1
0
mirror of git://sourceware.org/git/lvm2.git synced 2025-01-23 02:05:07 +03:00

70 Commits

Author SHA1 Message Date
Zdenek Kabelac
6064a5084e cleanup: clean gcc6 minor/major types warnings
Put sys/sysmacros.h in front of sys/types.h header file as requested
by gcc6 part II.
2016-09-07 16:42:34 +02:00
Zdenek Kabelac
1e3411aa37 cleanup: add extra test for argc==0
Cleaup some compiler warning about posibility to allocate 0 size.
2016-07-01 00:44:48 +02:00
Zdenek Kabelac
dbc71dc05e gcc: cleanup some sign warnings
When comparing unsigned with int, the comparision is made
as 'unsigned' type, so make it rather explicit which type
is being compared.
2016-02-23 12:25:25 +01:00
Zdenek Kabelac
fcbef05aae doc: change fsf address
Hmm rpmlint suggest fsf is using a different address these days,
so lets keep it up-to-date
2016-01-21 12:11:37 +01:00
Alasdair G Kergon
fb12308416 style: Standardise some error paths. 2015-09-05 23:56:30 +01:00
Ferenc Wágner
5476ee8655 cmirrord: avoid resync buffer overflow in LOG_SPRINT
Use snprintf() instead of sprintf() to exclude the possibility of
overflowing the resync history buffers.
2015-08-20 19:06:47 +02:00
Ferenc Wágner
3c396cf1e1 cmirrord: avoid debugging buffer overflow in LOG_SPRINT
Use snprintf() instead of sprintf() to exclude the possibility of
overflowing the debugging history buffers.
2015-08-20 19:06:47 +02:00
Ferenc Wágner
1ea1cb6dc9 cmirrord: fix stack smashing
With clusters larger than 3 nodes, the 32-byte debug buffer in
cpg_join_callback() is too small to contain all the node IDs, because
32-bit identifiers are generally rendered in 10 decimal digits.  No fixed
size is good in all cases, but this is conditionally logged debug info,
so we can simply truncate it.  Double the size, nevertheless.
2015-08-20 19:06:47 +02:00
Ferenc Wágner
92a4b5cc3c cmirrord: add --foreground and --help options. 2015-08-20 19:06:47 +02:00
Ferenc Wágner
c0d6056870 cmirrord: move generic setup from daemonize() to init_all()
Apply pidfile creation, removal and signal setup to foreground processes too.
2015-08-20 19:06:47 +02:00
Alasdair G Kergon
3934ade5a2 gitignore: Update for in-place build. 2015-07-27 13:18:35 +01:00
Alasdair G Kergon
9a5910bdf9 pre-release 2014-11-11 14:13:00 +00:00
Liuhua Wang
829e5a4037 cmirror: fix endian issues on s390
Cmirrord has endian bugs, which cause failure to lvcreate a mirrored lv
on s390.
- data_size is uint32, should not use xlate64 to convert, which will
  cause data_size 0 after xlate.
- request_type and data_size still used by local(v5_data_switch),
  should convert later.  If request_type xlate too early, it will
  cause request_type judge error; if data_size xlate too early, it
  will cause coredump in case DM_ULOG_CLEAR_REGION.
- when receiving package in clog_request_from_network. vp[0] will always
  be little endian.  We could use xlate64(vp[0]) == vp[0] to decide if
  the local node is little endian or not.

Signed-off-by: Lidong Zhong<lzhong@suse.com> & Liuhua Wang <lwang@suse.com>
Signed-off-by: Jonathan Brassow <jbrassow@redhat.com>
2014-09-15 16:08:35 -05:00
Jonathan Brassow
bdd7baeab3 cmirrord: Clean-up stray warning message (attempt #2)
There are two types of CPG communications in a corosync cluster:
messages and state transitions.  Cmirrord processes the state
transitions first.

