Merge from head

9 files changed, 51 insertions, 33 deletions

diff --git a/sbin/hastd/Makefile b/sbin/hastd/Makefile
index 2a4a9ce..7ff6ee8 100644
--- a/sbin/hastd/Makefile
+++ b/sbin/hastd/Makefile
@@ -21,6 +21,7 @@ MAN=	hastd.8 hast.conf.5
 
 NO_WFORMAT=
 NO_WCAST_ALIGN=
+NO_WMISSING_VARIABLE_DECLARATIONS=
 CFLAGS+=-I${.CURDIR}
 CFLAGS+=-DHAVE_CAPSICUM
 CFLAGS+=-DPROTO_TCP_DEFAULT_PORT=8457
@@ -30,7 +31,7 @@ CFLAGS+=-DINET6
 .endif
 
 DPADD=	${LIBGEOM} ${LIBBSDXML} ${LIBSBUF} ${LIBL} ${LIBPTHREAD} ${LIBUTIL}
-LDADD=	-lgeom -lbsdxml -lsbuf -ll -lpthread -lutil
+LDADD=	-lgeom -lbsdxml -lsbuf -lpthread -lutil
 .if ${MK_OPENSSL} != "no"
 DPADD+=	${LIBCRYPTO}
 LDADD+=	-lcrypto
diff --git a/sbin/hastd/control.c b/sbin/hastd/control.c
index 3619fc6..922f507 100644
--- a/sbin/hastd/control.c
+++ b/sbin/hastd/control.c
@@ -271,6 +271,7 @@ control_status(struct hastd_config *cfg, struct nv *nvout,
 	nv_add_string(nvout, compression_name(res->hr_compression),
 	    "compression%u", no);
 	nv_add_string(nvout, role2str(res->hr_role), "role%u", no);
+	nv_add_int32(nvout, res->hr_workerpid, "workerpid%u", no);
 
 	switch (res->hr_role) {
 	case HAST_ROLE_PRIMARY:
diff --git a/sbin/hastd/hast.h b/sbin/hastd/hast.h
index b757994..381e195 100644
--- a/sbin/hastd/hast.h
+++ b/sbin/hastd/hast.h
@@ -259,7 +259,4 @@ struct hast_resource {
 struct hastd_config *yy_config_parse(const char *config, bool exitonerror);
 void yy_config_free(struct hastd_config *config);
 
