NeilBrown [Mon, 22 Nov 2010 09:58:05 +0000 (20:58 +1100)]
Remove content from mddev_dev
Now that the next_member loop is much smaller it is easy to
just use 'content' rather than stashing it in 'tmpdev->content'.
So we can remove the 'content' field from 'struct mddev_dev'.
NeilBrown [Mon, 22 Nov 2010 09:24:35 +0000 (20:24 +1100)]
Use new container_content rather than passing subarray to load_super.
Now that we can ask container_content for a specific subarray,
we don't need to pass the subarray name to load_super, and have it
secretly modify the returned state.
NeilBrown [Mon, 22 Nov 2010 08:35:25 +0000 (19:35 +1100)]
mapinfo: simplify subarray handling.
We don't need ->container_dev here, and we will soon be passing
subarray as an explicit arg to load_super.
So simplify extraction of subarray and move the strcpy close to
->load_super.
NeilBrown [Mon, 22 Nov 2010 08:35:25 +0000 (19:35 +1100)]
Assemble - avoid including wayward devices.
If a device - typically in a mirrored set - is assembled independently
of the other devices, and then attempted to be brought back into the
set it could contain inconsistent data. It should not be included.
So detect this situation by ensuring that the 'most recent' device is
believed to be active by every other device. If a device is wayward,
it will only consider fellow wayward devices to be active and will
think all others are failed or missing.
This patch only fixes --assemble, not --incremental
NeilBrown [Mon, 22 Nov 2010 08:35:25 +0000 (19:35 +1100)]
Manage: be more careful about --add attempts.
If an --add is requested and a re-add looks promising but fails or
cannot possibly succeed, then don't try the add. This avoids
inadvertently turning devices into spares when an array is failed but
the devices seem to actually work.
If a device is bare and policy suggests that it can be used as a spare
for virtual 'partitions' array, find an appropriate partition table
and write it to the device.
Allow disk-policy to be computed given the path and
disk type explicitly. This can be used when hunting through
/dev/disk/by-path for something interesting.
First steps to supporting auto-spare-add to groups of partitioned devices.
Adding a spare to a group of partitioned devices is quite different
from adding one to an array. So detect which option is worth trying
based on policy and then try one or the other - or possibly both - as
appropriate.
NeilBrown [Thu, 19 Aug 2010 06:48:34 +0000 (16:48 +1000)]
Add mbr pseudo metadata handler.
To support incorpating a new bare device into a collection of arrays -
one partition each - mdadm needs a modest understanding of partition
tables.
The main needs to be able to recognise a partition table on one device
and copy it onto another.
This will be done using pseudo metadata types 'mbr' and 'gpt'.
NeilBrown [Mon, 23 Aug 2010 05:54:13 +0000 (15:54 +1000)]
Use action policy to keep recently-disconnected devices in the array.
When we find a device that was recently part of the array but is now
out of date (based on the event count) we might want to add it back in
(like --re-add) if the likely cause was a connection problem or we
might not if the likely cause was device failure.
So make this a policy issue: if action=re-add or better, try to re-add
any device that looks like it might be part of the array.
This applies:
when we assemble the array: old devices will be evicted by the
kernel and need to be re-added.
when we assemble the array during --incr for the same reason.
when we find a device that could be added to a running array.
This doesn't affect arrays with external metadata at all.
For such arrays:
When the container is assembled, the most recent instance of each
device is included without reference to whether it is too old or not.
Then the metadata handler must which slices of which devices to
include in which array and with what state. So the
->container_content should probably check the policy and compare the
sequence numbers/event counts.
When a device is added (--add) to a container with active arrays
we only add as a 'spare'. --re-add doesn't seem to be an option.
When a device is added with -I ->container_content gets another
chance to assess things again. So again it should check the policy.
This defines two distinct policies which apply to any disk (but not
partition) device reached through the pci device 0000:00:1f.2.
The policies are "action=ignore" which means certain actions will
ignore the device, and "domain=onboard" which means all such devices
as treated as being united under the name 'onboard'.
This patch just adds data structures and code to read and
manipulate them. Future patches will actually use them.
NeilBrown [Tue, 31 Aug 2010 05:21:40 +0000 (15:21 +1000)]
Don't remove md devices with standard names.
If udev is not in use, we create device in /dev when assembling
arrays and remove them when stopping the array.
However it may not always be correct to remove the device. If
the array was started with kernel auto-detect, them mdadm didn't
create anything and so shouldn't remove anything.
We don't record whether we created things, so just don't remove
anything with a 'standard' name. Only remove symlinks to the
standard name as we almost certainly created those.
NeilBrown [Sun, 29 Aug 2010 22:48:48 +0000 (08:48 +1000)]
Allow dev_open to work on read-only /dev
/dev could be read-only in which case we cannot make devices
there.