When a cluster mirror issues a POSTSUSPEND, it signals the end of
cluster communication with the rest of the nodes in the cluster.
The POSTSUSPEND marks the last communication of the 'message'
type that will go around the cluster.  The node then calls
cpg_leave which causes a final 'state transition' communication to
all of the nodes.  Once the out-going node receives its own state
transition notice from the cluster, it finalizes the leave.  At this
point, the state of the log is 'INVALID'; but it is possible that
there remains some cluster trafic that was queued up behind the
state transition that still wants to be processed.  It is harmless
to attempt to dispatch any remaining messages - they won't be
delivered because the node is no longer in the cluster.  However,
there was a warning message that was being printed in this case
that is now removed by this patch.  The failure of the dispatch
created a false positive condition that triggered the message.
2014-03-19 14:43:00 -05:00
Jonathan Brassow
52aa3dbcab cmirrord: Clean-up stray warning message
cmirrord polls for messages on the kernel and cluster interfaces.
Sometimes it is possible for messages to be received on the cluster
interface and be waiting for processing while the node is in the
process of leaving the cluster group.  When this happens, the
messages received on the cluster interface are attempted to be
dispatched, but an error is returned because the connection is no
longer valid.  It is a harmless situation.  So, if we get the
specific error (CS_ERR_BAD_HANDLE) and we know that we have left
the group, then simply don't print the message.
2014-03-05 10:44:20 -06:00
Jonathan Brassow
3a4efb2f16 Misc: Get rid of some compiler warnings. 2014-01-07 19:37:07 -06:00
Peter Rajnoha
481edce41f compile/link: use RELRO/PIE compiler/linker options for executables 2013-12-05 14:03:10 +01:00
Peter Rajnoha
a65ab773b4 daemons: use PIE and RELRO compiler/linker options
The PIE and RELRO compiler/linker options can be used to produce a code
some techniques applied that makes the code more immune to some attacks:

  - PIE (Position Independent Executable). It can make use of the ASLR
    (Address Space Layout Randomization) provided by kernel to avoid
    static locations for .text regions of executables (this is the 'pie'
    compiler and linker option)

  - RELRO (Relocation Read-Only). This prevents overwrite attacks of
    the GOT (Global Offset Table) and PLT (Procedure Lookup Table)
    used for relocations by making it read-only after all relocations
    are resolved (these are the 'relro' and 'now' linker options) -
    hence all symbols are resolved at the very start so there's no
    need for those tables to be writeable later.

These compiler/linker options are now used by default for daemons
if the compiler/linker supports it.
2013-12-04 13:30:08 +01:00
Jonathan Brassow
f0be9ac904 cmirrord: Prevent secondary checkpoints from corrupting bitmaps
The bug addressed by this patch manifested itself during testing
by showing a mirror that never became 'in-sync' after creation.
The bug is isolated to distributions that do not have support
for openAIS checkpointing (i.e. > RHEL6, > F16).

When a node joins a group that is managing a mirror log, the other
machines in the group send it a checkpoint representing the current
state of the bitmap.  More than one machine can send a checkpoint,
but only the initial one should be imported.  Once the bitmap state
has been imported from the initial checkpoint, operations (such
as resync, mark, and clear operations) can begin.  When subsequent
checkpoints are allowed to be imported, it has the effect of erasing
all the log operations between the initial checkpoint and the ones
that follow.

