else {
>> +                lock->ast_pending = 0;
>> +            }
>> +        }
>>  
>>          /* drop the extra ref.
>>           * this may drop it completely. */
>> @@ -637,7 +649,9 @@ static void dlm_flush_asts(struct dlm_ctxt *dlm)
>>          dlm_lockres_release_ast(dlm, res);
>>      }
>>  
>> -    while (!list_empty(&dlm->pending_basts)) {
>> +    ret = 0;
>> +
>> +    while (!list_empty(&dlm->pending_basts) && !ret) {
>>          lock = list_entry(dlm->pending_basts.next,
>>                    struct dlm_lock, bast_list);
>>          /* get an extra ref on lock */
>> @@ -650,7 +664,6 @@ static void dlm_flush_asts(struct dlm_ctxt *dlm)
>>          spin_lock(&lock->spinlock);
>>          BUG_ON(lock->ml.highest_blocked <= LKM_IVMODE);
>>          hi = lock->ml.highest_blocked;
>> -        lock->ml.highest_blocked = LKM_IVMODE;
>>          spin_unlock(&lock->spinlock);
>>  
>>          /* remove from list (including ref) */
>> @@ -681,7 +694,19 @@ static void dlm_flush_asts(struct dlm_ctxt *dlm)
>>                   "one\n", dlm->name, res->lockname.len,
>>                   res->lockname.name);
>>          } else
>> -            lock->bast_pending = 0;
>> +            if (unlikely(ret)) {
>> +                spin_lock(&res->spinlock);
>> +                __dlm_lockres_reserve_ast(res);
>> +                spin_unlock(&res->spinlock);
>> +                __dlm_queue_bast(dlm, lock);
>> +            } else {
>> +                lock->bast_pending = 0;
>> +                /* Set ::highest_blocked to invalid after
>> +                 * sending BAST successfully so that
>> +                 * no more BAST would be queued.
>> +                 */
>> +                lock->ml.highest_blocked = LKM_IVMODE;
>> +            }
>>  
>>          /* drop the extra ref.
>>           * this may drop it completely. */
>> -- 
>> 1.7.9.5
>>
>>
>> _______________________________________________
>> Ocfs2-devel mailing list
>> Ocfs2-devel@oss.oracle.com 
>> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
Mark Fasheh Aug. 7, 2017, 8:19 p.m. UTC | #3
On Mon, Aug 7, 2017 at 2:13 AM, Changwei Ge <ge.changwei@h3c.com> wrote:
> Hi,
>
> In current code, while flushing AST, we don't handle an exception that
> sending AST or BAST is failed.
> But it is indeed possible that AST or BAST is lost due to some kind of
> networks fault.
>
> If above exception happens, the requesting node will never obtain an AST
> back, hence, it will never acquire the lock or abort current locking.
>
> With this patch, I'd like to fix this issue by re-queuing the AST or
> BAST if sending is failed due to networks fault.
>
> And the re-queuing AST or BAST will be dropped if the requesting node is
> dead!
>
> It will improve the reliability a lot.

Can you detail your testing? Code-wise this looks fine to me but as
you note, this is a pretty hard to hit corner case so it'd be nice to
hear that you were able to exercise it.

Thanks,
   --Mark
Changwei Ge Aug. 8, 2017, 10:56 a.m. UTC | #4
On 2017/8/8 4:20, Mark Fasheh wrote:
> On Mon, Aug 7, 2017 at 2:13 AM, Changwei Ge <ge.changwei@h3c.com> wrote:
>> Hi,
>>
>> In current code, while flushing AST, we don't handle an exception that
>> sending AST or BAST is failed.
>> But it is indeed possible that AST or BAST is lost due to some kind of
>> networks fault.
>>
>> If above exception happens, the requesting node will never obtain an AST
>> back, hence, it will never acquire the lock or abort current locking.
>>
>> With this patch, I'd like to fix this issue by re-queuing the AST or
>> BAST if sending is failed due to networks fault.
>>
>> And the re-queuing AST or BAST will be dropped if the requesting node is
>> dead!
>>
>> It will improve the reliability a lot.
> Can you detail your testing? Code-wise this looks fine to me but as
> you note, this is a pretty hard to hit corner case so it'd be nice to
> hear that you were able to exercise it.
>
> Thanks,
>    --Mark
Hi Mark,

My test is quite simple to perform.
Test environment includes 7 hosts. Ethernet devices in 6 of them are
down and then up repetitively.
After several rounds of up and down. Some file operation hangs.

Through debugfs.ocfs2 tool involved in NODE 2 which was the owner of
lock resource 'O000000000000000011150300000000',
it told that:

debugfs: dlm_locks O000000000000000011150300000000
Lockres: O000000000000000011150300000000   Owner: 2    State: 0x0
Last Used: 0      ASTs Reserved: 0    Inflight: 0    Migration Pending: No
Refs: 4    Locks: 2    On Lists: None
Reference Map: 3
 Lock-Queue  Node  Level  Conv  Cookie           Refs  AST  BAST 
Pending-Action
 Granted     2     PR     -1    2:53             2     No   No    None
 Granted     3     PR     -1    3:48             2     No   No    None

That meant NODE 2 had granted NODE 3 and the AST had been transited to
NODE 3.

Meanwhile, through debugfs.ocfs2 tool involved in NODE 3,
it told that:
debugfs: dlm_locks O000000000000000011150300000000
Lockres: O000000000000000011150300000000   Owner: 2    State: 0x0
Last Used: 0      ASTs Reserved: 0    Inflight: 0    Migration Pending: No
Refs: 3    Locks: 1    On Lists: None
Reference Map:
 Lock-Queue  Node  Level  Conv  Cookie           Refs  AST  BAST 
Pending-Action
 Blocked     3     PR     -1    3:48             2     No   No    None

That meant NODE 3 didn't ever receive any AST to move local lock from
blocked list to grant list.

