One: a single character typo (of instead of or in an error printout)
Two: Audited usage of tfd file descriptor. Make sure that the tfd file
is always closed after usage, and that the tfd variable is reset to -1
if we are going to continue in our loop (not necessary if we know we
will return from our function without going through the dv loop again).
Fix all the confusion over directories once and for all.
We now have 3 directory definitions: mdmon directory for its pid and
sock files (compile time define, not changable at run time), mdmonitor
directory which is for the mdadm monitor mode pid file (can only be
passed in via command line at the time mdadm is invoked in monitor mode),
and the directory for the mdadm incremental assembly map file (compile
time define, not changable at run time). Only the mdadm map file still
hunts multiple locations, and the number of locations has been reduced
to /var/run and the compile time specified location. Re-use of similar
sounding defines that actually didn't denote their actual usage at
compile time made it more difficult for a person to know what affect
changing the compile time defines would have on the resulting programs.
This patch renames the various defines to clearly identify which item
the define affects. It also reduces the number of various directories
which will be searched for these files as this has lead to confusion
in mdadm and mdmon in terms of which files should take precedence when
files exist in multiple locations, etc. It's best if the person
compiling the program intentionally and with planning selects the
right directories to be used for the various purposes. Which directory
is right depends on which items you are talking about and what boot
loader your system uses and what initramfs generation program your
system uses. Because of the inter-dependency of all these items it
would typically be up to the distribution that mdadm is being integrated
into to select the correct values for these defines.
This number isn't meaningful for RAID0 as a different amount of space
might be used from each device.
It isn't meaningful for linear either, but already was not reported
for linear.
Detail doesn't report it either.
So make --examine not report it.
Signed-off-by: NeilBrown <neilb@suse.de> Reported-by: Mario 'BitKoenig' Holbe <Mario.Holbe@TU-Ilmenau.DE>
When left-shifting we must be sure that the value being
shifted is large enough to not lose bits.
The 'chunkssize' in CreateBitmap is only 'long' so it
can overflow. So cast to 'long long' first.
Also fix a similar issue in Detail even though it isn't currently
being compiled.
Signed-off-by: NeilBrown <neilb@suse.de> Reported-by: Tomasz Chmielewski <mangoo@wpkg.org>
The 4K superblock can be as close as 64K from the end
of the device. As the bitmap (with header) lives after
the superblock (with 0.90 metadata) there could be as
little as 60K of space.
So limit the bitmaps to 59.5K, and only write 60K including
the header.
The bug fixed here means that bitmaps cannot be created
on devices which are exact multiples of 64K in size
Dan Williams [Tue, 6 Jul 2010 19:48:59 +0000 (12:48 -0700)]
imsm: fix a -O2 build warning
super-intel.c: In function ‘imsm_add_spare’:
super-intel.c:4833: error: ‘array_start’ may be used uninitialized in this function
super-intel.c:4834: error: ‘array_end’ may be used uninitialized in this function
This is valid, if we don't find a spare candidate then array_{start,end}
will be uninitialized.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dan Williams [Tue, 6 Jul 2010 19:48:56 +0000 (12:48 -0700)]
mdmon: satisfy glibc tls abi requirements with pthreads
Setting up a proper tls descriptor is required to conform to the abi
[1]. Until it can be implemented in mdmon use pthreads instead of
clone(2) to let glibc handle the details. The old behaviour can be had
by un-defining USE_PTHREADS.
Note, the "O2" builds need LDFLAGS now to pick up the '-pthread' option.
[1]: http://people.redhat.com/drepper/tls.pdf
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Marcin Labun [Tue, 6 Jul 2010 07:49:37 +0000 (17:49 +1000)]
Fix the count of member devices in mdstat_read function.
Correction of the number of container or volume member devices (devcnt
in struct mdstat_ent). The number after the last devices was counted
towards member of devices.
Signed-off-by: Marcin Labun <marcin.labun@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
--test can be given in Manage mode.
This can be used when there is an attempt to fail or remove 'faulty',
'failed' or 'detached' devices, or to re-add 'missing' devices.
If no devices were failed, removed, or re-added, then mdadm will
exit with status '2'.
If the device name "missing" is given for --re-add, then mdadm will
attempt to find any device which should be a member of the array but
currently isn't and will --re-add it to the array.
This can be useful if a device disappeared due to a cabling problem,
and was then re-connected.