When cmirrord was updated to handle the absence of openAIS
checkpointing (commit 62e38da133d9801cdf36b0f2aaec615ce14b9000),
the new import_checkpoint() function failed to honor the 'no_read'
parameter.  This parameter was designed to avoid reading all but
the initial checkpoint.  Honoring this parameter has solved the
issue of corrupting bitmap data with secondary checkpoints.
2013-08-20 13:21:09 -05:00
Zdenek Kabelac
003f08c164 clogd: fix descriptor leak when daemonzing 2013-08-06 16:21:51 +02:00
Zdenek Kabelac
636c51ae3f cleanup: use unrelated temporary variables
use of tmp_rq2 is unrelated to tmp_rq - so use separate
variable.
2013-06-16 00:07:33 +02:00
Zdenek Kabelac
6d0abc6b48 cmirrord: check for result of chdir
Error exit if chdir fails.
2012-08-23 14:37:20 +02:00
Zdenek Kabelac
6f3cd63551 cleanup: replace memset with struct initilization
Simplifies the code, properly detects too long socket paths,
drops unused parameter.
2012-06-22 13:23:03 +02:00
Zdenek Kabelac
461eb1ac6a cmirrord: add missing checks for kernel_send
Log errors if kernel_send fails.
2012-06-20 14:48:26 +02:00
Zdenek Kabelac
865b9d3701 cmirrord: fix cut&paste 2012-06-20 14:41:57 +02:00
Zdenek Kabelac
fb4584b83d cmirrord: add test for closedir() and close() 2012-06-20 14:40:39 +02:00
Jonathan Earl Brassow
e5b9338ada Fix bug in cmirror that caused incorrect status info to print on some nodes.
Looking at the code in cmirrord/local.c, we can see the various different
request types handled in different ways.  Some information that is non-changing
does not need to go around the cluster and can be short-circuited.  For
example, once the cluster mirror is in-sync, it is pointless to continue
sending that query around the cluster.  We can save network bandwidth and reply
directly back to the kernel.  When it comes to status information, there are
two types 'TABLE' and 'INFO'.  The 'TABLE' information never changes and
belongs to the group of requests that can be safely short-circuited.  The
'STATUS' information can change - and will change if a device fails.  Thus it
cannot be short-circuited, but this is exactly what was found.  The 'STATUS'
information request was being short-circuited and therefore never reporting the
failure condition to anyone other than the "server" that experienced it
directly.
2012-04-26 17:30:49 +00:00
Milan Broz
7991a9636e Remove some whitespaces.
(test commit)
2012-03-10 09:32:46 +00:00
Jonathan Earl Brassow
2ce9693341 s/CPG_/CS_: Various CPG constants are going away, even though CPG itself stays
F17 is getting rid of OpenAIS libraries (and checkpointing).  While the
CPG stuff is staying, some if its constants are being removed.  So, we
must adjust and use the remaining constants which the CPG constants were based on.

[~]# egrep 'CPG_DISPATCH_ALL|CPG_OK' /usr/include/*/*
corosync/corotypes.h:#define CPG_DISPATCH_ALL     CS_DISPATCH_ALL
corosync/corotypes.h:#define CPG_OK               CS_OK
2012-03-01 17:41:39 +00:00
Jonathan Earl Brassow
62e38da133 Allow cluster mirrors to handle the absence of the checkpoint lib (libSaCkpt).
The OpenAIS checkpoint library is going away; therefore, cmirrord must
operate without it.  The algorithms the handle the timing of when to send
a checkpoint, the determination of what to send, and which ongoing cluster
requests are relevent with respect to the checkpoints are unaffected.  We
need only replace the functions that actually perform the storing/transmitting
and retrieving/receiving of the checkpoint data.  Rather than store the
checkpoint data in an OpenAIS checkpoint file, we simply transmit it along
with the message that notifies the incoming node that the checkpoint is
ready.
2012-02-29 21:15:34 +00:00
Zdenek Kabelac
a6292f2a6d Remove unneeded assignments
Variables have (or will have) those values set.
2012-02-08 11:36:18 +00:00
Zdenek Kabelac
3a8b6a9948 Keep page_size as signed number
Since it's return value from sysconf and is checked for <0.
2012-02-08 11:34:46 +00:00
Jonathan Earl Brassow
3b032963d5 cmirrord now returns log name to kernel in CTR so it can be registered
Version 2 of the userspace log protocol accepts return information during the
DM_ULOG_CTR exchange.  The return information contains the name of the log
device that is being used (if there is one).  The kernel can then register the
device via 'dm_get_device'.  Amoung other things, this allows for userspace to
assemble a correct dependency tree of devices - critical for LVM handling of
suspend/resume calls.

