One: a single character typo (of instead of or in an error printout)
Two: Audited usage of tfd file descriptor. Make sure that the tfd file
is always closed after usage, and that the tfd variable is reset to -1
if we are going to continue in our loop (not necessary if we know we
will return from our function without going through the dv loop again).
Signed-off-by: Doug Ledford <dledford@redhat.com>
We now have 3 directory definitions: mdmon directory for its pid and
sock files (compile time define, not changable at run time), mdmonitor
directory which is for the mdadm monitor mode pid file (can only be
passed in via command line at the time mdadm is invoked in monitor mode),
and the directory for the mdadm incremental assembly map file (compile
time define, not changable at run time). Only the mdadm map file still
hunts multiple locations, and the number of locations has been reduced
to /var/run and the compile time specified location. Re-use of similar
sounding defines that actually didn't denote their actual usage at
compile time made it more difficult for a person to know what affect
changing the compile time defines would have on the resulting programs.
This patch renames the various defines to clearly identify which item
the define affects. It also reduces the number of various directories
which will be searched for these files as this has lead to confusion
in mdadm and mdmon in terms of which files should take precedence when
files exist in multiple locations, etc. It's best if the person
compiling the program intentionally and with planning selects the
right directories to be used for the various purposes. Which directory
is right depends on which items you are talking about and what boot
loader your system uses and what initramfs generation program your
system uses. Because of the inter-dependency of all these items it
would typically be up to the distribution that mdadm is being integrated
into to select the correct values for these defines.
Signed-off-by: Doug Ledford <dledford@redhat.com>
This number isn't meaningful for RAID0 as a different amount of space
might be used from each device.
It isn't meaningful for linear either, but already was not reported
for linear.
Detail doesn't report it either.
So make --examine not report it.
Signed-off-by: NeilBrown <neilb@suse.de>
Reported-by: Mario 'BitKoenig' Holbe <Mario.Holbe@TU-Ilmenau.DE>
When left-shifting we must be sure that the value being
shifted is large enough to not lose bits.
The 'chunkssize' in CreateBitmap is only 'long' so it
can overflow. So cast to 'long long' first.
Also fix a similar issue in Detail even though it isn't currently
being compiled.
Signed-off-by: NeilBrown <neilb@suse.de>
Reported-by: Tomasz Chmielewski <mangoo@wpkg.org>
GET_ARRAY_INFO always succeeds on an inactive container, so we need to
be a bit more diligent about adding a disk to an active container.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The 4K superblock can be as close as 64K from the end
of the device. As the bitmap (with header) lives after
the superblock (with 0.90 metadata) there could be as
little as 60K of space.
So limit the bitmaps to 59.5K, and only write 60K including
the header.
The bug fixed here means that bitmaps cannot be created
on devices which are exact multiples of 64K in size
Signed-off-by: NeilBrown <neilb@suse.de>
super-intel.c: In function ‘imsm_add_spare’:
super-intel.c:4833: error: ‘array_start’ may be used uninitialized in this function
super-intel.c:4834: error: ‘array_end’ may be used uninitialized in this function
This is valid, if we don't find a spare candidate then array_{start,end}
will be uninitialized.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Setting up a proper tls descriptor is required to conform to the abi
[1]. Until it can be implemented in mdmon use pthreads instead of
clone(2) to let glibc handle the details. The old behaviour can be had
by un-defining USE_PTHREADS.
Note, the "O2" builds need LDFLAGS now to pick up the '-pthread' option.
[1]: http://people.redhat.com/drepper/tls.pdf
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Correction of the number of container or volume member devices (devcnt
in struct mdstat_ent). The number after the last devices was counted
towards member of devices.
Signed-off-by: Marcin Labun <marcin.labun@intel.com>
Signed-off-by: NeilBrown <neilb@suse.de>
--test can be given in Manage mode.
This can be used when there is an attempt to fail or remove 'faulty',
'failed' or 'detached' devices, or to re-add 'missing' devices.
If no devices were failed, removed, or re-added, then mdadm will
exit with status '2'.
Signed-off-by: NeilBrown <neilb@suse.de>
If the device name "missing" is given for --re-add, then mdadm will
attempt to find any device which should be a member of the array but
currently isn't and will --re-add it to the array.
This can be useful if a device disappeared due to a cabling problem,
and was then re-connected.
The appropriate sequence would be
mdadm /dev/mdX --fail detached
mdadm /dev/mdX --remove detached
mdadm /dev/mdX --re-add missing
Signed-off-by: NeilBrown <neilb@suse.de>
Adding devices to active arrays in --incremental is a bit dubious.
Normally the array won't be activated until all expected devices are
present, so this situation would mean that the given device is not
expected, so is probably failed. In that case it should only be added
by explicit sysadmin request.
