Adam Kwolek [Wed, 7 Dec 2011 12:57:59 +0000 (13:57 +0100)]
imsm: Function imsm_set_disk() rework
Rework is needed to map state transition part to allow easier code reading.
After rework it is easy to find out what can happen in what map state
transition.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Wed, 7 Dec 2011 12:57:51 +0000 (13:57 +0100)]
imsm: FIX: Correct ords merging in end_migration()
Ord's merging should occur when rebuild finishes and final state is other
than expected only /additional failures occur during rebuild/.
Exclude array initialization.
Merging ords on migration finish should never happen.
Any failure during migration should be immediately placed in first
/current/ map, so no merge is necessary.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Tue, 6 Dec 2011 21:39:39 +0000 (08:39 +1100)]
monitor: don't unblock a device that isn't blocked.
When we see a failed device, we both unblock and remove it (after
updating the metadata).
However it might not be blocked as there can be a delay between
unblocking and the device being free to be removed.
If this happens the clearing of 'blocked' succeeds so md sends a sysfs
notification and mdmon checks again and tries to clear 'blocked'
again.
Thus it enters a busy-loop until the 'remove' succeeds.
To avoid this, only try to unblock if the device was blocked.
Adam Kwolek [Tue, 6 Dec 2011 00:44:07 +0000 (11:44 +1100)]
imsm: FIX: Just created redundant array is not in uninitialized state
When redundant array (e.g. raid5) is created metadata shows it is in
normal state. Initialization process is showed in metadata as rebuild from normal
to normal state. Redundant array should be initially in uninitialized state
before it's initialization.
Add code to put array in uninitialized state upon array creation.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
imsm: fix: does not allow to use invalid chunk size
Only least significant bit of chunk size provided by user has been used
in test with OROM capabilities. This way user could pass value which is
not a power of 2.
Adam Kwolek [Tue, 6 Dec 2011 00:37:16 +0000 (11:37 +1100)]
imsm: FIX: Function rework - imsm_count_failed()
imsm_count_failed() assumes that on the same positions in both maps
the same disk indexes are kept. This is not always true /e.g. rebuild/
It can occur that disk taken for rebuild fails at once.
Degradation on the same positions in both maps refers to different disks.
Sum of both ords can point on not failed disk. This can cause wrong
failed disk counting.
Check both maps independently. This allows for getting real degradation
information.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Tue, 6 Dec 2011 00:30:16 +0000 (11:30 +1100)]
imsm: FIX: Restore critical section on degraded array
When during assembly degradation occurs restoring metadata critical section
fails whole assembly.
Allow for degradation during assembly and not restore data on degraded disk.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Tue, 6 Dec 2011 00:28:04 +0000 (11:28 +1100)]
imsm: FIX: Remove single map state limitation in getinfo
It can occur that degradation during migration occurs on disks that are not
present in both maps /e.g. degradation on just added disk during OLCE/.
This can cause that maps will be in different states (one will be in degraded
and second in normal state). In such situation getinfo_super_imsm_volume()
will not return migration information.
Remove single state limitation in both maps to allow migration information
retrieving.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Tue, 6 Dec 2011 00:24:22 +0000 (11:24 +1100)]
imsm: FIX: Do not end migration when missing drive is handled
Currently when degradation occurs migration is finalized. This is wrong.
Finalizing migration when it is not finished can lead to data corruption
after next array assembly.
Do not finish migration when degradation occurs.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Tue, 6 Dec 2011 00:21:23 +0000 (11:21 +1100)]
imsm: FIX: Mark both maps on degradation while migrating
During migration degradation is set in first map only. This means that
according to second map disk is present. This is not true and not compatible
with OROM behavior.
Set disks in both maps to degraded state during migration.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Adam Kwolek [Tue, 6 Dec 2011 00:17:26 +0000 (11:17 +1100)]
imsm: FIX: Return longer map for failure setting
When 2 maps are present, IMSM can use shorter map for setting disk
in to degraded state. It can happen that degraded disk can be not present
in shorter map.
We should use longer map for setting disk in to degraded state.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Lukasz Dorau [Fri, 18 Nov 2011 14:34:33 +0000 (15:34 +0100)]
fix: correct metadata's update communication
The problem occurs when array under migration is assembled incrementally.
st->update_tail is not initialized in function
assemble_container_content() and during reshape
the checkpoint information in metadata is not being updated.
