On Mon, 2024-11-25 at 15:31 -0500, Benjamin Marzinski wrote: > On Mon, Nov 25, 2024 at 03:32:22PM +0100, Martin Wilck wrote: > > pp->pgindex is set in disassemble_map() when a map is parsed. > > There are various possiblities for this index to become invalid. > > pp->pgindex is only used in enable_group() and > > followover_should_fallback(), > > and both callers take no action if it is 0, which is the right > > thing to do if we don't know the path's pathgroup. > > > > Make sure pp->pgindex is reset to 0 in various places: > > - when it's orphaned, > > - before (re)grouping paths, > > - when we detect a bad mpp assignment in update_pathvec_from_dm(). > > > > The hunk in group_paths is mostly redundant with the hunk in > > free_pgvec(), but > > because we're looping over pg->paths in the former and over pg->pgp > > in > > the latter, I think it's better too play safe. > > I'm not sure this will always fix issue #105. Perhaps I'm overlooking > the connection in the code and this just needs a more explicit > explanation to aid clueless reviewers, but here's what I don't get. > > As far as I can see, the only change here that would effect the > reported > issue is the change to update_pathvec_from_dm(). While I totally > agree > that if you have a path that appears to be two multipath devices, you > can't trust pp->pgindex, I believe there's also another problem. > > Say you have a multipath device with two path groups (pgp1 and pgp2) > each with one path (pp1 in pgp1 and pp2 in pgp2). In this case, > pp1->pgindex == 1 and pp2->pgindex == 2. If update_pathvec_from_dm() > discovers that pp1 is part of another multipath device, and removes > it, > that will mean that pgp1 is now empty, so update_pathvec_from_dm() > will > also remove that (at the delete_pg label). But pp2->pgindex will > still > be set to 2 even though there's only one path group, so it will now > point off the end of the pgp list. Right? Right, thanks for pointing this out. If we delete a pg, we need to invalidate all pgindex values for all paths in the map. We can't decrement them, because they must match kernel indices (see below). > At any rate, updating pgindex seems finicky and perhaps we should > just > drop it. It's not that much work to scan the path groups for the path > in > enable_group() and since we're already reading through the path > groups > in followover_should_failback(), we can just refactor the code a > little > bit to avoid needing pgindex at all. I had similar thoughts, but I was looking for a minimal fix for the 0.11.0 release. Probably dropping pgindex for good is the right thing to do, but is it 0.11.0 material? We'd still have the problem that enable_group() et al. need a pgindex value that matches the kernel configuration. We can only be sure that this index is correct if disassemble_map() has just set it. Any change we apply in multipathd's data structures won't match the kernel's view of the map. This problem is subtle, AFAICS. It's related to the fact that if update_pathvec_from_dm() finds any inconsistencies, we *should* reload the map, possibly multiple times, until these inconsistencies have been resolved. But we can't do that in all code paths in which this function is called (or at least, we haven't been able to prove that we can without risking breakage). I have vague ideas how this could be solved, but they would require a major code restructuring. Regards, Martin