When sync_action is idle mdmon takes the latest value of md/resync_start
or md/<dev>/recovery_start to record the resync/rebuild checkpoint in
the metadata. However, now that mdmon is reading sync_completed there
is no longer a need to wait for, or force an idle event to take a
checkpoint.
Simply update the forward progress of ->last_checkpoint at every wakeup
event and force it to be recorded at least every 1/16th array-size
interval. It may be recorded more frequently if a ->set_array_state()
event occurs.
This also cleans up some confusion in handling the dual-rebuild case.
If more than one spare has been activated the kernel starts the rebuild
at the lowest recovery offset, so we do not need to worry about
min_recovery_start().
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Allow --examine to determine which disk might have a stale view of the
per-disk out-of-sync state.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Make create check with the appropriate meta data handler and see what the
largest chunk size is supported. The current 512K default is not supported
by existing imsm OROM.
[dan.j.williams@intel.com: trim the upper limit to 512k for future oroms]
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Support for deleting a subarray out of a container. When all subarrays
are deleted the component devices are converted back into spares, a
--zero-superblock is still needed to kill the remaining metadata at this
point. This operation is blocked when the subarray is active and may
also be blocked by the metadata handler when deleting the subarray might
change the uuid of other active subarrays. For example, with imsm,
deleting subarray 'n' may change the uuid of subarrays with indexes > n.
Deleting a subarray needs to be a container wide event to ensure
disks that record the modified subarray list perceive other disks that
did not receive this change as out of date.
Notes:
The st->subarray parsing in super-intel.c and super-ddf.c is updated to
be more strict now that we are reading user supplied subarray values.
Offline container modification shares actions that mdmon typically
handles so promote is_container_member() and version_to_superswitch()
(formerly find_metadata_methods()) to generic utility functions for the
cases where mdadm performs the operation.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
update_recovery_start() assumed that the out-of-sync disk would always be
marked as IMSM_ORD_REBUILD in the disk_ord_tbl, but the segmentation
fault reported by Andy proves otherwise. This might also be explained by
an interrupted rebuild and the disk has not yet been marked missing.
https://bugzilla.redhat.com/show_bug.cgi?id=592030
Reported-by: Andy Lutomirski <luto@mit.edu>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This is needed for imsm where:
1/ we want to report raid_disks as zero to allow mdadm -As to
incorporate all spares
2/ we can't determine stale disks by looking at the event counts.
3/ we can't see per-subarray expectations with the info returned from
the container level ->getinfo_super()
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The kernel updates and notifies md/sync_completed when it is time to
take a checkpoint. When this occurs (at 1/16 array size intervals)
write 'idle' to md/sync_action to have the current recovery position
updated in recovery_start and resync_start.
Requires the metadata handler to reset ->last_checkpoint when it has
determined that recovery has ended.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
These metadata are not expected on partitions, and they have
no way of differentiation whether which is correct if they
are found both on the device and on the last partition.
So if the device is a partition, refuse to read the metadata.
Signed-off-by: NeilBrown <neilb@suse.de>
mdadm prevents creation when device names are duplicated on the command
line, but leaves the partially created array intact. Detect this case
in the error code from add_to_super() and cleanup the partially created
array. The imsm handler is updated to report this conflict in
add_to_super_imsm_volume().
Note that since neither mdmon, nor userspace for that matter, ever saw an
active array we only need to perform a subset of the cleanup actions.
So call ioctl(STOP_ARRAY) directly and arrange for Create() to cleanup
the map file rather than calling Manage_runstop().
Reported-by: Krzysztof Wojcik <krzysztof.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Matching the functionality already in super0 and super1, when
we first create a container, remove any other recognisable metadata to
ensure it doesn't cause confusion.
Signed-off-by: NeilBrown <neilb@suse.de>
This reverts commit 9ef5dbff4a as it is
duplicating the check that is done internal to imsm_read_serial().
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
1.x metadata allows a device to be a member of the array while it
is still recoverying. So it is a working member, but is not
completely in-sync.
mdadm/assemble does not understand this distinction and assumes that a
work member is fully in-sync for the purpose of determining if there
are enough in-sync devices for the array to be functional.