The value of st->update_tail is now initialized in function
assemble_container_content() and during reshape the checkpoint
information in metadata is being updated correctly on all disks.
Lukasz Dorau [Fri, 18 Nov 2011 14:28:36 +0000 (15:28 +0100)]
imsm: fix: correct printing value of blocks per migration unit
The value of blocks per migration unit is not printed correctly
when the metadata's content is examined using -E option on disks
without present migration record. (Migration record is present only
on 2 first disks in array due to IMSM compatibility restrictions.)
Printing the value of blocks per migration unit was corrected.
It is printed as N/A (Not Available) for disks
without the migration record.
Labun, Marcin [Wed, 16 Nov 2011 04:24:10 +0000 (15:24 +1100)]
imsm: platform capabilities are not validated during level migration
Migration from RAID0 to RAID5 should be blocked on the system without
support for RAID5. No platform validation was performed in RAID
level migrations: verification for all level migrations added.
Signed-off-by: Marcin Labun <marcin.labun@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Lukasz Dorau [Mon, 14 Nov 2011 14:52:52 +0000 (15:52 +0100)]
imsm: fix: correct checking newly missing disks
The problem occurs when RAID10 array under rebuild
(after one disk fails) is assembled incrementally.
Mdadm tries to start array just after adding the third disk
and the volume is assembled incorrectly (in degraded state).
The cause is that container_enough depends on
newly missing disks which are checked incorrectly now.
They should be checked using always the first map.
Lukasz Orlowski [Mon, 14 Nov 2011 05:41:03 +0000 (16:41 +1100)]
imsm: fix: Allowed to create 2 volumes with total size less then maximum.
mdadm allows to create second volume on the same disk set, whose size is
less then the free space left in the container (with IMSM_NO_PLATFORM
undefined or set to 0). This is an OROM compatibility issue.
It is fixed by verifying whether IMSM_NO_PLATFORM is set and for
the second volume creation scenario, requested size is verified against
remaining available space.
Lukasz Dorau [Mon, 7 Nov 2011 01:23:49 +0000 (12:23 +1100)]
imsm: fix: add support for OLCE and migration to imsm_count_failed
The problem occurs when array under OLCE (from 3 to 6 disks)
is assembled incrementally. Mdadm tries to start array
just after adding the third disk (this is equal to the number of disks
before the start of reshape). It does not succeed,
the volume does not assembly correctly.
The function counting failed disks (imsm_count_failed())
was fixed for migration case. Now all disk members in both maps
are checked when failed disks are counted correctly.
Lukasz Orlowski [Mon, 7 Nov 2011 01:20:34 +0000 (12:20 +1100)]
fix: Allowed to assemble 2 volumes with the same names from config file.
mdadm allowes to assemble 2 volumes with the same names based on the
config file. The issue is fixed by iterating over the list of md device
identifiers and comparing the names of md devices against each other,
detecting identical names and blocking the assembly should the same names
be found.
Now having detected duplicate names, mdadm terminates without assembling
the container, displaying appropriate prompt.
Adam Kwolek reports that with this patch, mdmon sometimes doesn't start:
When array is not clean dismounted directory /dev/.mdadm is not cleaned up.
On array re-assembly read pid is not valid and it is not possible
to connect to monitor. This causes mdmon to exit and array remains
not monitored.
Problem is introduced by fix:
mdmon(): Error out if failing to connect to victim monitor 819c158866f466075a1c719f0dc496deb2fb3814
This is critical for container reshape when mdmon is should finish reshape.
when reshape is not finished, array is reshaped again by mdadm.
As victim_sock is subsequently tested, we don't really need to test-and-fail here.
Reported-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Tue, 1 Nov 2011 04:45:46 +0000 (15:45 +1100)]
Grow: fix check_reshape and open_code it.
check_reshape should not try to parse the subarray string - only
metadata handlers are allowed to do that.
The common code and only interpret a subarray string by passing it to
"container_content" which will then return only the member for that
subarray.
So remove check_reshape and place similar logic explicitly at the two
call-sites. They are different enough that it is probably clearer to
have explicit code.
NeilBrown [Tue, 1 Nov 2011 02:30:44 +0000 (13:30 +1100)]
Kill: remove duplicate tests on 'force'.
We test 'force' twice with the second having not chance of
taking effect.