This consequence  makes sense, since AST sending is failed which can be
seen in kernel log.

As for BAST, it is more or less the same.

Thanks
Changwei


From
Joseph Qi Aug. 9, 2017, 11:32 a.m. UTC | #5
Hi,

On 17/8/7 15:13, Changwei Ge wrote:
> Hi,
> 
> In current code, while flushing AST, we don't handle an exception that
> sending AST or BAST is failed.
> But it is indeed possible that AST or BAST is lost due to some kind of
> networks fault.
> 
Could you please describe this issue more clearly? It is better analyze
issue along with the error message and the status of related nodes.
IMO, if network is down, one of the two nodes will be fenced. So what's
your case here?

Thanks,
Joseph

> If above exception happens, the requesting node will never obtain an AST
> back, hence, it will never acquire the lock or abort current locking.
> 
> With this patch, I'd like to fix this issue by re-queuing the AST or
> BAST if sending is failed due to networks fault.
> 
> And the re-queuing AST or BAST will be dropped if the requesting node is
> dead!
> 
> It will improve the reliability a lot.
> 
> 
> Thanks.
> 
> Changwei.
Changwei Ge Aug. 9, 2017, 3:24 p.m. UTC | #6
Hi


On 2017/8/9 下午7:32, Joseph Qi wrote:
> Hi,

>

> On 17/8/7 15:13, Changwei Ge wrote:

>> Hi,

>>

>> In current code, while flushing AST, we don't handle an exception that

>> sending AST or BAST is failed.

>> But it is indeed possible that AST or BAST is lost due to some kind of

>> networks fault.

>>

> Could you please describe this issue more clearly? It is better analyze

> issue along with the error message and the status of related nodes.

> IMO, if network is down, one of the two nodes will be fenced. So what's

> your case here?

>

> Thanks,

> Joseph


I have posted the status of related lock resource in my preceding email. 
Please check them out.

Moreover, network is not down forever even not longer than threshold  to 
be fenced.
So no node will be fenced.

This issue happens in terrible network environment. Some messages may be 
abandoned by switch due to various conditions.
And even frequent and fast link up and down will also cause this issue.

In a nutshell,  re-queuing AST and BAST is crucial when link between 
nodes recover quickly. It prevents cluster from hanging.

Thanks,
Changwei
>> If above exception happens, the requesting node will never obtain an AST

>> back, hence, it will never acquire the lock or abort current locking.

>>

>> With this patch, I'd like to fix this issue by re-queuing the AST or

>> BAST if sending is failed due to networks fault.

>>

>> And the re-queuing AST or BAST will be dropped if the requesting node is

>> dead!

>>

>> It will improve the reliability a lot.

>>

>>

>> Thanks.

>>

>> Changwei.

> _______________________________________________

> Ocfs2-devel mailing list

> Ocfs2-devel@oss.oracle.com

> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
Joseph Qi Aug. 10, 2017, 9:34 a.m. UTC | #7
Hi Changwei,

On 17/8/9 23:24, ge changwei wrote:
> Hi
> 
> 
> On 2017/8/9 下午7:32, Joseph Qi wrote:
>> Hi,
>>
>> On 17/8/7 15:13, Changwei Ge wrote:
>>> Hi,
>>>
>>> In current code, while flushing AST, we don't handle an exception that
>>> sending AST or BAST is failed.
>>> But it is indeed possible that AST or BAST is lost due to some kind of
>>> networks fault.
>>>
>> Could you please describe this issue more clearly? It is better analyze
>> issue along with the error message and the status of related nodes.
>> IMO, if network is down, one of the two nodes will be fenced. So what's
>> your case here?
>>
>> Thanks,
>> Joseph
> 
> I have posted the status of related lock resource in my preceding email. 
> Please check them out.
> 
> Moreover, network is not down forever even not longer than threshold  to 
> be fenced.
> So no node will be fenced.
> 
> This issue happens in terrible network environment. Some messages may be 
> abandoned by switch due to various conditions.
> And even frequent and fast link up and down will also cause this issue.
> 
> In a nutshell,  re-queuing AST and BAST is crucial when link between 
> nodes recover quickly. It prevents cluster from hanging.
>So you mean the tcp packet is lost due to connection reset? IIRC,
Junxiao has posted a patchset to fix this issue.
If you are using the way of re-queuing, how to make sure the original
message is *truly* lost and the same ast/bast won't be sent twice?

Thanks,
Joseph
 
> Thanks,
> Changwei
>>> If above exception happens, the requesting node will never obtain an AST
>>> back, hence, it will never acquire the lock or abort current locking.
>>>
>>> With this patch, I'd like to fix this issue by re-queuing the AST or
>>> BAST if sending is failed due to networks fault.
>>>
>>> And the re-queuing AST or BAST will be dropped if the requesting node is
>>> dead!
>>>
>>> It will improve the reliability a lot.
>>>
>>>
>>> Thanks.
>>>
>>> Changwei.
>> _______________________________________________
>> Ocfs2-devel mailing list
>> Ocfs2-devel@oss.oracle.com
>> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
>
Changwei Ge Aug. 10, 2017, 10:49 a.m. UTC | #8
Hi Joseph,