The appropriate sequence would be
mdadm /dev/mdX --fail detached
mdadm /dev/mdX --remove detached
mdadm /dev/mdX --re-add missing
Don't let incremental add devices to active arrays.
Adding devices to active arrays in --incremental is a bit dubious.
Normally the array won't be activated until all expected devices are
present, so this situation would mean that the given device is not
expected, so is probably failed. In that case it should only be added
by explicit sysadmin request.
However if --run was given, then quite possibly the array was
assembled earlier when not complete, so it is less clear whether it is
wrong to add this device or not. In that case add it as that is
generally safest.
It would be nice to allow policy for this to be explicitly given by
sysadmin.
Be moving 'load_super" before "conf_test_metadata" we left
tst->sb set even if conf_test_metadata fails, so the device will
actually be accepted and used.
So if we decide to reject the device, free the superblock so it is
clear that it is rejected.
Dan Williams [Fri, 2 Jul 2010 00:28:14 +0000 (17:28 -0700)]
mdmon: prevent allocations due to late binding
Current versions of glibc do not provide a useable interface to clone(2) as it
inflicts hidden dependencies on setting up a glibc specific tls
descriptor. The dynamic linker trips this dependency and causes mdmon
to intermittently fail to load. Resolving all dynamic linking prior to
starting the monitor thread appears to mitigate the issue but there is no
guarantee that another tls dependency will bite us later.
However, while the debate continues with the glibc maintainers it seems
prudent to keep this change. It ensures that we do not get into a
situation where the monitor thread needs to make a late allocation to
resolve a symbol.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
NeilBrown [Wed, 30 Jun 2010 07:20:38 +0000 (17:20 +1000)]
Avoid skipping devices where removing all faulty/detached devices.
When using 0.90 metadata, devices can be renumbered when
earlier devices are removed.
So when iterating all devices looking for 'failed' or 'detached'
devices, we need to re-check the same slot we checked last time
to see if maybe it has a different device now.
Reported-by: Jim Paris <jim@jtan.com>
Resolves-Debian-Bug: 587550 Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Wed, 30 Jun 2010 06:55:17 +0000 (16:55 +1000)]
Update udev rules for hotplug support.
- split the rules for handling components of array to be clearly
separate from rules for handling the arrays themselves.
- add call to "-If" when removing a device
- uncomment the --incremental call when adding a device.
NeilBrown [Wed, 30 Jun 2010 06:55:17 +0000 (16:55 +1000)]
Add mdstat_by_component
This allows finding the array which contains a given component.
Components are named using the kernel-internal string name such
as "sda1" or "hdb".
Don't return member arrays, only the contain that contains them.
Also tidy up the parsing of 'inactive' arrays in /proc/mdstat.
If we see 'inactive' we need to set 'in_devs' immediately as there
is no level coming.
NeilBrown [Wed, 30 Jun 2010 06:52:54 +0000 (16:52 +1000)]
Correct documentation for --rebuild-map
In some places it is referred to as "--rebuild", and while
that works due to getopt allowing prefixes, it could appear
confusing (rebuild means other things too) and being explicit
is some safeguard if we want to add e.g. --rebuild-foo later.
Dan Williams [Tue, 22 Jun 2010 23:30:59 +0000 (16:30 -0700)]
Rename subarray v2
Allow the name of the array stored in the metadata to be updated. In
some cases the metadata format may not be able to support this rename
without modifying the UUID. In these cases the request will be blocked.
Otherwise we allow the rename to take place, even for active arrays.
This assumes that the user understands the difference between the kernel
node name, the device node symlink name, and the metadata specific name.
Anticipating further need to modify subarrays in-place, introduce the
->update_subarray() superswitch method. A future potential use
case is setting storage pool (spare-group) identifiers.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dan Williams [Thu, 17 Jun 2010 00:26:04 +0000 (17:26 -0700)]
Always assume SKIP_GONE_DEVS behaviour and kill the flag
...i.e. GET_DEVS == (GET_DEVS|SKIP_GONE_DEVS)
A null pointer dereference in Incremental.c can be triggered by
replugging a disk while the old name is in use. When mdadm -I is called
on the new disk we fail the call to sysfs_read(). I audited all the
locations that use GET_DEVS and it appears they can tolerate missing a
drive. So just make SKIP_GONE_DEVS the default behaviour.