So dev_open should first try to use an existing device name,
and if that doesn't work try creating a node in /dev or /tmp.
Reported-by: Paweł Sikora <pluto@agmk.net> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Thu, 12 Aug 2010 01:41:41 +0000 (11:41 +1000)]
Allow --incremental to add spares to an array.
Commit 3a6ec29ad56 stopped us from adding apparently-working devices
to an active array with --incremental as there is a good chance that they
are actually old/failed devices.
Unfortunately it also stopped spares from being added to an active
array, which is wrong. This patch refines the test to be more
careful.
Reported-by: <fibreraid@gmail.com> Analysed-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Dan Williams [Mon, 9 Aug 2010 17:26:24 +0000 (10:26 -0700)]
Incremental: accept '--no-degraded' as a deprecated option
Commit 3288b419 (Revert "Incremental: honor --no-degraded to delay assembly")
killed the --no-degraded flag since commit 97b4d0e9 (Incremental: honor
an 'enough' flag from external handlers) made this the default behavior
of -I, and brought -I usage for external/container formats in line with
native metadata. However, this breaks existing usages of '-I
--no-degraded', so allow it as a deprecated option.
Starting a degraded container, like the native metadata case, requires -R.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Reported-by: Ignacy Kasperowicz <ignacy.kasperowicz@intel.com>
Dan Williams [Tue, 10 Aug 2010 15:44:45 +0000 (08:44 -0700)]
Incremental: return success in 'container not enough' case
Commit 97b4d0e9 "Incremental: honor an 'enough' flag from external
handlers" introduced a regression in that it changed the error return
code for successful invocations.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Reported-by: Ignacy Kasperowicz <ignacy.kasperowicz@intel.com>
NeilBrown [Fri, 6 Aug 2010 04:40:53 +0000 (14:40 +1000)]
Grow: use raid_disks, not nr_disks
nr_disks is just wrong here - the arrays need room for all disk slots,
even if some are empty, plus spares, plus a possible backup file.
So raid_disks is correct.
NeilBrown [Thu, 5 Aug 2010 01:44:26 +0000 (11:44 +1000)]
Fix test for imsm prodigal member scenario
The 'container_enough' changes fliped the default from assembling
an array as soon as we possibly could, to assembling only when all
expected devices are present.
This broken 09imsm-assemble which expects the original default.
So change from "-I" to "-IR" to restore the expected behaviour.
Switch from /lib/init/rw to /dev for early-boot files.
It turns out that /lib/init/rw doesn't exist in early boot
like I thought. So give up on that idea and just use
/dev/.mdadm/ for files that must persist from early-boot
to regular boot.
While we attempt to use a lockfile to grant exclusive access to the
mapfile, our implementation is buggy. Specifically, we create a lockfile,
then lock it, at which point new instances can open the lockfile and
attempt to lock it, which will cause them to block. However, when we are
ready to unlock it, we unlink the file. This causes existing lock waiters
to get a lock on an unlinked inode while a different instance may now
create a new lockfile and get an exclusive lock on it.
There are several possible fixes. The chosen one is to test if
->s_nlink is zero after we get the lock and to retry if it isn't.
This means:
- failing to unlink a file doesn't leave a stale lock
- we can block waiting to get a lock rather than busy-waiting
- we don't need to leave a lock file permanently in place.
The watch option to udev tells udev to watch our mdadm device file for
close events and on a close it rechecks the device. This means that if,
for example, we use mdadm to --grow the array from a 4 disk to 5 disk
array, when mdadm closes the array, udev will re-read the superblock and
update its internal database with the new information. This can also be
used to cause udev to create new device special files if, for example, a
partitioning program is used to modify the partition table on the actual
md device and that program does not call the syscall to reread the
partition table.
One: a single character typo (of instead of or in an error printout)
Two: Audited usage of tfd file descriptor. Make sure that the tfd file
is always closed after usage, and that the tfd variable is reset to -1
if we are going to continue in our loop (not necessary if we know we
will return from our function without going through the dv loop again).
Fix all the confusion over directories once and for all.
We now have 3 directory definitions: mdmon directory for its pid and
sock files (compile time define, not changable at run time), mdmonitor
directory which is for the mdadm monitor mode pid file (can only be
passed in via command line at the time mdadm is invoked in monitor mode),
and the directory for the mdadm incremental assembly map file (compile
time define, not changable at run time). Only the mdadm map file still
hunts multiple locations, and the number of locations has been reduced
to /var/run and the compile time specified location. Re-use of similar
sounding defines that actually didn't denote their actual usage at
compile time made it more difficult for a person to know what affect
changing the compile time defines would have on the resulting programs.