On 2017/8/10 17:53, Joseph Qi wrote:
> Hi Changwei,
>
> On 17/8/9 23:24, ge changwei wrote:
>> Hi
>>
>>
>> On 2017/8/9 下午7:32, Joseph Qi wrote:
>>> Hi,
>>>
>>> On 17/8/7 15:13, Changwei Ge wrote:
>>>> Hi,
>>>>
>>>> In current code, while flushing AST, we don't handle an exception that
>>>> sending AST or BAST is failed.
>>>> But it is indeed possible that AST or BAST is lost due to some kind of
>>>> networks fault.
>>>>
>>> Could you please describe this issue more clearly? It is better analyze
>>> issue along with the error message and the status of related nodes.
>>> IMO, if network is down, one of the two nodes will be fenced. So what's
>>> your case here?
>>>
>>> Thanks,
>>> Joseph
>> I have posted the status of related lock resource in my preceding email. 
>> Please check them out.
>>
>> Moreover, network is not down forever even not longer than threshold  to 
>> be fenced.
>> So no node will be fenced.
>>
>> This issue happens in terrible network environment. Some messages may be 
>> abandoned by switch due to various conditions.
>> And even frequent and fast link up and down will also cause this issue.
>>
>> In a nutshell,  re-queuing AST and BAST is crucial when link between 
>> nodes recover quickly. It prevents cluster from hanging.
>> So you mean the tcp packet is lost due to connection reset? IIRC,
Yes, it's something like that exception which I think is deserved to be
fixed within OCFS2.
> Junxiao has posted a patchset to fix this issue.
> If you are using the way of re-queuing, how to make sure the original
> message is *truly* lost and the same ast/bast won't be sent twice?
With regards to TCP layer, if it returns error to OCFS2, packets must
not be sent successfully. So no node will obtain such an AST or BAST.
With regards to OCFS2, my patch can guarantee that one AST/BAST can't be
queued on pending list twice of which are both sent successfully.

Thanks,
Changwei
>
> Thanks,
> Joseph
>  
>> Thanks,
>> Changwei
>>>> If above exception happens, the requesting node will never obtain an AST
>>>> back, hence, it will never acquire the lock or abort current locking.
>>>>
>>>> With this patch, I'd like to fix this issue by re-queuing the AST or
>>>> BAST if sending is failed due to networks fault.
>>>>
>>>> And the re-queuing AST or BAST will be dropped if the requesting node is
>>>> dead!
>>>>
>>>> It will improve the reliability a lot.
>>>>
>>>>
>>>> Thanks.
>>>>
>>>> Changwei.
>>> _______________________________________________
>>> Ocfs2-devel mailing list
>>> Ocfs2-devel@oss.oracle.com
>>> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
Mark Fasheh Aug. 22, 2017, 8:49 p.m. UTC | #9
On Tue, Aug 8, 2017 at 5:56 AM, Changwei Ge <ge.changwei@h3c.com> wrote:
>>> It will improve the reliability a lot.
>> Can you detail your testing? Code-wise this looks fine to me but as
>> you note, this is a pretty hard to hit corner case so it'd be nice to
>> hear that you were able to exercise it.
>>
>> Thanks,
>>    --Mark
> Hi Mark,
>
> My test is quite simple to perform.
> Test environment includes 7 hosts. Ethernet devices in 6 of them are
> down and then up repetitively.
> After several rounds of up and down. Some file operation hangs.
>
> Through debugfs.ocfs2 tool involved in NODE 2 which was the owner of
> lock resource 'O000000000000000011150300000000',
> it told that:
>
> debugfs: dlm_locks O000000000000000011150300000000
> Lockres: O000000000000000011150300000000   Owner: 2    State: 0x0
> Last Used: 0      ASTs Reserved: 0    Inflight: 0    Migration Pending: No
> Refs: 4    Locks: 2    On Lists: None
> Reference Map: 3
>  Lock-Queue  Node  Level  Conv  Cookie           Refs  AST  BAST
> Pending-Action
>  Granted     2     PR     -1    2:53             2     No   No    None
>  Granted     3     PR     -1    3:48             2     No   No    None
>
> That meant NODE 2 had granted NODE 3 and the AST had been transited to
> NODE 3.
>
> Meanwhile, through debugfs.ocfs2 tool involved in NODE 3,
> it told that:
> debugfs: dlm_locks O000000000000000011150300000000
> Lockres: O000000000000000011150300000000   Owner: 2    State: 0x0
> Last Used: 0      ASTs Reserved: 0    Inflight: 0    Migration Pending: No
> Refs: 3    Locks: 1    On Lists: None
> Reference Map:
>  Lock-Queue  Node  Level  Conv  Cookie           Refs  AST  BAST
> Pending-Action
>  Blocked     3     PR     -1    3:48             2     No   No    None
>
> That meant NODE 3 didn't ever receive any AST to move local lock from
> blocked list to grant list.
>
> This consequence  makes sense, since AST sending is failed which can be
> seen in kernel log.
>
> As for BAST, it is more or less the same.
>
> Thanks
> Changwei


Thanks for the testing details. I think you got Andrew's e-mail wrong
so I'm CC'ing him now. It might be a good idea to re-send the patch
with the right CC's - add some of your testing details to the log.
You're free to use my

Reviewed-by: Mark Fasheh <mfasheh@versity.com>

as well.

