tipc: avoid stale link after aborted failover
authorJon Paul Maloy <jon.maloy@ericsson.com>
Tue, 3 Feb 2015 13:59:18 +0000 (08:59 -0500)
committerDavid S. Miller <davem@davemloft.net>
Thu, 5 Feb 2015 00:09:31 +0000 (16:09 -0800)
commit7d24dcdb3f3132e0ec36f19c49bd004bc874b8aa
treee42789818fc429ba6709f98732c7f6a31d5013b3
parent2d72d49553d8de113d4eb1f69b2291f449a4c6bc
tipc: avoid stale link after aborted failover

During link failover it may happen that the remaining link goes
down while it is still in the process of taking over traffic
from a previously failed link. When this happens, we currently
abort the failover procedure and reset the first failed link to
non-failover mode, so that it will be ready to re-establish
contact with its peer when it comes available.

However, if the first link goes down because its bearer was manually
disabled, it is not enough to reset it; it must also be deleted;
which is supposed to happen when the failover procedure is finished.
Otherwise it will remain a zombie link: attached to the owner node
structure, in mode LINK_STOPPED, and permanently blocking any re-
establishing of the link to the peer via the interface in question.

We fix this by amending the failover abort procedure. Apart from
resetting the link to non-failover state, we test if the link is
also in LINK_STOPPED mode. If so, we delete it, using the conditional
tipc_link_delete() function introduced in the previous commit.

Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/tipc/link.h
net/tipc/node.c