From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Lars Ellenberg <lars.ellenberg@linbit.com>,
Jens Axboe <axboe@kernel.dk>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.4 51/92] drbd: reject attach of unsuitable uuids even if connected
Date: Wed, 4 Dec 2019 18:49:51 +0100 [thread overview]
Message-ID: <20191204174333.536156835@linuxfoundation.org> (raw)
In-Reply-To: <20191204174327.215426506@linuxfoundation.org>
From: Lars Ellenberg <lars.ellenberg@linbit.com>
[ Upstream commit fe43ed97bba3b11521abd934b83ed93143470e4f ]
Multiple failure scenario:
a) all good
Connected Primary/Secondary UpToDate/UpToDate
b) lose disk on Primary,
Connected Primary/Secondary Diskless/UpToDate
c) continue to write to the device,
changes only make it to the Secondary storage.
d) lose disk on Secondary,
Connected Primary/Secondary Diskless/Diskless
e) now try to re-attach on Primary
This would have succeeded before, even though that is clearly the
wrong data set to attach to (missing the modifications from c).
Because we only compared our "effective" and the "to-be-attached"
data generation uuid tags if (device->state.conn < C_CONNECTED).
Fix: change that constraint to (device->state.pdsk != D_UP_TO_DATE)
compare the uuids, and reject the attach.
This patch also tries to improve the reverse scenario:
first lose Secondary, then Primary disk,
then try to attach the disk on Secondary.
Before this patch, the attach on the Secondary succeeds, but since commit
drbd: disconnect, if the wrong UUIDs are attached on a connected peer
the Primary will notice unsuitable data, and drop the connection hard.
Though unfortunately at a point in time during the handshake where
we cannot easily abort the attach on the peer without more
refactoring of the handshake.
We now reject any attach to "unsuitable" uuids,
as long as we can see a Primary role,
unless we already have access to "good" data.
Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/drbd/drbd_nl.c | 6 +++---
drivers/block/drbd/drbd_receiver.c | 19 +++++++++++++++++++
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
index 27e1abcf57100..4adbf4c8d532c 100644
--- a/drivers/block/drbd/drbd_nl.c
+++ b/drivers/block/drbd/drbd_nl.c
@@ -1685,9 +1685,9 @@ int drbd_adm_attach(struct sk_buff *skb, struct genl_info *info)
}
}
- if (device->state.conn < C_CONNECTED &&
- device->state.role == R_PRIMARY && device->ed_uuid &&
- (device->ed_uuid & ~((u64)1)) != (nbc->md.uuid[UI_CURRENT] & ~((u64)1))) {
+ if (device->state.pdsk != D_UP_TO_DATE && device->ed_uuid &&
+ (device->state.role == R_PRIMARY || device->state.peer == R_PRIMARY) &&
+ (device->ed_uuid & ~((u64)1)) != (nbc->md.uuid[UI_CURRENT] & ~((u64)1))) {
drbd_err(device, "Can only attach to data with current UUID=%016llX\n",
(unsigned long long)device->ed_uuid);
retcode = ERR_DATA_NOT_CURRENT;
diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
index b1ee358edd3b4..afd8f315d29b1 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -4116,6 +4116,25 @@ static int receive_state(struct drbd_connection *connection, struct packet_info
if (peer_state.conn == C_AHEAD)
ns.conn = C_BEHIND;
+ /* TODO:
+ * if (primary and diskless and peer uuid != effective uuid)
+ * abort attach on peer;
+ *
+ * If this node does not have good data, was already connected, but
+ * the peer did a late attach only now, trying to "negotiate" with me,
+ * AND I am currently Primary, possibly frozen, with some specific
+ * "effective" uuid, this should never be reached, really, because
+ * we first send the uuids, then the current state.
+ *
+ * In this scenario, we already dropped the connection hard
+ * when we received the unsuitable uuids (receive_uuids().
+ *
+ * Should we want to change this, that is: not drop the connection in
+ * receive_uuids() already, then we would need to add a branch here
+ * that aborts the attach of "unsuitable uuids" on the peer in case
+ * this node is currently Diskless Primary.