So collect the 'recovery_start' value from the metadata and use it in
assemble when determining how useful a given device is.
Reported-by: Mikael Abrahamsson <swmike@swm.pp.se>
Signed-off-by: NeilBrown <neilb@suse.de>
Fix compile warning when size_t is not a long.
Acked-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Luca Berra <bluca@vodka.it>
Signed-off-by: NeilBrown <neilb@suse.de>
This allows a person to testing using loopback devices that don't
support serial number queries.
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Unlike native md checkpointing some data about the geometry and type of
the migration process is coded into curr_migr_unit. Provide logic to
convert between md/{resync_start|recovery_start} and imsm/curr_migr_unit.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Replace occurrences of ~0ULL to make it clear we are talking about maximal
resync/recovery position.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
We don't need to sprinkle reads of this attribute all over the place,
just once at the entry of read_and_act(). Also, the mdinfo structure
for the array already has a 'resync_start' member, so just reuse that.
Finally, rename get_resync_start() to read_resync_start to make it
consistent with the other sysfs accessors in monitor.c.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
When printing the migration state there is no need to print "migrating".
The fact that the state is non-idle should be enough indication.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
disk_list_get() can return NULL if:
1/ A formerly missing disk is re-added
2/ The original array has not been rebuilt, so the family number of the
missing disk still matches
3/ The metadata record of the in-sync disks are read before the missing
disk
This will result in the missing disk not adding its own serial number to
the disk_list, only its truncated value will be present.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
When associating a spare take on the target's metadata version number to
satisfy future compare_super checks.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Factor out the orom checking bits to validate_geometry_imsm_orom() and
share it between validate_geometry_imsm_volume() and the entry path to
reserve_space().
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The patch increases the capacity of buffers used to store
sysfs path names. Originally the buffers were too small to
hold the canonical representation of sysfs path (in case
of a SAS device, especially a device installed behind an
expander).
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Reviewed-by: Andre Noll <maan@systemlinux.org>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Possible memory leak. Dynamic memory stored in 'dev' and 'dev' allocated
through function 'malloc' can be lost on exit path.
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Possible memory leak. Dynamic memory stored in 'sra' allocated through
function 'sysfs_read' at line 2484 can be lost at lines 2491, 2560 and
2571.
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dynamic memory stored in 'devnum2devname(st->container_dev)' allocated
through function 'devnum2devname' at line 1274 is lost at line 1278.
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Pointer 'c' returned from call to function 'strchr' at line 954 may
be NULL and will be dereferenced at line 955.
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Pointer 'disk' returned from call to function '_get_imsm_disk' at line
700 may be NULL and will be dereferenced at line 710.
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Pointer 'st' returned from call to function 'malloc' at line 320 may
be NULL and it will be dereferenced at line 321.
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
sysfs_add_disk() regenerates the name from major:minor, so we can drop a
strcpy that the static analysis checker does not like.
Reported-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Buffer overflow, array index of 'nm' may be out of bounds.
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Pointers '_dev' and '_disk' returned from call to function '_get_imsm_dev'
and '_get_imsm_disk' may be NULL and will be dereferenced at lines
2933 and 2934, respectively.
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Suspicious dereference of pointer 'super' before NULL check at
line 3429.
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Make sure opened file descriptor is cleaned up on exit
path. Also make sure allocated memory for 'sra' is released
on exit path, too.
Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Pointer 'this' returned from call to function 'malloc' at line 3795
may be NULL and will be dereferenced at line 3796.
Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
When -z is omitted reserve_space() looks to satisfy a zero length
allocation which lo and behold is equal to the amount of free space on a
full disk. So, catch maxsize == 0 and simplify the return value from
merge_extents() to always equal amount of free space (no benefit to
having a special case ~0ULL == error).
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
->validate_geometry is called to validate overall parameters,
and to validate each individual device.
If it ever fails, it needs to report the reason, as common code
cannot possible know.
Signed-off-by: NeilBrown <neilb@suse.de>
When disks have conflicting container memberships (same container ids
but incompatible member arrays) --update=uuid can be used to move
offenders to a new container id by changing 'orig_family_num'.