Thanks again,
   --Mark
Joseph Qi Aug. 23, 2017, 1:06 a.m. UTC | #10
Hi Mark,

On 17/8/23 04:49, Mark Fasheh wrote:
> On Tue, Aug 8, 2017 at 5:56 AM, Changwei Ge <ge.changwei@h3c.com> wrote:
>>>> It will improve the reliability a lot.
>>> Can you detail your testing? Code-wise this looks fine to me but as
>>> you note, this is a pretty hard to hit corner case so it'd be nice to
>>> hear that you were able to exercise it.
>>>
>>> Thanks,
>>>    --Mark
>> Hi Mark,
>>
>> My test is quite simple to perform.
>> Test environment includes 7 hosts. Ethernet devices in 6 of them are
>> down and then up repetitively.
>> After several rounds of up and down. Some file operation hangs.
>>
>> Through debugfs.ocfs2 tool involved in NODE 2 which was the owner of
>> lock resource 'O000000000000000011150300000000',
>> it told that:
>>
>> debugfs: dlm_locks O000000000000000011150300000000
>> Lockres: O000000000000000011150300000000   Owner: 2    State: 0x0
>> Last Used: 0      ASTs Reserved: 0    Inflight: 0    Migration Pending: No
>> Refs: 4    Locks: 2    On Lists: None
>> Reference Map: 3
>>  Lock-Queue  Node  Level  Conv  Cookie           Refs  AST  BAST
>> Pending-Action
>>  Granted     2     PR     -1    2:53             2     No   No    None
>>  Granted     3     PR     -1    3:48             2     No   No    None
>>
>> That meant NODE 2 had granted NODE 3 and the AST had been transited to
>> NODE 3.
>>
>> Meanwhile, through debugfs.ocfs2 tool involved in NODE 3,
>> it told that:
>> debugfs: dlm_locks O000000000000000011150300000000
>> Lockres: O000000000000000011150300000000   Owner: 2    State: 0x0
>> Last Used: 0      ASTs Reserved: 0    Inflight: 0    Migration Pending: No
>> Refs: 3    Locks: 1    On Lists: None
>> Reference Map:
>>  Lock-Queue  Node  Level  Conv  Cookie           Refs  AST  BAST
>> Pending-Action
>>  Blocked     3     PR     -1    3:48             2     No   No    None
>>
>> That meant NODE 3 didn't ever receive any AST to move local lock from
>> blocked list to grant list.
>>
>> This consequence  makes sense, since AST sending is failed which can be
>> seen in kernel log.
>>
>> As for BAST, it is more or less the same.
>>
>> Thanks
>> Changwei
> 
> 
> Thanks for the testing details. I think you got Andrew's e-mail wrong
> so I'm CC'ing him now. It might be a good idea to re-send the patch
> with the right CC's - add some of your testing details to the log.

IMO, network error occurs cannot make sure that target node hasn't
received the message. A complete message round includes:
1. sending to the target node;
2. get response from the target node.

So if network error happens on phase 2, re-queue the message will
cause ast/bast to be sent twice. I'm afraid this cannot be handled
currently.

If I understand wrong, please point out.

Thanks,
Joseph

> You're free to use my
> 
> Reviewed-by: Mark Fasheh <mfasheh@versity.com>
> 
> as well.
> 
> Thanks again,
>    --Mark
>
Junxiao Bi Aug. 23, 2017, 2:23 a.m. UTC | #11
On 08/10/2017 06:49 PM, Changwei Ge wrote:
> Hi Joseph,
> 
> 
> On 2017/8/10 17:53, Joseph Qi wrote:
>> Hi Changwei,
>>
>> On 17/8/9 23:24, ge changwei wrote:
>>> Hi
>>>
>>>
>>> On 2017/8/9 下午7:32, Joseph Qi wrote:
>>>> Hi,
>>>>
>>>> On 17/8/7 15:13, Changwei Ge wrote:
>>>>> Hi,
>>>>>
>>>>> In current code, while flushing AST, we don't handle an exception that
>>>>> sending AST or BAST is failed.
>>>>> But it is indeed possible that AST or BAST is lost due to some kind of
>>>>> networks fault.
>>>>>
>>>> Could you please describe this issue more clearly? It is better analyze
>>>> issue along with the error message and the status of related nodes.
>>>> IMO, if network is down, one of the two nodes will be fenced. So what's
>>>> your case here?
>>>>
>>>> Thanks,
>>>> Joseph
>>> I have posted the status of related lock resource in my preceding email. 
>>> Please check them out.
>>>
>>> Moreover, network is not down forever even not longer than threshold  to 
>>> be fenced.
>>> So no node will be fenced.
>>>
>>> This issue happens in terrible network environment. Some messages may be 
>>> abandoned by switch due to various conditions.
>>> And even frequent and fast link up and down will also cause this issue.
>>>
>>> In a nutshell,  re-queuing AST and BAST is crucial when link between 
>>> nodes recover quickly. It prevents cluster from hanging.
>>> So you mean the tcp packet is lost due to connection reset? IIRC,
> Yes, it's something like that exception which I think is deserved to be
> fixed within OCFS2.
>> Junxiao has posted a patchset to fix this issue.
>> If you are using the way of re-queuing, how to make sure the original
>> message is *truly* lost and the same ast/bast won't be sent twice?
> With regards to TCP layer, if it returns error to OCFS2, packets must
> not be sent successfully. So no node will obtain such an AST or BAST.
Right, but not only AST/BAST, other messages pending in tcp queue will
also lost if tcp return error to ocfs2, this can also caused hung.
Besides, your fix may introduce duplicated ast/bast message Joseph
mentioned.
Ocfs2 depends tcp a lot, it can't work well if tcp return error to it.
To fix it, maybe ocfs2 should maintain its own message queue and ack
messages while not depend on TCP.

Thanks,
Junxiao.


