From 3081a2cff2e4f9499268854504873fa801d50ce5 Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Thu, 1 Nov 2012 16:46:13 -0500 Subject: [PATCH] afs: Add some comments on GetValidDSlot panics A couple of call sites for afs_GetValidDSlot currently panic if an error is returned, but no explanation is given. Add a few comments helping explain why there is a panic there, instead of graceful error handling. Change-Id: Ic1c9808c427fe7524ea7dc1b7dbab8e9ac665b91 Reviewed-on: http://gerrit.openafs.org/8407 Tested-by: BuildBot Reviewed-by: Derrick Brashear --- src/afs/afs_segments.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/afs/afs_segments.c b/src/afs/afs_segments.c index 9d89d5169..db75daae7 100644 --- a/src/afs/afs_segments.c +++ b/src/afs/afs_segments.c @@ -540,7 +540,19 @@ afs_InvalidateAllSegments(struct vcache *avc) for (index = afs_dvhashTbl[hash]; index != NULLIDX;) { if (afs_indexUnique[index] == avc->f.fid.Fid.Unique) { tdc = afs_GetValidDSlot(index); - if (!tdc) osi_Panic("afs_InvalidateAllSegments tdc count"); + if (!tdc) { + /* In the case of fatal errors during stores, we MUST + * invalidate all of the relevant chunks. Otherwise, the chunks + * will be left with the 'new' data that was never successfully + * written to the server, but the DV in the dcache is still the + * old DV. So, we may indefintely serve serve applications data + * that is not actually in the file on the fileserver. If we + * cannot afs_GetValidDSlot the appropriate entries, currently + * there is no way to ensure the dcache is invalidated. So for + * now, to avoid risking serving bad data from the cache, panic + * instead. */ + osi_Panic("afs_InvalidateAllSegments tdc count"); + } ReleaseReadLock(&tdc->tlock); if (!FidCmp(&tdc->f.fid, &avc->f.fid)) dcListMax++; @@ -555,7 +567,13 @@ afs_InvalidateAllSegments(struct vcache *avc) for (index = afs_dvhashTbl[hash]; index != NULLIDX;) { if (afs_indexUnique[index] == avc->f.fid.Fid.Unique) { tdc = afs_GetValidDSlot(index); - if (!tdc) osi_Panic("afs_InvalidateAllSegments tdc store"); + if (!tdc) { + /* We cannot proceed after getting this error; we risk serving + * incorrect data to applications. So panic instead. See the + * above comment next to the previous afs_GetValidDSlot call + * for details. */ + osi_Panic("afs_InvalidateAllSegments tdc store"); + } ReleaseReadLock(&tdc->tlock); if (!FidCmp(&tdc->f.fid, &avc->f.fid)) { /* same file? we'll zap it */ -- 2.39.5