Also, update dm-log-userspace.h to match the kernel header associated with
this protocol change.  (Includes a version inc.)
2011-10-14 14:18:49 +00:00
Zdenek Kabelac
d9bba4f16f Check for failing 'stat' and skip this loop iteration
(since data in statbuf are invalid).

Check whether sysconf managed to find _SC_PAGESIZE.

Report at least debug warning about failing unlink
(logging scheme here seems to be a different then in lvm).

Duplicate terminal FDs and use similar code as is made in clvmd
and cleanup warns about missing open/close tests.
FIXME: Looks like we already have 3 instancies of the same code in lvm repo.
2011-09-21 10:42:53 +00:00
Zdenek Kabelac
e9047f4f9c Detect sscanf recovering_region input error
Missing check for sscanf found by static analyzer.
2011-09-06 18:24:27 +00:00
Zdenek Kabelac
b647de3e07 Fix memory leak of allocated bitmap in error path
Found by static analyzer.
2011-09-06 18:15:43 +00:00
Zdenek Kabelac
7b83071708 Log unlink() error 2011-09-06 18:11:21 +00:00
Zdenek Kabelac
35ce2b332b Removed unused pointer
Pointer 'duplicate' is unused.
2010-12-20 13:58:38 +00:00
Zdenek Kabelac
9d3be13f4f Use dm_free for dm_malloc-ed areas in _clog_ctr/_clog_dtr (cmirrord).
Use dm_zalloc to obtain zeroed memory block.
Use dm_free for dm_ allocated memory blocks.
Test close() for error.
2010-12-20 13:57:19 +00:00
Peter Rajnoha
7dfce0e467 Add new dm_prepare_selinux_context fn to libdevmapper and use it throughout.
Detect existence of new SELinux selabel interface during configure.
Use new dm_prepare_selinux_context instead of dm_set_selinux_context.

We should set the SELinux context before the actual file system object creation.
The new dm_prepare_selinux_context function sets this using the selabel_lookup
fn in conjuction with the setfscreatecon fn. If selinux/label.h interface
(that should be a part of the selinux library) is not found during configure,
we fallback to the original matchpathcon function instead.
2010-12-13 10:43:56 +00:00
Zdenek Kabelac
44110cd33e Add missing return for NULL passed buffer
Function pull_stateo() checks for NULL 'buf' - but return for this error
path was missing.  cmirror code never calls this function with NULL 'buf',
so this fix has no effect on current code base, but makes clang happier.
2010-10-26 10:14:41 +00:00
Zdenek Kabelac
321ae653b6 Fix missing initilisation to 0
Add missing init value for variable 'found' which is later tested and may
have contained some garbage value.
2010-10-25 12:59:24 +00:00
Jonathan Earl Brassow
34cbedceaf This patch fixes an issue where cluster mirror write I/O
can be opprobriously slow if created with '--nosync'.

One of the ways cluster mirrors coordinate I/O and recovery
amoung the different machines is by the use of the log
function 'is_remote_recovering()' which lets nodes know if
a region they wish to perform a write on is currently being
recovered on another node.  If the region is being recovered,
the I/O is delayed.

The 'is_remote_recovering' routine has been optimized to
avoid the deluge of requests that would be issued to the
userspace log server by maintaining a marker of how far
the recovery has gotten.  It can then immediately return
'not recovering' if the region being inquired about is
less than this mark.  Additionally, if the region of
concern is greater than the mark, the function will
limit the number of transmissions to userspace by assuming
the region /is/ being recovered when skipping the
transmission.  This limits the amount of processing
and updates the mark in 1/4 sec time steps.

