1
0
mirror of git://sourceware.org/git/lvm2.git synced 2025-01-23 02:05:07 +03:00
lvm2/lib/locking/locking.c

437 lines
10 KiB
C
Raw Normal View History

/*
2008-01-30 14:00:02 +00:00
* Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
* Copyright (C) 2004-2011 Red Hat, Inc. All rights reserved.
*
2004-03-30 19:35:44 +00:00
* This file is part of LVM2.
*
2004-03-30 19:35:44 +00:00
* This copyrighted material is made available to anyone wishing to use,
* modify, copy, or redistribute it subject to the terms and conditions
* of the GNU Lesser General Public License v.2.1.
2004-03-30 19:35:44 +00:00
*
* You should have received a copy of the GNU Lesser General Public License
2004-03-30 19:35:44 +00:00
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include "lib/misc/lib.h"
#include "lib/locking/locking.h"
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
#include "lib/locking/lvmlockd.h"
#include "locking_types.h"
#include "lib/misc/lvm-string.h"
#include "lib/activate/activate.h"
#include "lib/commands/toolcontext.h"
#include "lib/mm/memlock.h"
#include "lib/config/defaults.h"
#include "lib/cache/lvmcache.h"
#include "lib/misc/lvm-signal.h"
2008-11-04 15:07:45 +00:00
#include <assert.h>
#include <sys/stat.h>
#include <limits.h>
#include <unistd.h>
static struct locking_type _locking;
static int _vg_lock_count = 0; /* Number of locks held */
static int _vg_write_lock_held = 0; /* VG write lock held? */
static int _blocking_supported = 0;
static int _file_locking_readonly = 0;
static int _file_locking_sysinit = 0;
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
static int _file_locking_ignorefail = 0;
static int _file_locking_failed = 0;
static void _unblock_signals(void)
{
/* Don't unblock signals while any locks are held */
if (!_vg_lock_count)
unblock_signals();
}
2003-05-06 12:03:13 +00:00
void reset_locking(void)
{
int was_locked = _vg_lock_count;
2003-05-06 12:03:13 +00:00
/* file locking disabled */
if (!_locking.flags)
return;
_vg_lock_count = 0;
_vg_write_lock_held = 0;
2003-05-06 12:03:13 +00:00
if (_locking.reset_locking)
_locking.reset_locking();
2003-05-06 12:03:13 +00:00
if (was_locked)
_unblock_signals();
memlock_reset();
2003-05-06 12:03:13 +00:00
}
static void _update_vg_lock_count(const char *resource, uint32_t flags)
{
/* Ignore locks not associated with updating VG metadata */
if (!strcmp(resource, VG_GLOBAL))
return;
2002-04-04 11:18:45 +00:00
if ((flags & LCK_TYPE_MASK) == LCK_UNLOCK)
_vg_lock_count--;
else
_vg_lock_count++;
/* We don't bother to reset this until all VG locks are dropped */
if ((flags & LCK_TYPE_MASK) == LCK_WRITE)
_vg_write_lock_held = 1;
else if (!_vg_lock_count)
_vg_write_lock_held = 0;
}
/*
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
* A mess of options have been introduced over time to override
* or tweak the behavior of file locking, and indirectly other
* behaviors. These options are allowed in different but
* overlapping sets of commands (see command-lines.in)
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
*
* --nolocking
*
* Command won't try to set up or use file locks at all.
*
* --readonly
*
* Command will grant any read lock request, without trying
* to acquire an actual file lock. Command will refuse any
* write lock request. (Activation, which uses a write lock,
* is not allowed.)
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
*
* --ignorelockingfailure
*
* Command tries to set up file locks and will use them
* (both read and write) if successful. If command fails
* to set up file locks it falls back to readonly behavior
* above, while allowing activation.
*
* --sysinit
*
* The same as ignorelockingfailure.
*
* --sysinit --readonly
*
* The combination of these two flags acts like --readonly,
* refusing write lock requests, but makes an exception to
* allow activation.
*
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
* global/metadata_read_only
*
* The command acquires actual read locks and refuses
* write lock requests.