Note that this only supports random updates of the uuid as the actual
uuid is synthesized. We also need to communicate the new
'orig_family_num' value to all disks involved in the update. A new
field 'update_private' is added to struct mdinfo to allow this
information to be transmitted.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Fix init_super_imsm() to return an empty mpb when info == NULL, and
teach store_super_imsm() to simply write out the passed in mpb.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=523320
Reported-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
imsm_activate_spare() in the manager thread may race against
write_super_imsm_spares() in the monitor thread. Give
write_super_imsm_spares() its own private mpb buffer to prevent
confusing the manager.
This change uncovered cases where spares were not being assembled due to
a failed metadata version number check. Spares can freely associate
across metadata version number, so reduce the scope of the version check
in the spare assembly case.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This is a result of trawling through the Windows implementation to learn
the mechanism of how it disambiguates family_num. It is a continuation
of commit 148acb7b "imsm: fix family number handling" which introduced a
regression when reassembling a container with stale disks and rebuilt
members.
When rebuilding, a new family number is assigned to protect against the
"prodigal array member" problem. It prevents a former family member
from returning to the system and causing a rebuild to go the wrong
direction. However, this invalidates looking at the generation number to
determine the most up-to-date disk when comparing across family numbers.
Instead the assembly logic looks for agreement between a disk's local
family membership compared against a global list of all families in the
system. Whenever a disk's local metadata does not match a family number
on the global list that family number is marked offline.
It is possible that this logic results in multiple incompatible but
valid family numbers existing in a container. In this case mdadm.conf
cannot be consulted because it only records the uuid which is generated
from static fields in the metadata. The metadata lacks the data needed
to disambiguate "local" versus "foreign". The "foreign" array in this
case requires updating to change its container-id information
(orig_family_num), and possibly the member array names.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
None of the other formats close the passed in fd at load, and this
becomes a problem when trying to support --update where we need O_EXCL
protection across the entire operation.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
'USABLE_DISK' is not a 'persistent' status flag it is an internal status
flag used for the in memory representation of the disk in the Windows
driver.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
1/ Fix an off by one error when detecting whether the device allocation
loop succeeded or not
2/ Update ->num_raid_devs before copying to avoid a segmentation fault
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
A previous patch moved move the '--examine --brief' reporting of
member arrays to before their containers. This breaks "mdadm -As"
assembly. So put them back, but still fix the problem addressed by
previous patch.
Signed-off-by: NeilBrown <neilb@suse.de>
imsm spares do not have container membership by default so we associate
them with the first container found in the configuration file. Some
ARRAY lines do not specify the metadata type so we cannot assume that
_cst will always be valid.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The family_number field can change. The option-rom will change the
family number when it starts a rebuild process (flags a container for
rebuild). This was not seen previously as mdadm would usually start the
rebuild process, preserving the family number.
This is the mechanism that helps to prevent a prodigal array member from
being returned to its original system and cause a rebuild to go in the
wrong direction. With the change we will end up with a container that
will fail to assemble unless the device with the incompatible family
number is left out of the assembly.
So, take several actions:
1/ Convert uuid generation to use orig_family_num, being careful to
preserve the existing uuid in the case where orig_family_num is not
set (i.e. previous mdadm created imsm arrays)
2/ Set orig_family_num at Create. For arrays created by mdadm prior to
this release orig_family_num will be zero, so set it to family_num at
the first metadata write.
3/ Add checks for orig_family_num to compare_super_imsm
4/ Update the family number when initiating rebuild
5/ The option-rom mixes some random data into the family number, add
this functionality to the mdadm implementation.
Reported-by: Marcin Labun <marcin.labun@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The last sector of an array is calculated by start + size - 1.