-void yyerror(const char *);
-int yylex(void);
-
 #endif	/* !_HAST_H_ */
diff --git a/sbin/hastd/hastd.8 b/sbin/hastd/hastd.8
index b614f36..017e895 100644
--- a/sbin/hastd/hastd.8
+++ b/sbin/hastd/hastd.8
@@ -70,18 +70,18 @@ hastd: <resource name> (<role>)
 .Pp
 If (and only if)
 .Nm
-operates in primary role for the given resource, corresponding
+operates in primary role for the given resource, a corresponding
 .Pa /dev/hast/<name>
 disk-like device (GEOM provider) is created.
 File systems and applications can use this provider to send I/O
 requests to.
 Every write, delete and flush operation
 .Dv ( BIO_WRITE , BIO_DELETE , BIO_FLUSH )
-is send to local component and replicated to the remote (secondary) node if it
-is available.
+is sent to the local component and replicated on the remote (secondary) node
+if it is available.
 Read operations
 .Dv ( BIO_READ )
-are handled locally unless I/O error occurs or local version of the data
+are handled locally unless an I/O error occurs or the local version of the data
 is not up-to-date yet (synchronization is in progress).
 .Pp
 The
@@ -100,38 +100,38 @@ The connection between two
 .Nm
 daemons is always initiated from the one running as primary to the one
 running as secondary.
-When primary
+When the primary
 .Nm
-is unable to connect or connection fails, it will try to re-establish
-connection every few seconds.
-Once connection is established, primary
+is unable to connect or the connection fails, it will try to re-establish
+the connection every few seconds.
+Once the connection is established, the primary
 .Nm
 will synchronize every extent that was modified during connection outage
 to the secondary
 .Nm .
 .Pp
-It is possible that in case of connection outage between the nodes
+It is possible that in the case of a connection outage between the nodes the
 .Nm
 primary role for the given resource will be configured on both nodes.
 This in turn leads to incompatible data modifications.
-Such condition is called split-brain and cannot be automatically
+Such a condition is called a split-brain and cannot be automatically
 resolved by the
 .Nm
-daemon as this will lead most likely to data corruption or lost of
+daemon as this will lead most likely to data corruption or loss of
 important changes.
 Even though it cannot be fixed by
 .Nm
-itself, it will be detected and further connection between independently
+itself, it will be detected and a further connection between independently
 modified nodes will not be possible.
-Once this situation is manually resolved by an administrator, resource
+Once this situation is manually resolved by an administrator, the resource
 on one of the nodes can be initialized (erasing local data), which makes
-connection to the remote node possible again.
-Connection of freshly initialized component will trigger full resource
+a connection to the remote node possible again.
+Connection of the freshly initialized component will trigger full resource
 synchronization.
 .Pp
-The
+A
 .Nm
-daemon itself never picks his role up automatically.
+daemon never picks its role automatically.
 The role has to be configured with the
 .Xr hastctl 8
 control utility by additional software like
@@ -139,7 +139,7 @@ control utility by additional software like
 or
 .Nm heartbeat
 that can reliably manage role separation and switch secondary node to
-primary role in case of original primary failure.
+primary role in case of the primary's failure.
 .Pp
 The
 .Nm
diff --git a/sbin/hastd/parse.y b/sbin/hastd/parse.y
index bd0690a..6bfb537 100644
--- a/sbin/hastd/parse.y
+++ b/sbin/hastd/parse.y
@@ -75,6 +75,8 @@ static char depth1_provname[PATH_MAX];
 static char depth1_localpath[PATH_MAX];
 static int depth1_metaflush;
 
+extern void yyerror(const char *);
+extern int yylex(void);
 extern void yyrestart(FILE *);
 
 static int isitme(const char *name);
diff --git a/sbin/hastd/primary.c b/sbin/hastd/primary.c
index a9dfa2b..92d1d9e 100644
--- a/sbin/hastd/primary.c
+++ b/sbin/hastd/primary.c
@@ -78,7 +78,7 @@ struct hio {
 	 * kernel. Each component has to decrease this counter by one
 	 * even on failure.
 	 */
-	unsigned int		 hio_countdown;
+	refcnt_t		 hio_countdown;
 	/*
 	 * Each component has a place to store its own error.
 	 * Once the request is handled by all components we can decide if the
@@ -415,7 +415,7 @@ init_environment(struct hast_resource *res __unused)
 			    "Unable to allocate %zu bytes of memory for hio request.",
 			    sizeof(*hio));
 		}
-		hio->hio_countdown = 0;
+		refcnt_init(&hio->hio_countdown, 0);
 		hio->hio_errors = malloc(sizeof(hio->hio_errors[0]) * ncomps);
 		if (hio->hio_errors == NULL) {
 			primary_exitx(EX_TEMPFAIL,
@@ -1300,11 +1300,12 @@ ggate_recv_thread(void *arg)
 		}
 		pjdlog_debug(2,
 		    "ggate_recv: (%p) Moving request to the send queues.", hio);
-		hio->hio_countdown = ncomps;
 		if (hio->hio_replication == HAST_REPLICATION_MEMSYNC &&
 		    ggio->gctl_cmd == BIO_WRITE) {
 			/* Each remote request needs two responses in memsync. */
-			hio->hio_countdown++;
+			refcnt_init(&hio->hio_countdown, ncomps + 1);
+		} else {
+			refcnt_init(&hio->hio_countdown, ncomps);
 		}
 		for (ii = ncomp; ii < ncomps; ii++)
 			QUEUE_INSERT1(hio, send, ii);
@@ -2139,7 +2140,7 @@ sync_thread(void *arg __unused)
 			ncomp = 1;
 		}
 		mtx_unlock(&metadata_lock);
-		hio->hio_countdown = 1;
+		refcnt_init(&hio->hio_countdown, 1);
 		QUEUE_INSERT1(hio, send, ncomp);
 