> With regards to OCFS2, my patch can guarantee that one AST/BAST can't be
> queued on pending list twice of which are both sent successfully.
> 
> Thanks,
> Changwei
>>
>> Thanks,
>> Joseph
>>  
>>> Thanks,
>>> Changwei
>>>>> If above exception happens, the requesting node will never obtain an AST
>>>>> back, hence, it will never acquire the lock or abort current locking.
>>>>>
>>>>> With this patch, I'd like to fix this issue by re-queuing the AST or
>>>>> BAST if sending is failed due to networks fault.
>>>>>
>>>>> And the re-queuing AST or BAST will be dropped if the requesting node is
>>>>> dead!
>>>>>
>>>>> It will improve the reliability a lot.
>>>>>
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Changwei.
>>>> _______________________________________________
>>>> Ocfs2-devel mailing list
>>>> Ocfs2-devel@oss.oracle.com
>>>> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
>
Joseph Qi Aug. 23, 2017, 3:34 a.m. UTC | #12
On 17/8/23 10:23, Junxiao Bi wrote:
> On 08/10/2017 06:49 PM, Changwei Ge wrote:
>> Hi Joseph,
>>
>>
>> On 2017/8/10 17:53, Joseph Qi wrote:
>>> Hi Changwei,
>>>
>>> On 17/8/9 23:24, ge changwei wrote:
>>>> Hi
>>>>
>>>>
>>>> On 2017/8/9 下午7:32, Joseph Qi wrote:
>>>>> Hi,
>>>>>
>>>>> On 17/8/7 15:13, Changwei Ge wrote:
>>>>>> Hi,
>>>>>>
>>>>>> In current code, while flushing AST, we don't handle an exception that
>>>>>> sending AST or BAST is failed.
>>>>>> But it is indeed possible that AST or BAST is lost due to some kind of
>>>>>> networks fault.
>>>>>>
>>>>> Could you please describe this issue more clearly? It is better analyze
>>>>> issue along with the error message and the status of related nodes.
>>>>> IMO, if network is down, one of the two nodes will be fenced. So what's
>>>>> your case here?
>>>>>
>>>>> Thanks,
>>>>> Joseph
>>>> I have posted the status of related lock resource in my preceding email. 
>>>> Please check them out.
>>>>
>>>> Moreover, network is not down forever even not longer than threshold  to 
>>>> be fenced.
>>>> So no node will be fenced.
>>>>
>>>> This issue happens in terrible network environment. Some messages may be 
>>>> abandoned by switch due to various conditions.
>>>> And even frequent and fast link up and down will also cause this issue.
>>>>
>>>> In a nutshell,  re-queuing AST and BAST is crucial when link between 
>>>> nodes recover quickly. It prevents cluster from hanging.
>>>> So you mean the tcp packet is lost due to connection reset? IIRC,
>> Yes, it's something like that exception which I think is deserved to be
>> fixed within OCFS2.
>>> Junxiao has posted a patchset to fix this issue.
>>> If you are using the way of re-queuing, how to make sure the original
>>> message is *truly* lost and the same ast/bast won't be sent twice?
>> With regards to TCP layer, if it returns error to OCFS2, packets must
>> not be sent successfully. So no node will obtain such an AST or BAST.
> Right, but not only AST/BAST, other messages pending in tcp queue will
> also lost if tcp return error to ocfs2, this can also caused hung.
> Besides, your fix may introduce duplicated ast/bast message Joseph
> mentioned.
> Ocfs2 depends tcp a lot, it can't work well if tcp return error to it.
> To fix it, maybe ocfs2 should maintain its own message queue and ack
> messages while not depend on TCP.>
Agree. Or we can add a sequence to distinguish duplicate message. Under
this, we can simply resend message if fails.

Thanks,
Joseph
 
> Thanks,
> Junxiao.
Gang He Aug. 23, 2017, 4:47 a.m. UTC | #13
>>> 

> 
> On 17/8/23 10:23, Junxiao Bi wrote:
>> On 08/10/2017 06:49 PM, Changwei Ge wrote:
>>> Hi Joseph,
>>>
>>>
>>> On 2017/8/10 17:53, Joseph Qi wrote:
>>>> Hi Changwei,
>>>>
>>>> On 17/8/9 23:24, ge changwei wrote:
>>>>> Hi
>>>>>
>>>>>
>>>>> On 2017/8/9 下午7:32, Joseph Qi wrote:
>>>>>> Hi,
>>>>>>
>>>>>> On 17/8/7 15:13, Changwei Ge wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> In current code, while flushing AST, we don't handle an exception that
>>>>>>> sending AST or BAST is failed.
>>>>>>> But it is indeed possible that AST or BAST is lost due to some kind of
>>>>>>> networks fault.
>>>>>>>
>>>>>> Could you please describe this issue more clearly? It is better analyze
>>>>>> issue along with the error message and the status of related nodes.
>>>>>> IMO, if network is down, one of the two nodes will be fenced. So what's
>>>>>> your case here?
>>>>>>
>>>>>> Thanks,
>>>>>> Joseph
>>>>> I have posted the status of related lock resource in my preceding email. 
>>>>> Please check them out.
>>>>>
>>>>> Moreover, network is not down forever even not longer than threshold  to 
>>>>> be fenced.
>>>>> So no node will be fenced.
>>>>>
>>>>> This issue happens in terrible network environment. Some messages may be 
>>>>> abandoned by switch due to various conditions.
>>>>> And even frequent and fast link up and down will also cause this issue.
>>>>>
>>>>> In a nutshell,  re-queuing AST and BAST is crucial when link between 
>>>>> nodes recover quickly. It prevents cluster from hanging.
>>>>> So you mean the tcp packet is lost due to connection reset? IIRC,
>>> Yes, it's something like that exception which I think is deserved to be
>>> fixed within OCFS2.
>>>> Junxiao has posted a patchset to fix this issue.
>>>> If you are using the way of re-queuing, how to make sure the original
>>>> message is *truly* lost and the same ast/bast won't be sent twice?
>>> With regards to TCP layer, if it returns error to OCFS2, packets must
>>> not be sent successfully. So no node will obtain such an AST or BAST.
>> Right, but not only AST/BAST, other messages pending in tcp queue will
>> also lost if tcp return error to ocfs2, this can also caused hung.
>> Besides, your fix may introduce duplicated ast/bast message Joseph
>> mentioned.
>> Ocfs2 depends tcp a lot, it can't work well if tcp return error to it.
>> To fix it, maybe ocfs2 should maintain its own message queue and ack
>> messages while not depend on TCP.>
> Agree. Or we can add a sequence to distinguish duplicate message. Under
> this, we can simply resend message if fails.
Look likes, we need to make the message stateless.
Maybe, we can refer to GFS2, to see if GFS2 has considered this issue.