Also fix up remaining unchecked usages of the sysfs_read() return value.
Reported-by: Dave Jiang <dave.jiang@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dan Williams [Wed, 16 Jun 2010 01:41:57 +0000 (18:41 -0700)]
Remove 'checkpointing' side effect of --wait-clean
Now that mdmon records periodic checkpoints, and checkpoints every
->set_array_state() event we no longer need to 'idle' sync_action from
--wait-clean.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dan Williams [Wed, 16 Jun 2010 01:41:57 +0000 (18:41 -0700)]
mdmon: record sync_completed directly to the metadata
When sync_action is idle mdmon takes the latest value of md/resync_start
or md/<dev>/recovery_start to record the resync/rebuild checkpoint in
the metadata. However, now that mdmon is reading sync_completed there
is no longer a need to wait for, or force an idle event to take a
checkpoint.
Simply update the forward progress of ->last_checkpoint at every wakeup
event and force it to be recorded at least every 1/16th array-size
interval. It may be recorded more frequently if a ->set_array_state()
event occurs.
This also cleans up some confusion in handling the dual-rebuild case.
If more than one spare has been activated the kernel starts the rebuild
at the lowest recovery offset, so we do not need to worry about
min_recovery_start().
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dave Jiang [Wed, 16 Jun 2010 01:41:53 +0000 (18:41 -0700)]
create: Check with OROM limit before setting default chunk size
Make create check with the appropriate meta data handler and see what the
largest chunk size is supported. The current 512K default is not supported
by existing imsm OROM.
[dan.j.williams@intel.com: trim the upper limit to 512k for future oroms] Signed-off-by: Dave Jiang <dave.jiang@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dan Williams [Wed, 16 Jun 2010 00:55:41 +0000 (17:55 -0700)]
Kill subarray v2
Support for deleting a subarray out of a container. When all subarrays
are deleted the component devices are converted back into spares, a
--zero-superblock is still needed to kill the remaining metadata at this
point. This operation is blocked when the subarray is active and may
also be blocked by the metadata handler when deleting the subarray might
change the uuid of other active subarrays. For example, with imsm,
deleting subarray 'n' may change the uuid of subarrays with indexes > n.
Deleting a subarray needs to be a container wide event to ensure
disks that record the modified subarray list perceive other disks that
did not receive this change as out of date.
Notes:
The st->subarray parsing in super-intel.c and super-ddf.c is updated to
be more strict now that we are reading user supplied subarray values.
Offline container modification shares actions that mdmon typically
handles so promote is_container_member() and version_to_superswitch()
(formerly find_metadata_methods()) to generic utility functions for the
cases where mdadm performs the operation.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
martin f. krafft [Fri, 28 May 2010 12:12:41 +0000 (14:12 +0200)]
Compile-time switch to enable 0.9 metadata as default
This commit introduces DEFAULT_OLD_METADATA as a preprocessor
definition. If defined, it causes mdadm to assume metadata version 0.9
as default. If not defined, version 1.x (currently 1.2) is used as
default.
The man page mdadm.8 is also modified to reflect the chosen default.
The selftests will not work if the old default is chosen.
This patch was requested by Debian so they could distribute a current
mdadm together with boot loaders that only understand 0.90 metadata
for md-raid.
Preferred usage is simply
make DEFAULT_OLD_METADATA=yes
Signed-off-by: martin f. krafft <madduck@debian.org> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Mon, 31 May 2010 02:08:02 +0000 (12:08 +1000)]
Revert change to handling of -empty-string- metadata.
If the metadata is an empty string, it means the array in question
does not use metadata. This comes from sysfs_read finding "none" in
"metadata_version", then super_by_fd noticing the vers == -1, and so
just using the ->text_version (which is empty).
In this case we want to use the super0 metadata handler routines
because that is what we always used to do before
* commit '3288b419b988b20a53a2b12eb8e5f9f536228db4':
Revert "Incremental: honor --no-degraded to delay assembly"
Incremental: honor an 'enough' flag from external handlers
Dan Williams [Wed, 26 May 2010 20:33:43 +0000 (13:33 -0700)]
imsm: robustify recovery-start detection
update_recovery_start() assumed that the out-of-sync disk would always be
marked as IMSM_ORD_REBUILD in the disk_ord_tbl, but the segmentation
fault reported by Andy proves otherwise. This might also be explained by
an interrupted rebuild and the disk has not yet been marked missing.