+ */
+
if (device->p_uuid && peer_state.disk >= D_NEGOTIATING &&
get_ldev_if_state(device, D_NEGOTIATING)) {
int cr; /* consider resync */
--
2.20.1
next prev parent reply other threads:[~2019-12-04 17:59 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-04 17:49 [PATCH 4.4 00/92] 4.4.206-stable review Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 01/92] ASoC: compress: fix unsigned integer overflow check Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 02/92] ASoC: kirkwood: fix external clock probe defer Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 03/92] clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 04/92] reset: fix reset_control_ops kerneldoc comment Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 05/92] can: peak_usb: report bus recovery as well Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 06/92] can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 07/92] scripts/gdb: fix debugging modules compiled with hot/cold partitioning Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 08/92] block: drbd: remove a stray unlock in __drbd_send_protocol() Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 09/92] scsi: lpfc: Fix dif and first burst use in write commands Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 10/92] ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 11/92] ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 12/92] parisc: Fix serio address output Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 13/92] parisc: Fix HP SDC hpa " Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 14/92] arm64: smp: Handle errors reported by the firmware Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 15/92] PM / AVS: SmartReflex: NULL check before some freeing functions is not needed Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 16/92] ARM: ks8695: fix section mismatch warning Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 17/92] ACPI / LPSS: Ignore acpi_device_fix_up_power() return value Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 18/92] crypto: user - support incremental algorithm dumps Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 19/92] mwifiex: fix potential NULL dereference and use after free Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 20/92] mwifiex: debugfs: correct histogram spacing, formatting Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 21/92] rtl818x: fix potential use after free Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 22/92] xfs: require both realtime inodes to mount Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 23/92] ubi: Put MTD device after it is not used Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 24/92] ubi: Do not drop UBI device reference before using Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 25/92] microblaze: adjust the help to the real behavior Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 26/92] microblaze: move "... is ready" messages to arch/microblaze/Makefile Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 27/92] gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 28/92] VSOCK: bind to random port for VMADDR_PORT_ANY Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 29/92] btrfs: only track ref_heads in delayed_ref_updates Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 30/92] xen/pciback: Check dev_data before using it Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 31/92] KVM: s390: unregister debug feature on failing arch init Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 32/92] pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 33/92] pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 34/92] HID: doc: fix wrong data structure reference for UHID_OUTPUT Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 35/92] gfs2: take jdata unstuff into account in do_grow Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 36/92] xfs: Align compat attrlist_by_handle with native implementation Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 37/92] IB/qib: Fix an error code in qib_sdma_verbs_send() Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 38/92] powerpc/book3s/32: fix number of bats in p/v_block_mapped() Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 39/92] powerpc/xmon: fix dump_segments() Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 40/92] drivers/regulator: fix a missing check of return value Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 41/92] serial: max310x: Fix tx_empty() callback Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 42/92] openrisc: Fix broken paths to arch/or32 Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 43/92] RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 44/92] scsi: qla2xxx: deadlock by configfs_depend_item Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 45/92] scsi: csiostor: fix incorrect dma device in case of vport Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 46/92] ath6kl: Only use match sets when firmware supports it Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 47/92] ath6kl: Fix off by one error in scan completion Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 48/92] powerpc/prom: fix early DEBUG messages Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 49/92] powerpc/mm: Make NULL pointer deferences explicit on bad page faults Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 50/92] powerpc/44x/bamboo: Fix PCI range Greg Kroah-Hartman
2019-12-04 17:49 ` Greg Kroah-Hartman [this message]
2019-12-04 17:49 ` [PATCH 4.4 52/92] drbd: fix print_st_err()s prototype to match the definition Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 53/92] regulator: tps65910: fix a missing check of return value Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 54/92] net/net_namespace: Check the return value of register_pernet_subsys() Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 55/92] um: Make GCOV depend on !KCOV Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 56/92] net: stmicro: fix a missing check of clk_prepare Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 57/92] atl1e: checking the status of atl1e_write_phy_reg Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 58/92] tipc: fix a missing check of genlmsg_put Greg Kroah-Hartman
2019-12-04 17:49 ` [PATCH 4.4 59/92] ocfs2: clear journal dirty flag after shutdown journal Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 60/92] lib/genalloc.c: use vzalloc_node() to allocate the bitmap Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 61/92] lib/genalloc.c: include vmalloc.h Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 62/92] mtd: Check add_mtd_device() ret code Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 63/92] tipc: fix memory leak in tipc_nl_compat_publ_dump Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 64/92] net/core/neighbour: tell kmemleak about hash tables Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 65/92] net/core/neighbour: fix kmemleak minimal reference count for " Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 66/92] sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 67/92] decnet: fix DN_IFREQ_SIZE Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 68/92] tipc: fix skb may be leaky in tipc_link_input Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 69/92] sfc: initialise found bitmap in efx_ef10_mtd_probe Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 70/92] net: fix possible overflow in __sk_mem_raise_allocated() Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 71/92] net: dev: Use unsigned integer as an argument to left-shift Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 72/92] scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 73/92] ACPI / APEI: Switch estatus pool to use vmalloc memory Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 74/92] scsi: libsas: Check SMP PHY control function result Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 75/92] powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 76/92] mtd: Remove a debug trace in mtdpart.c Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 77/92] staging: rtl8192e: fix potential use after free Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 78/92] USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 79/92] mei: bus: prefix device names on bus with the bus name Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 80/92] media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 81/92] net: macb: fix error format in dev_err() Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 82/92] pwm: Clear chip_data in pwm_put() Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 83/92] macvlan: schedule bc_work even if error Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 84/92] openvswitch: fix flow command message size Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 85/92] slip: Fix use-after-free Read in slip_open Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 86/92] openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 87/92] openvswitch: remove another BUG_ON() Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 88/92] tipc: fix link name length check Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 89/92] net: sched: fix `tc -s class show` no bstats on class with nolock subqueues Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 90/92] HID: core: check whether Usage Page item is after Usage ID items Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 91/92] hwrng: stm32 - fix unbalanced pm_runtime_enable Greg Kroah-Hartman
2019-12-04 17:50 ` [PATCH 4.4 92/92] platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer Greg Kroah-Hartman
2019-12-05 5:41 ` [PATCH 4.4 00/92] 4.4.206-stable review Naresh Kamboju
2019-12-05 6:59 ` Jon Hunter
2019-12-05 14:13 ` Guenter Roeck
2019-12-11 23:19 ` shuah
2019-12-12 9:35 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191204174333.536156835@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=axboe@kernel.dk \
--cc=lars.ellenberg@linbit.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).