Reported-by: Rafal Marszewski <rafal.marszewski@intel.com>
Reported-by: Jarema Bielanski <jarema.bielanski@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The map file needs to be updated after adding the first member array to
an Intel metadata container. The uuid for an imsm container uses the
->family_num field of the metadata. This field is static, but is only
set after the first member array has been created. Prior to this all
devices are free floating spares and do not have any information that
can identify specific container membership. At Create() time we take
the uninitialized uuid from ->get_info_super() prior to updating the
metadata. So the current result is:
# mdadm --create /dev/md/imsm /dev/sd[b-e] -n 4 -e imsm
# mdadm --create /dev/md/vol0 /dev/md/imsm -n 4 -l 0
# cat /var/run/mdadm/map
md126 /md127/0 3e03aee2:78c3c593:1e8ecaf0:eefb53ed /dev/md/vol0
md127 imsm 53d6f8b1:7a783f24:f30483c5:705c48c7 /dev/md/imsm
# mdadm -Ebs
ARRAY metadata=imsm UUID=589d2d2c:4221a54d:acb63c06:c3907f52
ARRAY /dev/md/vol0 container=589d2d2c:4221a54d:acb63c06:c3907f52
member=0 UUID=57b89b63:5cd0eae1:17dd26b3:51cc78d4
So, before we write out the new metadata check to see if the member
array uuid has changed as a result of this addition. If it has, update
its uuid in the map file and flag its parent container for updating. In
support of updating the container uuid the semantics of
->write_init_super are changed to clear any metadata specific member
array cursors (e.g. ddf_super.currentconf or intel_super.current_vol)
such that a subsequent call to ->getinfo_super returns container
information.
Reported-by: Ignacy Kasperowicz <ignacy.kasperowicz@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Prior to creating any arrays in a new container the output from -Ebs for
a 4-disk imsm array returns:
spares=4
We should at least display that these are imsm spares:
ARRAY metadata=imsm
spares=4
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
When performing an "-Ebs -e <metadata type>" we segfault because the
superblock has been freed too early. We also leak memory for 'ddf' and
'imsm' because, unlike super[01], we do not implicitly free when
->load_super is called on an already loaded supertype.
So, fix up imsm and ddf to match type 0 and 1 ->load_super() semantics,
and update Examine to not free the superblock until all usages have been
exhausted.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
RebuildMap wants to poll through mdstat and retrieve a (kernel name,
uuid, user name) tuple for each array. Teach imsm and ddf to honor
st->sub_array at ->load_super() time to set their internal subarray
pointers to the value specified in st->subarray, or return an error if
st->subarray specifies an invalid array.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
With --verbose, --examine --brief prints dev= information after
the personality has done its bit.
But with containers, the member array are printed in between.
So in super-ddf and super-intel, move printing of the member
arrays to before printing of the container. This avoids
confusion.
Signed-off-by: NeilBrown <neilb@suse.de>
We sometimes set failed_disk_num to ~0.
However we cannot test for equality with that as failed_disk_num
is 8bit and ~0 is probably 32bit with lots of 1's.
So test if ~failed_disk_num is 0 instead.
Reported-By: "Mr. James W. Laferriere" <babydr@baby-dragons.com>
Signed-off-by: NeilBrown <neilb@suse.de>
The auto parameter is obsolete after kernel version 2.6.28 as all arrays
are partitionable via block device extended minor support. Environments
that requre the mdp style of array can always edit the configuration
file to specify auto=mdp.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The 'num_domains' field simply identifies the number of mirrors. So it
is 2 for a 2-disk raid1 or a 4-disk raid10. The orom does not currently
support more than 2 mirrors, but a three disk raid1 for example would
increase num_domains to 3.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
It always afters to cast big things to (unsigned long long) before
printing as %llu - it seems there will always be one arch which
has something to complain about ....
Signed-off-by: NeilBrown <neilb@suse.de>
Because ---examine --brief, or --detail --brief are
often used to create mdadm.conf, and because people don't want to
have to update their mdadm.conf unnecessarily, we don't want to
include information that might change.
And now that level changing is supported, that is almost everything
but UUID.
So move some more fields into the "Only print with --verbose" class.
Signed-off-by: NeilBrown <neilb@suse.de>
imsm arrays round down the effective array size to the closest 1
megabyte boundary so teach get_info_super_imsm and sysfs_set_array to
set 'md/array_size' if available (and make sure ddf uses the default
size).
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
New documentation shows that this field is not equivalent to
md/resync_start. Disable updates until full support can be developed.