Thanks
Gang

> 
> Thanks,
> Joseph
>  
>> Thanks,
>> Junxiao.
> 
> _______________________________________________
> Ocfs2-devel mailing list
> Ocfs2-devel@oss.oracle.com 
> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
Changwei Ge Aug. 23, 2017, 5:56 a.m. UTC | #14
On 2017/8/23 12:48, Gang He wrote:
>
>
>> On 17/8/23 10:23, Junxiao Bi wrote:
>>> On 08/10/2017 06:49 PM, Changwei Ge wrote:
>>>> Hi Joseph,
>>>>
>>>>
>>>> On 2017/8/10 17:53, Joseph Qi wrote:
>>>>> Hi Changwei,
>>>>>
>>>>> On 17/8/9 23:24, ge changwei wrote:
>>>>>> Hi
>>>>>>
>>>>>>
>>>>>> On 2017/8/9 下午7:32, Joseph Qi wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> On 17/8/7 15:13, Changwei Ge wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> In current code, while flushing AST, we don't handle an exception that
>>>>>>>> sending AST or BAST is failed.
>>>>>>>> But it is indeed possible that AST or BAST is lost due to some kind of
>>>>>>>> networks fault.
>>>>>>>>
>>>>>>> Could you please describe this issue more clearly? It is better analyze
>>>>>>> issue along with the error message and the status of related nodes.
>>>>>>> IMO, if network is down, one of the two nodes will be fenced. So what's
>>>>>>> your case here?
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Joseph
>>>>>> I have posted the status of related lock resource in my preceding email. 
>>>>>> Please check them out.
>>>>>>
>>>>>> Moreover, network is not down forever even not longer than threshold  to 
>>>>>> be fenced.
>>>>>> So no node will be fenced.
>>>>>>
>>>>>> This issue happens in terrible network environment. Some messages may be 
>>>>>> abandoned by switch due to various conditions.
>>>>>> And even frequent and fast link up and down will also cause this issue.
>>>>>>
>>>>>> In a nutshell,  re-queuing AST and BAST is crucial when link between 
>>>>>> nodes recover quickly. It prevents cluster from hanging.
>>>>>> So you mean the tcp packet is lost due to connection reset? IIRC,
>>>> Yes, it's something like that exception which I think is deserved to be
>>>> fixed within OCFS2.
>>>>> Junxiao has posted a patchset to fix this issue.
>>>>> If you are using the way of re-queuing, how to make sure the original
>>>>> message is *truly* lost and the same ast/bast won't be sent twice?
>>>> With regards to TCP layer, if it returns error to OCFS2, packets must
>>>> not be sent successfully. So no node will obtain such an AST or BAST.
>>> Right, but not only AST/BAST, other messages pending in tcp queue will
>>> also lost if tcp return error to ocfs2, this can also caused hung.
>>> Besides, your fix may introduce duplicated ast/bast message Joseph
>>> mentioned.
>>> Ocfs2 depends tcp a lot, it can't work well if tcp return error to it.
>>> To fix it, maybe ocfs2 should maintain its own message queue and ack
>>> messages while not depend on TCP.>
>> Agree. Or we can add a sequence to distinguish duplicate message. Under
>> this, we can simply resend message if fails.
> Look likes, we need to make the message stateless.
> Maybe, we can refer to GFS2, to see if GFS2 has considered this issue.
>
> Thanks
> Gang
Um.
Since Joseph, Junxiao and Gang all have a different or opposite opinion
on this hang issue fix, I will perform more tests to check if the
previously mentioned duplicated ast issue truly exists. And if it does
exist, I will try to figure out a new way to fix it and send a improved
version of this patch.

I will report the test results few days later. Anyway, thanks for your
comments.

Thank,
Changwei.
>> Thanks,
>> Joseph
>>  
>>> Thanks,
>>> Junxiao.
>> _______________________________________________
>> Ocfs2-devel mailing list
>> Ocfs2-devel@oss.oracle.com 
>> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
Changwei Ge Sept. 13, 2017, 7:03 a.m. UTC | #15
Hi,

I think the mentioned duplicated AST issue doesn't even exist.
Because the re-sended AST won't find any lock on converting list or 
blocked list.
How AST callback can be called twice?