Now that containers can report state for ->container_enough we can
automatically determine when the array can be started, and no longer
need the --no-degraded hammer.
Conflicts:
Incremental.c
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dan Williams [Wed, 26 May 2010 20:22:36 +0000 (13:22 -0700)]
Incremental: honor an 'enough' flag from external handlers
This is needed for imsm where:
1/ we want to report raid_disks as zero to allow mdadm -As to
incorporate all spares
2/ we can't determine stale disks by looking at the event counts.
3/ we can't see per-subarray expectations with the info returned from
the container level ->getinfo_super()
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
NeilBrown [Tue, 18 May 2010 02:31:29 +0000 (12:31 +1000)]
Monitor: don't report the disappearance of a faulty device as SpareActive.
Normally Monitor doesn't see faulty devices in active slots - they get
moved away too quickly.
But if it does, it reports the "faulty device disappeared" event (when
it finally does get moved away) as SpareActive due to insufficient
checking.
So add a better check.
Reported-by: Pierre Vignéras <pierre@vigneras.name>
Dan Williams [Sat, 15 May 2010 00:42:49 +0000 (17:42 -0700)]
mdmon: periodically checkpoint recovery
The kernel updates and notifies md/sync_completed when it is time to
take a checkpoint. When this occurs (at 1/16 array size intervals)
write 'idle' to md/sync_action to have the current recovery position
updated in recovery_start and resync_start.
Requires the metadata handler to reset ->last_checkpoint when it has
determined that recovery has ended.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dan Williams [Thu, 29 Apr 2010 17:50:29 +0000 (10:50 -0700)]
mdmon: fix missing open of md/<dev>/recovery_start
When activating a spare we neglect to open recovery_start and as such do
not see checkpoint events. Move disk initialization to common routine
to mitigate recurrence.
Reported-by: Adam Kwolek <adam.kwolek@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Chunks aren't particularly big, but when you could them in bytes
and multiply them together (as we do for calculating the backup
size for 'grow') they can overflow a 32bit int.
So group the division by 512 more closely with the
chunk size so were would need 30Meg chunks to come close to
overflowing 32bits.
IMSM/DDF: don't recognised these metadata on partitions.
These metadata are not expected on partitions, and they have
no way of differentiation whether which is correct if they
are found both on the device and on the last partition.
So if the device is a partition, refuse to read the metadata.
Dan Williams [Mon, 19 Apr 2010 05:28:07 +0000 (15:28 +1000)]
Create: cleanup after failed create in duplicated array member case
mdadm prevents creation when device names are duplicated on the command
line, but leaves the partially created array intact. Detect this case
in the error code from add_to_super() and cleanup the partially created
array. The imsm handler is updated to report this conflict in
add_to_super_imsm_volume().
Note that since neither mdmon, nor userspace for that matter, ever saw an
active array we only need to perform a subset of the cleanup actions.
So call ioctl(STOP_ARRAY) directly and arrange for Create() to cleanup
the map file rather than calling Manage_runstop().
Reported-by: Krzysztof Wojcik <krzysztof.wojcik@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Doug Ledford [Wed, 17 Mar 2010 03:00:11 +0000 (23:00 -0400)]
Create directory to contain mapfile (Assuming parent exists and
filesystem is writable).
This particularly keeps udev happy if VAR_RUN is set to /dev/md.
NeilBrown [Wed, 10 Mar 2010 04:55:47 +0000 (15:55 +1100)]
ddf/intel: zero out old metadata before creating a container.
Matching the functionality already in super0 and super1, when
we first create a container, remove any other recognisable metadata to
ensure it doesn't cause confusion.
NeilBrown [Wed, 10 Mar 2010 00:21:26 +0000 (11:21 +1100)]
Assemble: fix some recently introduced bugs.
Found during testing:
- cannot check metadata for homehost before loading metadata.
- As 1.x metadata can has a state 'rebuilding' between
'spare' and 'ok', we need to include that in our calculations.
NeilBrown [Wed, 3 Mar 2010 02:16:24 +0000 (13:16 +1100)]
Manage: fix regression on removing detached devices.
If /dev is static, a name may remain there after the
device has been detached from the system.
Using 'mdadm' to remove such a device from the array
should still work (even though "mdadm --remove detached"
might be preferred).