Writing '0' when a migration starts/re-starts remains correct.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Until support for higher order migrations (online capacity expansion,
raid level migration, chunk size migration...) are implemented do not
allow arrays in these states to be assembled.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
imsm distinguishes parity initialization from parity checking in the
metadata. Older option roms marked the repair operation with the
'verify' type and a 'with fixup' flag in the raid device 'status' field.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
'num_domains' is the number of parity domains. I.e. 2 in the raid10
case (2-mirrors), while raid0 through raid5 have 1 parity domain (even
though raid0 does not have parity).
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
According to new documentation the metadata expects that all whitespace
(characters <= 0x20) are stripped from the incoming serial number. If
the length remains longer than MAX_RAID_SERIAL_LEN then only the
right-most characters are preserved.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
In support of auto-layout:
1/ collect and merge all extents to find the largest common-start free region
2/ verify that we meet the "all volumes must use the same set of disks"
2/ mark the disks to be added in add_to_super_imsm_volume
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
All operations that rely on loading from an existing container (like
--add) will fail after a disk has been removed. Provide an option to
skip missing / offline disks rather than abort. We attempt to do this
in the load_super_{imsm,ddf}_all cases when mdmon is running i.e. we
already have a consitent version of the metadata running in the system.
Otherwise, we fail as normal and let the administrator fix up the
container.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
If the checksum verification fails and mdmon is running we retry the
load to get a consistent snapshot of the mpb. Found by
tests/08imsm-overlap.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Actually, rename mark_failure to mark_missing and then implement the
correct mark_failure which according to new documentation is to:
1/ Set the FAILED status bit
2/ Set IMSM_ORD_REBUILD to mark the disk out of sync
3/ Set map->failed_disk_num if this is the first failure detected
failure (it is ~0 otherwise)
Previously the assumption was that IMSM_ORD_REBUILD only appeared in
map[1], so all routines that care about out-of-sync disks need to be
updated.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
A foreign disk is one that all other drives believe is not-in-sync but
does not have the 'failed' status bit set.
This also reverts, because that commit is addressing the wrong problem.
Ideally mdmon would kick "non-fresh" drives like the kernel does at
native-md activation time, but that is too awkward to implement at the
moment because mdadm owns container manipulations.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Spares in the imsm case are marked with the "match-all" uuid of
ffffffff-ffffffff-ffffffff-ffffffff. When performing incremental
assembly we need to associate such devices with a populated container
uuid. Also when performing --detail on a container with only spares
present we can make an attempt to return a real uuid.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
IMSM_NO_PLATFORM turns off checks that should be tested, so provide a
IMSM_TEST_OROM variable to allow testing the orom constraints in the
mdadm regression suite.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
mdadm -C /dev/md/r1d2n1s0-5 -amd -l1 --size 5242880 -n 2 /dev/sdb /dev/sdc -R -f -v -c 64
mdadm: chunk size ignored for this level
mdadm: super0.90 cannot open /dev/sdb: Device or resource busy
mdadm: super1.x cannot open /dev/sdb: Device or resource busy
mdadm: platform does not support a chunk size of: 0
mdadm: device /dev/sdb not suitable for any style of array
Reported-by: Krzysztof Wojcik <krzysztof.wojcik@intel.com>
Tested-by: Jacek Danecki <jacek.danecki@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Failed disks do not have valid serial numbers which means we will not
pick up the 'failed' status bit from the metadata entry. Check for
dl->index == -2 to prevent failed disks from being incorporated into the
container.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
If the metadata handler can not find its platform support components
then there is no way for it to verify that the raid configuration will
be supported by the option-rom. Provide a generic method for metadata
handlers to warn the user that the array they are about to create may
not work as intended with a given platform.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This is a key orom-compatibility constraint. A nice side effect is that
it precludes the corner case of 'create' racing against 'spare activate'
since the create will fail to convert a spare into an array member. At
create time we check if this is the first member array in the container
if it is than all disks are possible candidates, if it is not then only
current members are permitted.
A bit hairier is spare-activation handling in the presence of this
constraint. It is difficult because spare handling is per array. The
approach taken is to:
1/ check that a new spare can cover all defined arrays in the container
2/ ensure that partially assimilated spares are the first candidates
when looking for a spare region to activate.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Let handlers specifiy their own defaults, specifically needed for the
imsm-raid5 case where mdadm defaults to 'ls' and imsm to 'la'.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dump the orom capabilities and hardware disk configuration. This code
relies on the name of scsi_host objects to determine the hardware port
number. Hopefully this information is stable...