Thanks,
Changwei

> 
> On 2017/8/23 12:48, Gang He wrote:
>>
>>
>>> On 17/8/23 10:23, Junxiao Bi wrote:
>>>> On 08/10/2017 06:49 PM, Changwei Ge wrote:
>>>>> Hi Joseph,
>>>>>
>>>>>
>>>>> On 2017/8/10 17:53, Joseph Qi wrote:
>>>>>> Hi Changwei,
>>>>>>
>>>>>> On 17/8/9 23:24, ge changwei wrote:
>>>>>>> Hi
>>>>>>>
>>>>>>>
>>>>>>> On 2017/8/9 下午7:32, Joseph Qi wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> On 17/8/7 15:13, Changwei Ge wrote:
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> In current code, while flushing AST, we don't handle an
>>>>>>>>> exception that sending AST or BAST is failed.
>>>>>>>>> But it is indeed possible that AST or BAST is lost due to some
>>>>>>>>> kind of networks fault.
>>>>>>>>>
>>>>>>>> Could you please describe this issue more clearly? It is better
>>>>>>>> analyze issue along with the error message and the status of related nodes.
>>>>>>>> IMO, if network is down, one of the two nodes will be fenced. So
>>>>>>>> what's your case here?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Joseph
>>>>>>> I have posted the status of related lock resource in my preceding email.
>>>>>>> Please check them out.
>>>>>>>
>>>>>>> Moreover, network is not down forever even not longer than
>>>>>>> threshold  to be fenced.
>>>>>>> So no node will be fenced.
>>>>>>>
>>>>>>> This issue happens in terrible network environment. Some messages
>>>>>>> may be abandoned by switch due to various conditions.
>>>>>>> And even frequent and fast link up and down will also cause this issue.
>>>>>>>
>>>>>>> In a nutshell,  re-queuing AST and BAST is crucial when link
>>>>>>> between nodes recover quickly. It prevents cluster from hanging.
>>>>>>> So you mean the tcp packet is lost due to connection reset? IIRC,
>>>>> Yes, it's something like that exception which I think is deserved
>>>>> to be fixed within OCFS2.
>>>>>> Junxiao has posted a patchset to fix this issue.
>>>>>> If you are using the way of re-queuing, how to make sure the
>>>>>> original message is *truly* lost and the same ast/bast won't be sent twice?
>>>>> With regards to TCP layer, if it returns error to OCFS2, packets
>>>>> must not be sent successfully. So no node will obtain such an AST or BAST.
>>>> Right, but not only AST/BAST, other messages pending in tcp queue
>>>> will also lost if tcp return error to ocfs2, this can also caused hung.
>>>> Besides, your fix may introduce duplicated ast/bast message Joseph
>>>> mentioned.
>>>> Ocfs2 depends tcp a lot, it can't work well if tcp return error to it.
>>>> To fix it, maybe ocfs2 should maintain its own message queue and ack
>>>> messages while not depend on TCP.>
>>> Agree. Or we can add a sequence to distinguish duplicate message.
>>> Under this, we can simply resend message if fails.
>> Look likes, we need to make the message stateless.
>> Maybe, we can refer to GFS2, to see if GFS2 has considered this issue.
>>
>> Thanks
>> Gang
> Um.
> Since Joseph, Junxiao and Gang all have a different or opposite opinion on this hang issue fix, I will perform more tests to check if the previously mentioned duplicated ast issue truly exists. And if it does exist, I will try to figure out a new way to fix it and send a improved version of this patch.
> 
> I will report the test results few days later. Anyway, thanks for your comments.
> 
> Thank,
> Changwei.
>>> Thanks,
>>> Joseph
>>>   
>>>> Thanks,
>>>> Junxiao.
>>> _______________________________________________
>>> Ocfs2-devel mailing list
>>> Ocfs2-devel@oss.oracle.com
>>> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
> 
> 
> _______________________________________________
> Ocfs2-devel mailing list
> Ocfs2-devel@oss.oracle.com
> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
>

Patch
diff mbox

diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c
index 74407c6..ddfaf74 100644
--- a/fs/ocfs2/dlm/dlmrecovery.c
+++ b/fs/ocfs2/dlm/dlmrecovery.c
@@ -2263,11 +2263,45 @@  static void dlm_revalidate_lvb(struct dlm_ctxt *dlm,
     }
 }
 
+static int dlm_drop_pending_ast_bast(struct dlm_ctxt *dlm,
+                     struct dlm_lock *lock)
+{
+    int reserved = 0;
+
+    spin_lock(&dlm->ast_lock);
+    if (!list_empty(&lock->ast_list)) {
+        mlog(0, "%s: drop pending AST for lock(cookie=%u:%llu).\n",
+             dlm->name,
+             dlm_get_lock_cookie_node(be64_to_cpu(lock->ml.cookie)),
+             dlm_get_lock_cookie_seq(be64_to_cpu(lock->ml.cookie)));
+        list_del_init(&lock->ast_list);
+        lock->ast_pending = 0;
+        dlm_lock_put(lock);
+        reserved++;
+    }
+
+    if (!list_empty(&lock->bast_list)) {
+        mlog(0, "%s: drop pending BAST for lock(cookie=%u:%llu).\n",
+             dlm->name,
+             dlm_get_lock_cookie_node(be64_to_cpu(lock->ml.cookie)),
+             dlm_get_lock_cookie_seq(be64_to_cpu(lock->ml.cookie)));
+        list_del_init(&lock->bast_list);
+        lock->bast_pending = 0;
+        dlm_lock_put(lock);
+        reserved++;
+    }
+    spin_unlock(&dlm->ast_lock);
+
+    return reserved;
+}
+
 static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
-                struct dlm_lock_resource *res, u8 dead_node)
+                struct dlm_lock_resource *res, u8 dead_node,
+                int *reserved)
 {
     struct dlm_lock *lock, *next;
     unsigned int freed = 0;
+    int reserved_tmp = 0;
 
