On Wed, Oct 13, 2021 at 11:38:47AM +0200, Jan Kara wrote: > > OK, I see. So the race in ext4_multi_mount_protect() goes like: > > hostA hostB > > read_mmp_block() read_mmp_block() > - sees EXT4_MMP_SEQ_CLEAN - sees EXT4_MMP_SEQ_CLEAN > write_mmp_block() > wait_time == 0 -> no wait > read_mmp_block() > - all OK, mount > write_mmp_block() > wait_time == 0 -> no wait > read_mmp_block() > - all OK, mount > > Do I get it right? Actually, if we passed seq we wrote in > ext4_multi_mount_protect() to kmmpd (probably in sb), then kmmpd would > notice the conflict on its first invocation but still that would be a bit > late because there would be a time window where hostA and hostB would be > both using the fs. > > We could reduce the likelyhood of this race by always waiting in > ext4_multi_mount_protect() between write & read but I guess that is > undesirable as it would slow down all clean mounts. Ted? I'd like Andreas to comment here. My understanding is that MMP originally intended as a safety mechanism which would be used as part of a primary/backup high availability system, but not as the *primary* system where you might try to have two servers simultaneously try to mount the file system and use MMP as the "election" mechanism to decide which server is going to be the primary system, and which would be the backup system. The cost of being able to handle this particular race is it would slow down the mounts of cleanly unmounted systems. There *are* better systems to implement leader elections[1] than using MMP. Most of these more efficient leader elections assume that you have a working IP network, and so if you have a separate storage network (including a shared SCSI bus) from your standard IP network, then MMP is a useful failsafe in the face of a network partition of your IP network. The question is whether MMP should be useful for more than that. And if it isn't, then we should probably document what MMP is and isn't good for, and give advice in the form of an application note for how MMP should be used in the context of a larger system. [1] https://en.wikipedia.org/wiki/Leader_election - Ted