So when processing a device for '-r', don't insist on
being able to open the device.
NeilBrown [Sun, 28 Feb 2010 14:43:40 +0000 (15:43 +0100)]
mdmon: Check both RUN directories to find running mdmon
If mdmon is run without "--takeover", it should still
check both *_RUN directories for a valid 'pid' file
to guard against having two mdmons running at the same time.
NeilBrown [Wed, 24 Feb 2010 01:17:17 +0000 (12:17 +1100)]
Assemble: clean up properly if we cannot add the bitmap file.
If we find we cannot add the requested bitmap file when
assembling the array, then make sure to clean up properly
and don't leave a half-configured array.
NeilBrown [Wed, 24 Feb 2010 01:03:27 +0000 (12:03 +1100)]
Create: change default metadata type to 1.2
Change default - again, sorry.
v1.1 causes problems as the conflicts with a boot sector, whether on
the whole device or in a partition. I guess the rule is they you
aren't allowed to use the first sector in general.
v1.2 is mostly just as good and avoid boot-sector problems so default
to that instead.
NeilBrown [Wed, 24 Feb 2010 00:59:11 +0000 (11:59 +1100)]
Grow: be more relaxed about timestamp mismatches on backup file.
As backup file has a timestamp which is updated quite separately
from the metadata timestamp. They should be largely in-sync but
sometimes are not.
So be more generous in the check, and allow it to be over-ridden
by an environment variable.
NeilBrown [Wed, 24 Feb 2010 00:43:59 +0000 (11:43 +1100)]
Assemble: check inargv before complaining about stray arguments.
If --assemble is given a container and some other devices to assemble
an array from, it complains with an error because that doesn't make
sense.
However it currently also complains if the list of devices was extract
from the config file rather than being given on the command line.
That is not appropriate.
So add an '&& inargv' test to ensure that we are really complaining
about the right thing.
Signed-off-by: NeilBrown <neilb@suse.de> Acked-by: Dan Williams <dan.j.williams@intel.com>
NeilBrown [Wed, 24 Feb 2010 00:31:48 +0000 (11:31 +1100)]
super1: put bitmap on a 4K boundary when possible.
Some devices have 4K sector sizes. So try to align the bitmap
on a 4K boundary.
This isn't possible when hot-adding a bitmap, but will be once
we add support for configuring the bitmap via sysfs.
NeilBrown [Wed, 24 Feb 2010 00:16:41 +0000 (11:16 +1100)]
Assemble: Handle assembling from config file which is out of order.
Currently "mdadm -As" will process the entries in the config
file in order. If any array is a component or member of a preceding
array, that array will not be assembled.
So if there are any failures during assembly, retry those arrays,
and look until everything is assembled, or nothing more can
be assembled.
NeilBrown [Mon, 8 Feb 2010 03:30:46 +0000 (14:30 +1100)]
mdmon: insist on creating .pid file at startup.
Now that we don't "mdadm --takeover" until /var/run is writable
there is no need to continually try to create files in there.
So only create these files at startup and fail if they cannot be
made. This means that to start an array with externally managed
metadata, either /var/run or ALT_RUN (e.g. /lib/init/rw) must be
writable. To 'takeover' from a previous mdmon instance, /var/run
must be writable.
This means we don't need to worry about SIGHUP (which was once used to
tell us it was time to create .pid) and SIGALRM.
NeilBrown [Mon, 8 Feb 2010 03:12:46 +0000 (14:12 +1100)]
mdmon: don't monitor /proc/mounts to decide when to create .pid file.
Monitoring /proc/mounts and creating a .pid file as soon as /var/run
is writable is racy. Most distros clean all non-directories from
/var/run early in boot and if mdmon races with this it could
lose the files as soon as they are created.
Instead require that "mdmon --takeover" be run after /var is writable.
NeilBrown [Mon, 8 Feb 2010 03:08:13 +0000 (14:08 +1100)]
mdmon: remove switch-root functionality.
Using switch-root and then creating files in /var/run once
that location is writable is racing as most distro clean out
/var/run shortly after it is mounted.
This can cause the .pid and .sock files to be deleted shortly
after they are created.
This option doesn't seem to be used at all any, and the alternative
of communicating the pid etc in some preserved directory and then
restarting mdmon once all is settled seems simpler.
So remove the code for supporting switchroot and update man page
accordingly.