This patch fixes a problem where 'the mark' is not being
updated because of faulty logic in the userspace log
daemon.  When '--nosync' is used to create a cluster
mirror, the userspace log daemon never has a chance
to update the mark in the normal way.  The fix is to set
the mark to "complete" if the mirror was created with
the --nosync flag.
2010-08-30 18:37:42 +00:00
Jonathan Earl Brassow
53670b18f5 Fix for bug 596453: multiple mirror image failures cause lvm repair...
The lvm repair issues I believe are the superficial symptoms of this
bug - there are worse issues that are not as clearly seen.  From my
inline comments:
* If the mirror was successfully recovered, we want to always
* force every machine to write to all devices - otherwise,
* corruption will occur.  Here's how:
*    Node1 suffers a failure and marks a region out-of-sync
*    Node2 attempts a write, gets by is_remote_recovering,
*          and queries the sync status of the region - finding
*          it out-of-sync.
*    Node2 thinks the write should be a nosync write, but it
*          hasn't suffered the drive failure that Node1 has yet.
*          It then issues a generic_make_request directly to
*          the primary image only - which is exactly the device
*          that has suffered the failure.
*    Node2 suffers a lost write - which completely bypasses the
*          mirror layer because it had gone through generic_m_r.
*    The file system will likely explode at this point due to
*    I/O errors.  If it wasn't the primary that failed, it is
*    easily possible in this case to issue writes to just one
*    of the remaining images - also leaving the mirror inconsistent.
*
* We let in_sync() return 1 in a cluster regardless of what is
* in the bitmap once recovery has successfully completed on a
* mirror.  This ensures the mirroring code will continue to
* attempt to write to all mirror images.  The worst that can
* happen for reads is that additional read attempts may be
* taken.
2010-08-17 23:56:23 +00:00
Jonathan Earl Brassow
498747d792 A misunderstanding of the return value of 'dm_bit' has been causing a data
corruption bug in cmirror.  'dm_bit' is only ever used as a boolean operation
within LVM, but it can return a range of values.  If the bit is set, a power of
2 is returned.  If the bit is unset, 0 is returned.

'log_test_bit' (a function in the cluster mirror log daemon code) has switched
to using the dm bit operations in rhel6.  There are two places in the daemon
code where 'log_test_bit' is not used merely as a boolean, but rather the
return value is used as the return value for the log functions 'is_clean' and
'in_sync' - having assumed that 'dm_bit' was returning 0 or 1 only.

One place the 'in_sync' function is utilized is in 'dm_rh_get_state' - a
function that informs the mirroring code how to treat I/O and which devices to
read/write from.  'dm_rh_get_state' was checking if the return value of
'in_sync' was 1 to determine if the region was DM_RH_CLEAN.  Since 'dm_bit'
(and by extension 'log_test_bit' and 'in_sync') was returning powers of 2,
DM_RH_CLEAN was rarely being reported as it should have been.  Thinking the
region was out-of-sync, the mirroring code would write only to the primary
device.  When the primary device was failed, all of those writes were lost -
leaving the entire mirror corrupted.
2010-08-04 18:18:18 +00:00
Fabio M. Di Nitto
8c4e8a185a Add dm_create_lockfile to libdm to handle pidfiles for all daemons.
Switch dmeventd to use dm_create_lockfile and drop duplicate code.
Allow clvmd pidfile to be configurable.
Switch cmirrord and clvmd to use dm_create_lockfile.
2010-07-13 13:51:01 +00:00
Alasdair Kergon
08f1ddea6c Use __attribute__ consistently throughout. 2010-07-09 15:34:40 +00:00
Jonathan Earl Brassow
548cc88947 Add error checking for calls to sprintf - it can fail for more
reasons than just 'out-of-space'.
2010-06-21 16:07:06 +00:00
Jonathan Earl Brassow
2995925278 daemons/cmirrord/functions.c (part of cmirrord) was referencing
linux/kdev_t.h even though it wasn't needed.  Strangely, it seems
to be causing problems on various architectures (i686) in the
function daemons/cmirrord/functions.c:disk_status_info()->sprintf.

I'm not sure why this is a problem since none of the macros in
kdev_t.h are used in that code, but it certainly doesn't hurt to
pull an unnecessary header and it seems to fix the problem.
2010-06-18 20:58:04 +00:00
Zdenek Kabelac
cee2f123a4 Use "" instead of <> for configure.h and libdevmapper.h
Move configure.h as the first header for clvmd source files.
2010-06-15 11:00:44 +00:00