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Metadata formats like imsm work in concert with platform firmware and
hardware, so provide a way for mdadm to display this info to the user.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
These checks are only enabled when platform support for imsm is found,
i.e. ahci driver is loaded and talking to an Intel(R) controller, and
the option rom header is located.
They can be turned off by setting the environment variable
IMSM_NO_PLATFORM to 1.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
imsm metadata requires all members of a raid volume to start at the same
offset. So, incrementally build a composite disk from all the
candidates passed to ->validate_geometry. After each disk is added
merge the extents and search for a common start offset that satisfies
the requested raid device size.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
When chunksize is 0 in the raid1 case we need to use
info_to_blocks_per_member() to calculate the array size.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
If, when creating an array, a signal target device is given which
is a container, then allow the metadata handler to choose which
devices to use.
This is currently only supported for DDF.
Signed-off-by: NeilBrown <neilb@suse.de>
1/ When truncating the space reserved for the metadata round down to an
even numbered sector count to avoid an off-by-one error when
sysfs_add_disk rounds up.
2/ Set the current metadata parameter block size
as a floor.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Make sure every failure from add_to_super prints a suitable
error message, and then don't print any error in the caller.
Signed-off-by: NeilBrown <neilb@suse.de>
Change the multibyte disk status field definitions to imsm byte-order
(little-endian) to match other multibyte field definitions.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Change the "env_check_mdmon" function to be more generic, accepting
and environment variable name, as soon we will have a new use for it.
Signed-off-by: NeilBrown <neilb@suse.de>
If a spare is included in the list of examined disks we need to copy in at
least enough information to get the uuid of the populated container.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This prevents a uuid of all f's from being displayed when an imsm spare is
listed along with active disks for mdadm -Eb.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Examine() is actually looking at the ACTIVE bit. This happened to work for
imsm spares but now it needs to be fixed up.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Raid disk and disk number information is not relevant at the container
level, especially for imsm. So arrange for getinfo_super_imsm() to
always publish devices as spares and report the number of spares at
Assemble() time.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The uuid returned for an imsm spare device will never match the uuid of an
active disk. So make mdadm interpret a uuid of all f's as "match any".
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Both super-ddf and super-intel ignore memory allocation failures during
->activate_spare. Fix these up by cancelling the activation.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
load_imsm_disk() currently notices if spares missed their activation
update, but we allow a stale failed disk back in to the array because its
serial number is clobbered in the most up-to-date disk.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
If a drive is removed while mdmon is not running we need a way to
identify what is missing and mark that disk as failed in the metadata.
At ->load_super() time create a list of missing disks defined as a disk
that is marked in-sync yet does not appear in super->disks.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Spotted a thinko... raid devices are dynamically sized, disks are not.
The space for disks is always mpb->num_disks * sizeof(struct imsm_disk).
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
When the array is shutdown, or when mdadm --wait-clean is called, any
active resync process will be idled allowing mdmon to record the current
resync position.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
md/resync_start reports different terminal values depending on kernel
configuration (~0UL versus ~0ULL). Make detection of the
resync-complete state more robust by comparing against array size.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
On ich6r the option-rom appears to reserve only 432 sectors rather than
the 418+4096 of newer implementations. For compatibility trust the
metadata in these cases.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
1/ near-2 indeed matches how the Windows driver lays out the data
2/ update imsm_check_degraded to check for rebuilding disks in the
raid10 case
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
zero-initialize the serial buffer to handle cases where the response is
less than MAX_RAID_SERIAL_LEN.
Tested-by: Jacek Danecki <jacek.danecki@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
For now, this means that the lack of a homehost doesn't always prevent
assembly.
Soon we will allow assembly anyway, but have different messages if
homehost isn't supported.
mdadm -I /dev/part-of-container
should add that to a container, creating if it needed,
and then try to assemble any arrays in the container.
Signed-off-by: NeilBrown <neilb@suse.de>
When we assemble an array, there are three different approaches
depending on whether metadata is internal or external, and on
kernel version.
