afs: Add some comments on GetValidDSlot panics

A couple of call sites for afs_GetValidDSlot currently panic if an
error is returned, but no explanation is given. Add a few comments
helping explain why there is a panic there, instead of graceful error
handling.

Reviewed-on: http://gerrit.openafs.org/8407
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 3081a2cff2e4f9499268854504873fa801d50ce5)

Change-Id: I3bbe8f32683cb6086add494641b206c5b861fe3a
Reviewed-on: http://gerrit.openafs.org/10358
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/afs/afs_segments.c b/src/afs/afs_segments.c
index 631cb7c0fef6ebd40755f0f7bb0046c8ce7557bc..f407b49932c4116b27b67e0a15770e35c65088ad 100644 (file)
--- a/src/afs/afs_segments.c
+++ b/src/afs/afs_segments.c
@@ -540,7 +540,19 @@ afs_InvalidateAllSegments(struct vcache *avc)
     for (index = afs_dvhashTbl[hash]; index != NULLIDX;) {
        if (afs_indexUnique[index] == avc->f.fid.Fid.Unique) {
            tdc = afs_GetValidDSlot(index);
-           if (!tdc) osi_Panic("afs_InvalidateAllSegments tdc count");
+           if (!tdc) {
+               /* In the case of fatal errors during stores, we MUST
+                * invalidate all of the relevant chunks. Otherwise, the chunks
+                * will be left with the 'new' data that was never successfully
+                * written to the server, but the DV in the dcache is still the
+                * old DV. So, we may indefintely serve serve applications data
+                * that is not actually in the file on the fileserver. If we
+                * cannot afs_GetValidDSlot the appropriate entries, currently
+                * there is no way to ensure the dcache is invalidated. So for
+                * now, to avoid risking serving bad data from the cache, panic
+                * instead. */
+               osi_Panic("afs_InvalidateAllSegments tdc count");
+           }
            ReleaseReadLock(&tdc->tlock);
            if (!FidCmp(&tdc->f.fid, &avc->f.fid))
                dcListMax++;
@@ -555,7 +567,13 @@ afs_InvalidateAllSegments(struct vcache *avc)
     for (index = afs_dvhashTbl[hash]; index != NULLIDX;) {
        if (afs_indexUnique[index] == avc->f.fid.Fid.Unique) {
            tdc = afs_GetValidDSlot(index);
-           if (!tdc) osi_Panic("afs_InvalidateAllSegments tdc store");
+           if (!tdc) {
+               /* We cannot proceed after getting this error; we risk serving
+                * incorrect data to applications. So panic instead. See the
+                * above comment next to the previous afs_GetValidDSlot call
+                * for details. */
+               osi_Panic("afs_InvalidateAllSegments tdc store");
+           }
            ReleaseReadLock(&tdc->tlock);
            if (!FidCmp(&tdc->f.fid, &avc->f.fid)) {
                /* same file? we'll zap it */