 		/*
@@ -2189,7 +2190,7 @@ sync_thread(void *arg __unused)
 
 		pjdlog_debug(2, "sync: (%p) Moving request to the send queue.",
 		    hio);
-		hio->hio_countdown = 1;
+		refcnt_init(&hio->hio_countdown, 1);
 		QUEUE_INSERT1(hio, send, ncomp);
 
 		/*
diff --git a/sbin/hastd/refcnt.h b/sbin/hastd/refcnt.h
index a989df0..1246043 100644
--- a/sbin/hastd/refcnt.h
+++ b/sbin/hastd/refcnt.h
@@ -36,15 +36,24 @@
 
 #include "pjdlog.h"
 
+typedef unsigned int refcnt_t;
+
+static __inline void
+refcnt_init(refcnt_t *count, unsigned int v)
+{
+
+	*count = v;
+}
+
 static __inline void
-refcnt_acquire(volatile unsigned int *count)
+refcnt_acquire(refcnt_t *count)
 {
 
 	atomic_add_acq_int(count, 1);
 }
 
 static __inline unsigned int
-refcnt_release(volatile unsigned int *count)
+refcnt_release(refcnt_t *count)
 {
 	unsigned int old;
 
diff --git a/sbin/hastd/subr.c b/sbin/hastd/subr.c
index 440061e..0e9930b 100644
--- a/sbin/hastd/subr.c
+++ b/sbin/hastd/subr.c
@@ -231,6 +231,7 @@ drop_privs(const struct hast_resource *res)
 		pjdlog_common(LOG_DEBUG, 1, errno,
 		    "Unable to sandbox using capsicum");
 	} else if (res != NULL) {
+		cap_rights_t rights;
 		static const unsigned long geomcmds[] = {
 		    DIOCGDELETE,
 		    DIOCGFLUSH
@@ -239,8 +240,9 @@ drop_privs(const struct hast_resource *res)
 		PJDLOG_ASSERT(res->hr_role == HAST_ROLE_PRIMARY ||
 		    res->hr_role == HAST_ROLE_SECONDARY);
 
-		if (cap_rights_limit(res->hr_localfd,
-		    CAP_FLOCK | CAP_IOCTL | CAP_PREAD | CAP_PWRITE) == -1) {
+		cap_rights_init(&rights, CAP_FLOCK, CAP_IOCTL, CAP_PREAD,
+		    CAP_PWRITE);
+		if (cap_rights_limit(res->hr_localfd, &rights) == -1) {
 			pjdlog_errno(LOG_ERR,
 			    "Unable to limit capability rights on local descriptor");
 		}
@@ -258,7 +260,8 @@ drop_privs(const struct hast_resource *res)
 			    G_GATE_CMD_DESTROY
 			};
 
-			if (cap_rights_limit(res->hr_ggatefd, CAP_IOCTL) == -1) {
+			cap_rights_init(&rights, CAP_IOCTL);
+			if (cap_rights_limit(res->hr_ggatefd, &rights) == -1) {
 				pjdlog_errno(LOG_ERR,
 				    "Unable to limit capability rights to CAP_IOCTL on ggate descriptor");
 			}
diff --git a/sbin/hastd/token.l b/sbin/hastd/token.l
index 38bf8d6..e8f6760 100644
--- a/sbin/hastd/token.l
+++ b/sbin/hastd/token.l
@@ -42,10 +42,14 @@ int depth;
 int lineno;
 
 #define	DP	do { } while (0)
+#define	YY_DECL	int yylex(void)
+
+extern int yylex(void);
 %}
 
 %option noinput
 %option nounput
+%option noyywrap
 
 %%
 control			{ DP; return CONTROL; }