     /* this node is the lockres master:
      * 1) remove any stale locks for the dead node
@@ -2284,6 +2318,9 @@  static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
         if (lock->ml.node == dead_node) {
             list_del_init(&lock->list);
             dlm_lock_put(lock);
+
+            reserved_tmp += dlm_drop_pending_ast_bast(dlm, lock);
+
             /* Can't schedule DLM_UNLOCK_FREE_LOCK - do manually */
             dlm_lock_put(lock);
             freed++;
@@ -2293,6 +2330,9 @@  static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
         if (lock->ml.node == dead_node) {
             list_del_init(&lock->list);
             dlm_lock_put(lock);
+
+            reserved_tmp += dlm_drop_pending_ast_bast(dlm, lock);
+
             /* Can't schedule DLM_UNLOCK_FREE_LOCK - do manually */
             dlm_lock_put(lock);
             freed++;
@@ -2308,6 +2348,8 @@  static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
         }
     }
 
+    *reserved = reserved_tmp;
+
     if (freed) {
         mlog(0, "%s:%.*s: freed %u locks for dead node %u, "
              "dropping ref from lockres\n", dlm->name,
@@ -2367,6 +2409,7 @@  static void dlm_do_local_recovery_cleanup(struct
dlm_ctxt *dlm, u8 dead_node)
     for (i = 0; i < DLM_HASH_BUCKETS; i++) {
         bucket = dlm_lockres_hash(dlm, i);
         hlist_for_each_entry_safe(res, tmp, bucket, hash_node) {
+            int reserved = 0;
              /* always prune any $RECOVERY entries for dead nodes,
               * otherwise hangs can occur during later recovery */
             if (dlm_is_recovery_lock(res->lockname.name,
@@ -2420,7 +2463,7 @@  static void dlm_do_local_recovery_cleanup(struct
dlm_ctxt *dlm, u8 dead_node)
                     continue;
                 }
             } else if (res->owner == dlm->node_num) {
-                dlm_free_dead_locks(dlm, res, dead_node);
+                dlm_free_dead_locks(dlm, res, dead_node, &reserved);
                 __dlm_lockres_calc_usage(dlm, res);
             } else if (res->owner == DLM_LOCK_RES_OWNER_UNKNOWN) {
                 if (test_bit(dead_node, res->refmap)) {
@@ -2432,6 +2475,10 @@  static void dlm_do_local_recovery_cleanup(struct
dlm_ctxt *dlm, u8 dead_node)
                 }
             }
             spin_unlock(&res->spinlock);
+            while (reserved) {
+                dlm_lockres_release_ast(dlm, res);
+                reserved--;
+            }
         }
     }
 
diff --git a/fs/ocfs2/dlm/dlmthread.c b/fs/ocfs2/dlm/dlmthread.c
index 838a06d..c34a619 100644
--- a/fs/ocfs2/dlm/dlmthread.c
+++ b/fs/ocfs2/dlm/dlmthread.c
@@ -587,13 +587,13 @@  static int dlm_dirty_list_empty(struct dlm_ctxt *dlm)
 
 static void dlm_flush_asts(struct dlm_ctxt *dlm)
 {
-    int ret;
+    int ret = 0;
     struct dlm_lock *lock;
     struct dlm_lock_resource *res;
     u8 hi;
 
     spin_lock(&dlm->ast_lock);
-    while (!list_empty(&dlm->pending_asts)) {
+    while (!list_empty(&dlm->pending_asts) && !ret) {
         lock = list_entry(dlm->pending_asts.next,
                   struct dlm_lock, ast_list);
         /* get an extra ref on lock */
@@ -628,8 +628,20 @@  static void dlm_flush_asts(struct dlm_ctxt *dlm)
             mlog(0, "%s: res %.*s, AST queued while flushing last "
                  "one\n", dlm->name, res->lockname.len,
                  res->lockname.name);
-        } else
-            lock->ast_pending = 0;
+        } else {
+            if (unlikely(ret < 0)) {
+                /* If this AST is not sent back successfully,
+                 * there is no chance that the second lock
+                 * request comes.
+                 */
+                spin_lock(&res->spinlock);
+                __dlm_lockres_reserve_ast(res);
+                spin_unlock(&res->spinlock);
+                __dlm_queue_ast(dlm, lock);
+            } else {
+                lock->ast_pending = 0;
+            }
+        }
 
         /* drop the extra ref.
          * this may drop it completely. */
@@ -637,7 +649,9 @@  static void dlm_flush_asts(struct dlm_ctxt *dlm)
         dlm_lockres_release_ast(dlm, res);
     }
 
-    while (!list_empty(&dlm->pending_basts)) {
+    ret = 0;
+
+    while (!list_empty(&dlm->pending_basts) && !ret) {
         lock = list_entry(dlm->pending_basts.next,
                   struct dlm_lock, bast_list);
         /* get an extra ref on lock */
@@ -650,7 +664,6 @@  static void dlm_flush_asts(struct dlm_ctxt *dlm)
         spin_lock(&lock->spinlock);
         BUG_ON(lock->ml.highest_blocked <= LKM_IVMODE);
         hi = lock->ml.highest_blocked;
-        lock->ml.highest_blocked = LKM_IVMODE;
         spin_unlock(&lock->spinlock);
 
         /* remove from list (including ref) */
@@ -681,7 +694,19 @@  static void dlm_flush_asts(struct dlm_ctxt *dlm)
                  "one\n", dlm->name, res->lockname.len,
                  res->lockname.name);
         } else
-            lock->bast_pending = 0;
+            if (unlikely(ret)) {
+                spin_lock(&res->spinlock);
+                __dlm_lockres_reserve_ast(res);
+                spin_unlock(&res->spinlock);
+                __dlm_queue_bast(dlm, lock);
+            } else {
+                lock->bast_pending = 0;
+                /* Set ::highest_blocked to invalid after
+                 * sending BAST successfully so that
+                 * no more BAST would be queued.
+                 */
+                lock->ml.highest_blocked = LKM_IVMODE;
+            }
 
         /* drop the extra ref.
          * this may drop it completely. */