*/
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
int init_locking(struct cmd_context *cmd,
int file_locking_sysinit, int file_locking_readonly, int file_locking_ignorefail)
{
int suppress_messages = 0;
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
if (file_locking_sysinit || getenv("LVM_SUPPRESS_LOCKING_FAILURE_MESSAGES"))
suppress_messages = 1;
_blocking_supported = find_config_tree_bool(cmd, global_wait_for_locks_CFG, NULL);
_file_locking_readonly = file_locking_readonly;
_file_locking_sysinit = file_locking_sysinit;
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
_file_locking_ignorefail = file_locking_ignorefail;
log_debug("File locking settings: readonly:%d sysinit:%d ignorelockingfailure:%d global/metadata_read_only:%d global/wait_for_locks:%d.",
_file_locking_readonly, _file_locking_sysinit, _file_locking_ignorefail,
cmd->metadata_read_only, _blocking_supported);
if (!init_file_locking(&_locking, cmd, suppress_messages)) {
log_error_suppress(suppress_messages, "File locking initialisation failed.");
_file_locking_failed = 1;
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
if (file_locking_sysinit || file_locking_ignorefail)
return 1;
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
return 0;
}
2002-07-10 20:43:32 +00:00
return 1;
}
void fin_locking(struct cmd_context *cmd)
{
/* file locking disabled */
if (!_locking.flags)
return;
/*
* These may be automatically released when the
* command ends, without an explicit unlock call,
* in which case these flags would not be cleared.
*/
cmd->lockf_global_ex = 0;
cmd->lockd_global_ex = 0;
_locking.fin_locking();
}
/*
* VG locking is by VG name.
* FIXME This should become VG uuid.
*/
static int _lock_vol(struct cmd_context *cmd, const char *resource, uint32_t flags)
{
int ret = 0;
block_signals(flags);
if ((ret = _locking.lock_resource(cmd, resource, flags, NULL)))
/* ensure signals are blocked while VG_GLOBAL lock is held */
_update_vg_lock_count(resource, flags);
else
stack;
_unblock_signals();
return ret;
}
int lock_vol(struct cmd_context *cmd, const char *vol, uint32_t flags, const struct logical_volume *lv)
{
char resource[258] __attribute__((aligned(8)));
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
uint32_t lck_type = flags & LCK_TYPE_MASK;
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
int is_global = !strcmp(vol, VG_GLOBAL);
if (is_orphan_vg(vol))
return 1;
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
if (!_blocking_supported)
flags |= LCK_NONBLOCK;
if (!_dm_strncpy(resource, vol, sizeof(resource))) {
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
log_error(INTERNAL_ERROR "Resource name %s is too long.", vol);
return 0;
}
/*
* File locking is disabled by --nolocking.
*/
if (!_locking.flags)
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
goto out_hold;
/*
* When file locking could not be initialized, --ignorelockingfailure
* and --sysinit behave like --readonly, but allow activation.
*/
if (_file_locking_failed && (_file_locking_sysinit || _file_locking_ignorefail)) {
if (lck_type != LCK_WRITE)
goto out_hold;
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
if (cmd->is_activating && !is_global)
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
goto out_hold;
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
goto out_fail;
2007-11-15 21:30:52 +00:00
}
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
/*
* When --readonly is set, grant read lock requests without trying to
* acquire an actual lock, and refuse write lock requests.
*/
if (_file_locking_readonly && !_file_locking_sysinit) {
if (lck_type != LCK_WRITE)
goto out_hold;
log_error("Operation prohibited while --readonly is set.");
goto out_fail;
}
/*
* When --readonly and --sysinit are set, grant read lock requests without
* trying to acquire an actual lock, and refuse write lock requests except
* in the case of activation which is permitted.
*/
if (_file_locking_readonly && _file_locking_sysinit) {
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
if (lck_type != LCK_WRITE)
goto out_hold;
if (cmd->is_activating) {
log_warn("Allowing activation with --readonly --sysinit.");
goto out_hold;
}
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
log_error("Operation prohibited while --readonly is set.");
goto out_fail;
}
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
/*
* When global/metadata_read_only is set, acquire actual read locks and
* refuse write lock requests.
*/
if (cmd->metadata_read_only) {
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
if (lck_type == LCK_WRITE) {
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
log_error("Operation prohibited while global/metadata_read_only is set.");
goto out_fail;
}
/* continue and acquire a read file lock */
}
if (!_lock_vol(cmd, resource, flags))
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
goto out_fail;
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
out_hold:
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
if (is_global)
return 1;
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
/*
* FIXME: other parts of the code want to check if a VG is
* locked by looking in lvmcache. They shouldn't need to
* do that, and we should be able to remove this.