As a result a subsequent message - intended for use in the 'force'
case is never generated.
Labun, Marcin [Mon, 31 Oct 2011 00:29:46 +0000 (11:29 +1100)]
kill-subarray: fix, IMSM cannot kill-subarray with unsupported metadata
container_content retrieves volume information from disks in the
container. For unsupported volumes the function was not returning
mdinfo. When all volumes were unsupported the function was returning
NULL pointer to block actions on the volumes. Therefore, such volumes
were not activated in Incremental and Assembly. As side effect they
also could not be deleted using kill-subarray since "kill" function
requires to obtain a valid mdinfo from container_content.
This patch fixes the kill-subarray problem by allowing to obtain
mdinfo of all volumes types including unsupported and introducing new
array.status flags.
There are following changes:
1. Added MD_SB_BLOCK_VOLUME for blocking an array, other arrays in the
container can be activated.
2. Added MD_SB_BLOCK_CONTAINER_RESHAPE block container wide reshapes
(like changing disk numbers in arrays).
3. IMSM container_content handler is to load mdinfo for all volumes
and set both blocking flags in array.state field in mdinfo of
unsupported volumes. In case of some errors, all volumes can be
affected. Only blocked array is not activated (also reshaped as
result). The container wide reshapes are also blocked since by
metadata definition they require modifications of both arrays.
4. Incremental_container and Assemble functions check array.state and
do not activate volumes with blocking bits set.
5. assemble_container_content is changed to check container wide reshapes
before activating reshapes of assembled containers.
6. Grow_reshape and Grow_continue_command checks blocking bits
before starting reshapes or continueing (-G --continue) reshapes.
7. kill-subarray ignores array.state info and can remove requested array.
Signed-off-by: Marcin Labun <marcin.labun@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Jes Sorensen [Sun, 30 Oct 2011 23:24:55 +0000 (10:24 +1100)]
Avoid stack overflow if GPT partition entries on disk are > 128 bytes
Per [1] GPT partition table entries are not guaranteed to be 128
bytes, in which case read() straight into a struct GPT_part_entry
would result in a buffer overflow corrupting the stack.
Adam Kwolek [Wed, 26 Oct 2011 16:16:55 +0000 (18:16 +0200)]
FIX: Close unused handle in child process during reshape restart
When array reshape (e.g. raid0->raid5 migration) is restarted during
array assembly, file system placed on this array cannot be mounted until
reshape is finished due to "busy" error.
This is caused when reshape is executed on array for external metadata
and array handle is cloned /forked/ to child process environment but not
closed.
Handle can't be closed before executing Grow_continue() because it is
used later in code.
Close unused handle in child process /reshape_container()/.
It is similar to close fd handle in reshape_array() before calling
manage_reshape()/child_monitor() in Grow.c:2290.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
root [Sat, 22 Oct 2011 00:42:16 +0000 (11:42 +1100)]
imsm: fix: Fixes metadata after migration from Raid 0 to Raid 10
After migration from Raid 0 to Raid 10, the metadata is incorrect,
leaving one mirror disk marked as spare and one missing disk as a member
of the array.
The reason is that the metadata update code for spare activation
procedure takes into account one spare disk only, not checking
the following ones.
Jes Sorensen [Sat, 22 Oct 2011 00:29:47 +0000 (11:29 +1100)]
Remove race for starting container devices.
This moves the lock handling out of Incremental_container() and relies
on the caller holding the lock. This prevents conflict with a
follow-on mdadm comment which may try and launch the device in
parallel.
This involves replacing a call to "Incremental" with an
unrolled version with just the case that calls Incremental_container
and so needs a call to ->load_container.
Lukasz Dorau [Wed, 19 Oct 2011 13:16:33 +0000 (15:16 +0200)]
imsm: fix: correct debug printing of the volume's name
The volume's name is saved in the array of chars.
All elements of the array can have nonzero values
and the next byte in memory does not have to have
the value of 0, so one must be cautious when
printing out the volume's name.
Lukasz Dorau [Wed, 19 Oct 2011 09:51:48 +0000 (11:51 +0200)]
imsm: fix: prevent segfault in mark_failure
Using an array of chars without the terminating null byte
as a parameter of sprintf() function causes segfault
when dealing with SAS drives (with 20-digits serial number).
The memcpy() function is used instead.