This patch renames the various defines to clearly identify which item
the define affects. It also reduces the number of various directories
which will be searched for these files as this has lead to confusion
in mdadm and mdmon in terms of which files should take precedence when
files exist in multiple locations, etc. It's best if the person
compiling the program intentionally and with planning selects the
right directories to be used for the various purposes. Which directory
is right depends on which items you are talking about and what boot
loader your system uses and what initramfs generation program your
system uses. Because of the inter-dependency of all these items it
would typically be up to the distribution that mdadm is being integrated
into to select the correct values for these defines.
This number isn't meaningful for RAID0 as a different amount of space
might be used from each device.
It isn't meaningful for linear either, but already was not reported
for linear.
Detail doesn't report it either.
So make --examine not report it.
Signed-off-by: NeilBrown <neilb@suse.de> Reported-by: Mario 'BitKoenig' Holbe <Mario.Holbe@TU-Ilmenau.DE>
When left-shifting we must be sure that the value being
shifted is large enough to not lose bits.
The 'chunkssize' in CreateBitmap is only 'long' so it
can overflow. So cast to 'long long' first.
Also fix a similar issue in Detail even though it isn't currently
being compiled.
Signed-off-by: NeilBrown <neilb@suse.de> Reported-by: Tomasz Chmielewski <mangoo@wpkg.org>
The 4K superblock can be as close as 64K from the end
of the device. As the bitmap (with header) lives after
the superblock (with 0.90 metadata) there could be as
little as 60K of space.
So limit the bitmaps to 59.5K, and only write 60K including
the header.
The bug fixed here means that bitmaps cannot be created
on devices which are exact multiples of 64K in size
Dan Williams [Tue, 6 Jul 2010 19:48:59 +0000 (12:48 -0700)]
imsm: fix a -O2 build warning
super-intel.c: In function ‘imsm_add_spare’:
super-intel.c:4833: error: ‘array_start’ may be used uninitialized in this function
super-intel.c:4834: error: ‘array_end’ may be used uninitialized in this function
This is valid, if we don't find a spare candidate then array_{start,end}
will be uninitialized.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Dan Williams [Tue, 6 Jul 2010 19:48:56 +0000 (12:48 -0700)]
mdmon: satisfy glibc tls abi requirements with pthreads
Setting up a proper tls descriptor is required to conform to the abi
[1]. Until it can be implemented in mdmon use pthreads instead of
clone(2) to let glibc handle the details. The old behaviour can be had
by un-defining USE_PTHREADS.
Note, the "O2" builds need LDFLAGS now to pick up the '-pthread' option.
[1]: http://people.redhat.com/drepper/tls.pdf
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Marcin Labun [Tue, 6 Jul 2010 07:49:37 +0000 (17:49 +1000)]
Fix the count of member devices in mdstat_read function.
Correction of the number of container or volume member devices (devcnt
in struct mdstat_ent). The number after the last devices was counted
towards member of devices.
Signed-off-by: Marcin Labun <marcin.labun@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
--test can be given in Manage mode.
This can be used when there is an attempt to fail or remove 'faulty',
'failed' or 'detached' devices, or to re-add 'missing' devices.
If no devices were failed, removed, or re-added, then mdadm will
exit with status '2'.
If the device name "missing" is given for --re-add, then mdadm will
attempt to find any device which should be a member of the array but
currently isn't and will --re-add it to the array.
This can be useful if a device disappeared due to a cabling problem,
and was then re-connected.
The appropriate sequence would be
mdadm /dev/mdX --fail detached
mdadm /dev/mdX --remove detached
mdadm /dev/mdX --re-add missing
Don't let incremental add devices to active arrays.
Adding devices to active arrays in --incremental is a bit dubious.
Normally the array won't be activated until all expected devices are
present, so this situation would mean that the given device is not
expected, so is probably failed. In that case it should only be added
by explicit sysadmin request.
However if --run was given, then quite possibly the array was
assembled earlier when not complete, so it is less clear whether it is
wrong to add this device or not. In that case add it as that is
generally safest.
It would be nice to allow policy for this to be explicitly given by
sysadmin.
Be moving 'load_super" before "conf_test_metadata" we left
tst->sb set even if conf_test_metadata fails, so the device will
actually be accepted and used.
So if we decide to reject the device, free the superblock so it is
clear that it is rejected.
Dan Williams [Fri, 2 Jul 2010 00:28:14 +0000 (17:28 -0700)]
mdmon: prevent allocations due to late binding
Current versions of glibc do not provide a useable interface to clone(2) as it
inflicts hidden dependencies on setting up a glibc specific tls
descriptor. The dynamic linker trips this dependency and causes mdmon
to intermittently fail to load. Resolving all dynamic linking prior to
starting the monitor thread appears to mitigate the issue but there is no
guarantee that another tls dependency will bite us later.
However, while the debate continues with the glibc maintainers it seems
prudent to keep this change. It ensures that we do not get into a
situation where the monitor thread needs to make a late allocation to
resolve a symbol.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>