*/
if (lck_type != LCK_UNLOCK)
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
lvmcache_lock_vgname(resource, lck_type == LCK_READ);
else if (lck_type == LCK_UNLOCK)
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
lvmcache_unlock_vgname(resource);
return 1;
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
out_fail:
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
if (is_global)
return 0;
Rework lock-override options and locking_type settings The last commit related to this was incomplete: "Implement lock-override options without locking type" This is further reworking and reduction of the locking.[ch] layer which handled all clustering, but is now only used for file locking. The "locking types" that this layer implemented were removed previously, leaving only the standard file locking. (Some cluster-related artifacts remain to be cleared out later.) Command options to override or modify locking behavior are reimplemented here without using the locking types. Also, deprecated locking_type values are recognized, and implemented as if one of the equivalent override options was set. Options that override file locking are: . --nolocking disables all file locking. . --readonly grants read lock requests without actually taking a file lock, and refuses write lock requests. . --ignorelockingfailure tries to set up file locks and uses them normally if possible. When not possible, it behaves like --readonly, but allows activation. . --sysinit is the same as ignorelockingfailure. . global/metadata_read_only acquires actual read file locks, and refuses write lock requests. (Some of these options could probably be deprecated because they were added as workarounds to various locking_type behaviors that are now deprecated.) The locking_type setting now has one valid value: 1 which refers to standard file locking. Configs that contain deprecated values are recognized and still work in largely the same way: . 0 disabled all locking, now implemented like --nolocking is set. Allow the nolocking option in all commands. . 1 is the normal file locking setting and is unchanged. . 2 was for external locking which was not used, and reverts to normal file locking. . 3 was for cluster/clvm. This reverts to normal file locking, and prints messages about lvmlockd. . 4 was equivalent to readonly, now implemented like --readonly is set. . 5 disabled all locking, now implemented like --nolocking is set.
2018-06-07 15:33:02 -05:00
if (lck_type == LCK_UNLOCK)
_update_vg_lock_count(resource, flags);
return 0;
}
2004-05-05 12:03:07 +00:00
/* Lock a list of LVs */
int activate_lvs(struct cmd_context *cmd, struct dm_list *lvs, unsigned exclusive)
2004-05-05 12:03:07 +00:00
{
struct dm_list *lvh;
2005-06-01 16:51:55 +00:00
struct lv_list *lvl;
dm_list_iterate_items(lvl, lvs) {
if (!activate_lv(cmd, lvl->lv)) {
log_error("Failed to activate %s", display_lvname(lvl->lv));
dm_list_uniterate(lvh, lvs, &lvl->list) {
lvl = dm_list_item(lvh, struct lv_list);
if (!deactivate_lv(cmd, lvl->lv))
stack;
2004-03-26 20:49:35 +00:00
}
return 0;
}
}
return 1;
}
int vg_write_lock_held(void)
{
return _vg_write_lock_held;
}
int sync_local_dev_names(struct cmd_context* cmd)
{
dm_devs_cache_destroy();
memlock_unlock(cmd);
fs_unlock();
return 1;
}
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
/*
* The lockf_global_ex flag is used to prevent changing
* an explicitly acquired ex global lock to sh in process_each.