Move all this to a common helper instead of duplicating in 3 places.
Signed-off-by: NeilBrown <neilb@suse.de>
The variety of approaches to 'add_disk' are factored out into
a separate function, and Incremental mode benefits by being
closer to supporting the assembly of containers.
Also remove the adding-to-array-data-structure out of sysfs_add_disk
and into add_disk.
And add some tests for --incremental mode to make sure we don't break it.
Signed-off-by: NeilBrown <neilb@suse.de>
Allow the following sequence to rebuild the array
mdadm --fail /dev/md/r1 /dev/disk
mdadm --remove /dev/imsm /dev/disk
mdadm --add /dev/imsm /dev/disk
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
* allows container_content() to pick up the safemode_delay
* removes some duplicate code
* fixes an endian bug setting info->array.chunk_size
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
* Trim trailing and leading whitespace
* Allow unterminated serial numbers up to MAX_RAID_SERIAL_LEN
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The secondary map is used to reflect the migration state of the array
i.e. from dev->vol.map[1] to dev->vol.map[0]. Ensure a rebuilding /
initializing array is marked in the second map, while normal status is
reflected in the first map. Also mark rebuilding drives with
IMSM_ORD_REBUILD.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
* fix breakage from last merge (infinite loop in imsm_process_update())
* add ability to delete by index
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
IMSM_ORD_REBUILD is the 'insync' flag in MD terms. USABLE is a flag to
opt-in disks for use with the Windows driver.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Save some unnecessary calls to get_imsm_map() by teaching
get_imsm_disk_idx() to retrieve the map.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This allows spares to be associated with any family while not allowing
disks from different families to be assembled.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
We used to leave SPARE_DISK unset to indicate it was available to be
assimilated into other arrays. Now we explicitly check the size.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
* Truncate the first character of the serial number
* Set 'scsi_id' to all f's
* Expect to find disk entries with unmatchable serial numbers, i.e.
expect get_imsm_disk() to return NULL in some situations
* Allow discrepencies between mpb->num_disks and len(super->disks)
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Ensure that the mpb buffer is large enough to hold the extra imsm_map's
of migrating arrays and dynamically created raid devices.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
For example, this allows one to still say mdadm -A /dev/sd[b-e] even
though /dev/sde has replaced /dev/sdd. Otherwise mdadm will say:
mdadm: superblock on /dev/sdd doesn't match others - assembly aborted
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Adding a device updates the container and then mdmon takes action upon
noticing a change in devices. This reuses the container version of
add_to_super to create a new record for the device.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: NeilBrown <neilb@suse.de>
When we have determined that a disk is no longer of any value, remove
it from the data structure. This is now safe because the manager
will back off while any metadata update is pending in the monitor.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: NeilBrown <neilb@suse.de>
When we first start an array, it might be good to start recovery
straight away. That requires setting the array to 'dirty', but
only the metadata handler can know if that is required or not.
So have a third possible 'consistent' option to set_array_state.
Either 'no' or 'yes' or 'you choose'.
Return value indicates what was chosen.
'1' (no) should be chosen unless there is a good reason.
Signed-off-by: NeilBrown <neilb@suse.de>
1/ Do not assemble !in_sync or failed devices in container_content.
2/ Prevent activation of failed or configured devices in activate_spare.
3/ Be sure to avoid dirty degraded if the array was shutdown cleanly.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
imsm_dev dynamically grows, so dev_idx needs to be moved up in the
definition to avoid getting clobbered.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
With dev->vol.map and mpb->disk entries entering and leaving the parameter
block write_super_imsm needs to update the size before writeback.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Disks that are not in-sync or failed are not assembled into member
arrays by mdadm. Teach mdmon to resolve this situation by checking for
spares at start. imsm_activate_spare() is updated to prefer devices
that can be re-added versus new spares.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The option-rom and the Matrix driver mark resyncs/rebuilds with the
migrate state bits. Update sizeof_imsm_dev to allow allocation of
imsm_dev entries large enough to grow if migr_state is later set.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This poses a small problem for the case of handling multiple raid1 arrays
across separate disk pairs i.e. 2 mirrors on 4 disks. The option-ROM will
configure this as two containers. We may need the capability for one
container to ask for an unused spare in another container. For now spares
will just maintain the affinity established at assemble time.