However if --run was given, then quite possibly the array was
assembled earlier when not complete, so it is less clear whether it is
wrong to add this device or not. In that case add it as that is
generally safest.
It would be nice to allow policy for this to be explicitly given by
sysadmin.
Signed-off-by: NeilBrown <neilb@suse.de>
commit 1ff9833928
broke the checking of metadata types via the 'auto' line.
Be moving 'load_super" before "conf_test_metadata" we left
tst->sb set even if conf_test_metadata fails, so the device will
actually be accepted and used.
So if we decide to reject the device, free the superblock so it is
clear that it is rejected.
Signed-off-by: NeilBrown <neilb@suse.de>
Current versions of glibc do not provide a useable interface to clone(2) as it
inflicts hidden dependencies on setting up a glibc specific tls
descriptor. The dynamic linker trips this dependency and causes mdmon
to intermittently fail to load. Resolving all dynamic linking prior to
starting the monitor thread appears to mitigate the issue but there is no
guarantee that another tls dependency will bite us later.
However, while the debate continues with the glibc maintainers it seems
prudent to keep this change. It ensures that we do not get into a
situation where the monitor thread needs to make a late allocation to
resolve a symbol.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
When using 0.90 metadata, devices can be renumbered when
earlier devices are removed.
So when iterating all devices looking for 'failed' or 'detached'
devices, we need to re-check the same slot we checked last time
to see if maybe it has a different device now.
Reported-by: Jim Paris <jim@jtan.com>
Resolves-Debian-Bug: 587550
Signed-off-by: NeilBrown <neilb@suse.de>
- split the rules for handling components of array to be clearly
separate from rules for handling the arrays themselves.
- add call to "-If" when removing a device
- uncomment the --incremental call when adding a device.
Signed-off-by: NeilBrown <neilb@suse.de>
This can be used for hot-unplug. When a device has been remove,
udev can call
mdadm --incremental --fail sda
and mdadm will find the array holding sda and remove sda from
the array.
Based on code from Doug Ledford <dledford@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Allow kernel names like "sda" and "hdb1" to be used to
fail/remove devices from an array.
This is useful as after a device has been removed it can be difficult
to get the major/minor number.
Signed-off-by: NeilBrown <neilb@suse.de>
This allows finding the array which contains a given component.
Components are named using the kernel-internal string name such
as "sda1" or "hdb".
Don't return member arrays, only the contain that contains them.
Also tidy up the parsing of 'inactive' arrays in /proc/mdstat.
If we see 'inactive' we need to set 'in_devs' immediately as there
is no level coming.
Signed-off-by: NeilBrown <neilb@suse.de>
In some places it is referred to as "--rebuild", and while
that works due to getopt allowing prefixes, it could appear
confusing (rebuild means other things too) and being explicit
is some safeguard if we want to add e.g. --rebuild-foo later.
Reported-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Allow the name of the array stored in the metadata to be updated. In
some cases the metadata format may not be able to support this rename
without modifying the UUID. In these cases the request will be blocked.
Otherwise we allow the rename to take place, even for active arrays.
This assumes that the user understands the difference between the kernel
node name, the device node symlink name, and the metadata specific name.
Anticipating further need to modify subarrays in-place, introduce the
->update_subarray() superswitch method. A future potential use
case is setting storage pool (spare-group) identifiers.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
...i.e. GET_DEVS == (GET_DEVS|SKIP_GONE_DEVS)
A null pointer dereference in Incremental.c can be triggered by
replugging a disk while the old name is in use. When mdadm -I is called
on the new disk we fail the call to sysfs_read(). I audited all the
locations that use GET_DEVS and it appears they can tolerate missing a
drive. So just make SKIP_GONE_DEVS the default behaviour.
Also fix up remaining unchecked usages of the sysfs_read() return value.
Reported-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Now that mdmon records periodic checkpoints, and checkpoints every
->set_array_state() event we no longer need to 'idle' sync_action from
--wait-clean.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
When sync_action is idle mdmon takes the latest value of md/resync_start
or md/<dev>/recovery_start to record the resync/rebuild checkpoint in
the metadata. However, now that mdmon is reading sync_completed there
is no longer a need to wait for, or force an idle event to take a
checkpoint.
Simply update the forward progress of ->last_checkpoint at every wakeup
event and force it to be recorded at least every 1/16th array-size
interval. It may be recorded more frequently if a ->set_array_state()
event occurs.
This also cleans up some confusion in handling the dual-rebuild case.
If more than one spare has been activated the kernel starts the rebuild
at the lowest recovery offset, so we do not need to worry about
min_recovery_start().
