In rare cases, this could lead to buffer overflows.
Replace buggy concept from the prototype phase with more
robust (although slightly less performant) code.
We report an error if there are unfreed mrefs after the device brick
has been switched to power off.
Instead of reporting an error at once, we report only warnings in the first 20
seconds. If there are still unfreed mrefs after that time an error is reported.
Signed-off-by: Thomas Schoebel-Theuer <tst@1und1.de>
Some filesystems like ext3 have only full second resolution.
Therefore, we _must_ advance the Lamport clock in whole seconds
when working on such gear, since we want to prevent lost
updates which would be caused by standstill Lamport clocks.
Sometimes, the lamport clock gets updated more frequently per second
than real time. In such cases, the Lamport clock will run much faster
than real time. After some weeks of operation, the Lamport clock
will be far in the future.
In general, we cannot do anything against that. When some fine-grained
information cannot be coded into some specific data type, it
cannot be coded.
However, when updates start to occur less frequently, we want to
_leave_ the workaround mode ASAP. The old code set tv_nsec to 0
which made it very likely that the workaround was triggered
again unnecessarily.
In order to _reduce_ that effect, we prevent unnecessary cascades
of whole-second leaps by setting the nanoseconds constantly to 1
if the full second was increased due to insufficient capabilities
of the underlying filesystem. At least in those cases where
Lamport timestamps are transferred over the network and/or we have
mixed configurations between ext3/ext4, we hope to
decrease the risk of endless cascades.
Experience shows that the new code behaves better.
Switch on only when all predecessor bricks are also on.
Failing to do so can result in fatal errors.
Similarly, switch only off if no successor exists any more.