To support this configuration spare devices must be allowed to be assembled
into the container even though the metadata indicates the disk belongs to a
different family.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
removes the need to lookup the disk by index in a few cases and is a
preparation step for tracking spares outside the current anchor.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This is the initial defensive implementation of bad block management
support. It simply precludes assembly if there are entries in the bad
block logs. This is sufficient for now as the conditions that lead to
an entry in the bad block log would cause the array to be failed by MD
(as of 2.6.27).
[dan.j.williams@intel.com: general cleanups]
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Maintaining a single global buffer is unwieldly when extending/rewriting
sections of the metadata. Parse the metadata into component data
structures upon reading and coalesce to a coherent buffer before
writing.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The cmd_filter patch merged for 2.6.27 broke retrieving the serial
number via an ioctl to /dev/sgN. In debugging this I found that other
utilities like sdparm simply run the ioctl on /dev/sdX. So just convert
to that for protection in numbers, but scream on the mailing list for
the inconvenience grr...
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Removes the need for the call to ->set_array_state when sync_action
transitions from 'recover' to 'idle'.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Neil rightly points out that imsm_activate_spare may skip valid free space
on a spare, fix this up.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Following the lead of 75ede16d. This incidentally fixes creation of a second
array by gating call to getinfo_super_imsm_volume with a valid ->current_vol.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Using buffered IO risks non-atomic updates to parts of the
device that we don't actually want to write to. This isn't in
general safe.
So switch to O_DIRECT for all that IO and make sure we have
properly aligned buffers.
When loading the metadata for a subarray (super_by_fd), we set
->subarray to be the name read from md/metadata_version so that
getinfo_super can return info about the correct array.
With this we can differentiate between a container and
an array within the container by looking at ->subarray[0].
Only one superswitch should be externally visible for each
general type. Others which handle different flavours
(e.g. container/data-array) should be internal only.
for development only as console output can block leading to monitor deadlocks
in low mem situations
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
A spare device by definition will have raid_disk set to -1, but when
assembling the container we want this disk to by included.
Fixes a SIGSEGV when doing:
mdadm -A /dev/imsm -e imsm /dev/sd[b-e]
...where /dev/sde is marked as a global spare device
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
It is used later by container_content_imsm to determine set the
text_version of the member arrays.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Code in manager can now just call queue_metadata_update with a
(freeable) buf holding the update, and it will get passed to the
monitor and written out.
I want the metadata handler to have more control over the 'version',
particularly for arrays which are members of containers.
So discard st->text_version and instead use info->text_version
which getinfo_super can initialise.
mark_dirty is just a special case of mark_clean - with sync_pos == 0.
mark_sync is not required. We don't modify the metadata when sync
finishes. Only when the array becomes non-writeable at which point we
use mark_clean to record how far the resync progressed.
From: Dan Williams <dan.j.williams@intel.com>
Added curr_state as a parameter to set_disk. Handlers look at this to
record components failures, and set global 'degraded' or 'failed'
status.
When reading the state as faulty:
1/ mark the disk failed in the metadata
2/ write '-blocked' to the rdev state to allow the kernel's failure
mechanism to advance
3/ the kernel will take away the drive's role in remove_and_add_spares()
4/ once the disk no longer has a role writing 'remove' to the rdev state
will get the disk out of array.
There is a window after writing '-blocked' where the kernel will return
-EBUSY to remove requests. We rely on the fact that the disk will
continue to show faulty so we lazily wait until the kernel is ready to
remove the disk. If the manager thread needs to get the disk out of the
way it can ping the monitor and wait, just like the replace_array()
case.
[buglet fix: swap the parameters of attr_match in read_dev_state]
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
From: Dan Williams <dan.j.williams@intel.com>
Metadata handlers set mdinfo.resync_start depending on the state of the
array. By default mdadm assumes the array is dirty and needs a full
resync.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
From: Dan Williams <dan.j.williams@intel.com>
The following now work:
--examine
--examine --brief
Signed-off-by: Dan Williams <dan.j.williams@intel.com>