*/
static int _lockf_global(struct cmd_context *cmd, const char *mode, int convert, int nonblock)
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
{
uint32_t flags = 0;
int ret;
if (convert)
flags |= LCK_CONVERT;
if (nonblock)
flags |= LCK_NONBLOCK;
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
if (!strcmp(mode, "ex")) {
flags |= LCK_WRITE;
if (cmd->lockf_global_ex) {
log_warn("global flock already held ex");
return 1;
}
ret = lock_vol(cmd, VG_GLOBAL, flags, NULL);
if (ret)
cmd->lockf_global_ex = 1;
} else if (!strcmp(mode, "sh")) {
if (cmd->lockf_global_ex)
return 1;
flags |= LCK_READ;
ret = lock_vol(cmd, VG_GLOBAL, flags, NULL);
} else if (!strcmp(mode, "un")) {
ret = lock_vol(cmd, VG_GLOBAL, LCK_UNLOCK, NULL);
cmd->lockf_global_ex = 0;
} else {
log_error(INTERNAL_ERROR "Unknown locking mode %s.", mode);
return 0;
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
}
return ret;
}
int lockf_global(struct cmd_context *cmd, const char *mode)
{
return _lockf_global(cmd, mode, 0, 0);
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
}
int lockf_global_convert(struct cmd_context *cmd, const char *mode)
{
/* some uncommon cases like pvchange -a can call this multiple times */
if (cmd->lockf_global_ex && !strcmp(mode, "ex"))
return 1;
return _lockf_global(cmd, mode, 1, 0);
}
int lockf_global_nonblock(struct cmd_context *cmd, const char *mode)
{
return _lockf_global(cmd, mode, 0, 1);
locking: unify global lock for flock and lockd There have been two file locks used to protect lvm "global state": "ORPHANS" and "GLOBAL". Commands that used the ORPHAN flock in exclusive mode: pvcreate, pvremove, vgcreate, vgextend, vgremove, vgcfgrestore Commands that used the ORPHAN flock in shared mode: vgimportclone, pvs, pvscan, pvresize, pvmove, pvdisplay, pvchange, fullreport Commands that used the GLOBAL flock in exclusive mode: pvchange, pvscan, vgimportclone, vgscan Commands that used the GLOBAL flock in shared mode: pvscan --cache, pvs The ORPHAN lock covers the important cases of serializing the use of orphan PVs. It also partially covers the reporting of orphan PVs (although not correctly as explained below.) The GLOBAL lock doesn't seem to have a clear purpose (it may have eroded over time.) Neither lock correctly protects the VG namespace, or orphan PV properties. To simplify and correct these issues, the two separate flocks are combined into the one GLOBAL flock, and this flock is used from the locking sites that are in place for the lvmlockd global lock. The logic behind the lvmlockd (distributed) global lock is that any command that changes "global state" needs to take the global lock in ex mode. Global state in lvm is: the list of VG names, the set of orphan PVs, and any properties of orphan PVs. Reading this global state can use the global lock in sh mode to ensure it doesn't change while being reported. The locking of global state now looks like: lockd_global() previously named lockd_gl(), acquires the distributed global lock through lvmlockd. This is unchanged. It serializes distributed lvm commands that are changing global state. This is a no-op when lvmlockd is not in use. lockf_global() acquires an flock on a local file. It serializes local lvm commands that are changing global state. lock_global() first calls lockf_global() to acquire the local flock for global state, and if this succeeds, it calls lockd_global() to acquire the distributed lock for global state. Replace instances of lockd_gl() with lock_global(), so that the existing sites for lvmlockd global state locking are now also used for local file locking of global state. Remove the previous file locking calls lock_vol(GLOBAL) and lock_vol(ORPHAN). The following commands which change global state are now serialized with the exclusive global flock: pvchange (of orphan), pvresize (of orphan), pvcreate, pvremove, vgcreate, vgextend, vgremove, vgreduce, vgrename, vgcfgrestore, vgimportclone, vgmerge, vgsplit Commands that use a shared flock to read global state (and will be serialized against the prior list) are those that use process_each functions that are based on processing a list of all VG names, or all PVs. The list of all VGs or all PVs is global state and the shared lock prevents those lists from changing while the command is processing them. The ORPHAN lock previously attempted to produce an accurate listing of orphan PVs, but it was only acquired at the end of the command during the fake vg_read of the fake orphan vg. This is not when orphan PVs were determined; they were determined by elimination beforehand by processing all real VGs, and subtracting the PVs in the real VGs from the list of all PVs that had been identified during the initial scan. This is fixed by holding the single global lock in shared mode while processing all VGs to determine the list of orphan PVs.
2019-04-18 15:01:19 -05:00
}
int lock_global(struct cmd_context *cmd, const char *mode)
{
if (!lockf_global(cmd, mode))
return 0;
if (!lockd_global(cmd, mode)) {
lockf_global(cmd, "un");
return 0;
}
return 1;
}
/*
* The global lock is already held, convert it to another mode.
*
* Currently only used for sh->ex.
*
* (The lockf_global_ex flag would need overriding
* to handle ex->sh.)
*/
int lock_global_convert(struct cmd_context *cmd, const char *mode)
{
if (!lockf_global_convert(cmd, mode))
return 0;
if (!lockd_global(cmd, mode))
return 0;
return 1;
}