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Allow --examine to determine which disk might have a stale view of the
per-disk out-of-sync state.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Make create check with the appropriate meta data handler and see what the
largest chunk size is supported. The current 512K default is not supported
by existing imsm OROM.
[dan.j.williams@intel.com: trim the upper limit to 512k for future oroms]
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Support for deleting a subarray out of a container. When all subarrays
are deleted the component devices are converted back into spares, a
--zero-superblock is still needed to kill the remaining metadata at this
point. This operation is blocked when the subarray is active and may
also be blocked by the metadata handler when deleting the subarray might
change the uuid of other active subarrays. For example, with imsm,
deleting subarray 'n' may change the uuid of subarrays with indexes > n.
Deleting a subarray needs to be a container wide event to ensure
disks that record the modified subarray list perceive other disks that
did not receive this change as out of date.
Notes:
The st->subarray parsing in super-intel.c and super-ddf.c is updated to
be more strict now that we are reading user supplied subarray values.
Offline container modification shares actions that mdmon typically
handles so promote is_container_member() and version_to_superswitch()
(formerly find_metadata_methods()) to generic utility functions for the
cases where mdadm performs the operation.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This commit introduces DEFAULT_OLD_METADATA as a preprocessor
definition. If defined, it causes mdadm to assume metadata version 0.9
as default. If not defined, version 1.x (currently 1.2) is used as
default.
The man page mdadm.8 is also modified to reflect the chosen default.
The selftests will not work if the old default is chosen.
This patch was requested by Debian so they could distribute a current
mdadm together with boot loaders that only understand 0.90 metadata
for md-raid.
Preferred usage is simply
make DEFAULT_OLD_METADATA=yes
Signed-off-by: martin f. krafft <madduck@debian.org>
Signed-off-by: NeilBrown <neilb@suse.de>
If the metadata is an empty string, it means the array in question
does not use metadata. This comes from sysfs_read finding "none" in
"metadata_version", then super_by_fd noticing the vers == -1, and so
just using the ->text_version (which is empty).
In this case we want to use the super0 metadata handler routines
because that is what we always used to do before
commit 7d5c3964cc
And that commit was wrong because "" doesn't mean "default" and so
should not have been changed at the same time.
Reported-by: martin f. krafft <madduck@debian.org>
Signed-off-by: NeilBrown <neilb@suse.de>
update_recovery_start() assumed that the out-of-sync disk would always be
marked as IMSM_ORD_REBUILD in the disk_ord_tbl, but the segmentation
fault reported by Andy proves otherwise. This might also be explained by
an interrupted rebuild and the disk has not yet been marked missing.
https://bugzilla.redhat.com/show_bug.cgi?id=592030
Reported-by: Andy Lutomirski <luto@mit.edu>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This reverts commit fdb482f99b.
Now that containers can report state for ->container_enough we can
automatically determine when the array can be started, and no longer
need the --no-degraded hammer.
Conflicts:
Incremental.c
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This is needed for imsm where:
1/ we want to report raid_disks as zero to allow mdadm -As to
incorporate all spares
2/ we can't determine stale disks by looking at the event counts.
3/ we can't see per-subarray expectations with the info returned from
the container level ->getinfo_super()
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Normally Monitor doesn't see faulty devices in active slots - they get
moved away too quickly.
But if it does, it reports the "faulty device disappeared" event (when
it finally does get moved away) as SpareActive due to insufficient
checking.
So add a better check.
Reported-by: Pierre Vignéras <pierre@vigneras.name>
A recent change move the sysfs_read call away from the check that it
succeeded. This patch moves the check back next to the sysfs_read
call.
Signed-off-by: NeilBrown <neilb@suse.de>
devnum2devname() returns pointer to memory allocated with strdup.
It must be released to prevent memory leak.
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The kernel updates and notifies md/sync_completed when it is time to
take a checkpoint. When this occurs (at 1/16 array size intervals)
write 'idle' to md/sync_action to have the current recovery position
updated in recovery_start and resync_start.
Requires the metadata handler to reset ->last_checkpoint when it has
determined that recovery has ended.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
When activating a spare we neglect to open recovery_start and as such do
not see checkpoint events. Move disk initialization to common routine
to mitigate recurrence.
Reported-by: Adam Kwolek <adam.kwolek@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Chunks aren't particularly big, but when you could them in bytes
and multiply them together (as we do for calculating the backup
size for 'grow') they can overflow a 32bit int.
So group the division by 512 more closely with the
chunk size so were would need 30Meg chunks to come close to
overflowing 32bits.
Signed-off-by: NeilBrown <neilb@suse.de>
These metadata are not expected on partitions, and they have
no way of differentiation whether which is correct if they
are found both on the device and on the last partition.
So if the device is a partition, refuse to read the metadata.
Signed-off-by: NeilBrown <neilb@suse.de>