NeilBrown [Tue, 19 Nov 2013 23:49:14 +0000 (10:49 +1100)]
IMSM metadata really should be ignored when found on partitions.
commit b31df43682216d1c65813eae49ebdd8253db8907
changed load_super_imsm to not insist on finding a partition if
ignore_hw_compat was set.
Unfortunately this is set for '--assemble' so arrays could get
assembled badly.
The comment says this was to allow e.g. --examine of image files.
A better fixes for this is to change test_partitions to not report
a regular file as being a partition.
The errors from the BLKPG ioctl are:
ENOTTY : not a block device.
EINVAL : not a whole device (probably a partition)
ENXIO : partition doesn't exist (so not a partition)
Monitor: write meta data in readonly state, sometimes
This patch reverts 24a216bf:
"Monitor: Don't write metadata in inactive array state".
While it's true that writing meta data is usually not necessary
in readonly state, there is one important exception: if a
disk goes faulty, we want to record that, even if the array is
inactive.
We might as well just revert 24a216bf, because with the recently
submitted patch
"Monitor: don't set arrays dirty after transition to read-only"
those meta data writes that really annoying (for a clean, readonly,
healthy array during startup) are gone anyway.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
tests/10ddf-incremental-wrong-order: new unit test
This is a test simulating two temporary missing disks. These will
have less recent meta data than the other disks in the container.
When the array is reassembled, we expect mdadm to detect that
and react to it by using the meta data of the more recent disks
as reference.
This test FAILS with mdadm 3.3 for DDF.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
Monitor: don't set arrays dirty after transition to read-only
This patch reverts commit 4867e068. Setting arrays dirty after
transition from inactive to anything else causes unnecessary
meta data writes and may wreak trouble unnecessarily when
a disk was missing during assembly but the array was never
written to.
The reason for 4867e068 was a special situation during reshape
from RAID0 to RAID4. I ran all IMSM test cases with it reverted
and found no regressions, so I believe the reshape logic for
IMSM works fine in mdadm 3.3 also without this.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
Jes Sorensen [Thu, 10 Oct 2013 07:42:05 +0000 (09:42 +0200)]
Be consistent in return types from byteswap macros
The bswap_*() macros return int values. Make sure we return the
equivalent types in same byteorder pass-through functions to avoid
problems with the original type leaking through to printf() etc.
Michael Tokarev [Tue, 17 Sep 2013 16:20:40 +0000 (20:20 +0400)]
Remove bashism from Makefile
Makefile uses [ x == y ] construct which does not work
with POSIX shell. Since this is just testing a flag,
replace it with string comparison (=) operator instead.
Signed-off-By: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: NeilBrown <neilb@suse.de>
commit 3e32ba9d removed support for --offroot, and a9c15847 made
mdmon use @ in argv[0] only when started from initrd.
This breaks mdadm in OpenSUSE 12.3, which starts mdmon from the
root file system and relies on --offroot to work as documented earlier.
Reintroducing --offroot as an undocumented option, as its use is going to
go away soon anyway.
If this can't be applied, it should probably be included as distro-specific
patch if mdadm 3.3 is built for OpenSUSE 12.3. I haven't checked if the
patch is necesary for OpenSUSE Factory, too.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
config: set "auto_seen" after processing the auto line.
Otherwise when we process an empty autoline (to be sure to
capture the MDADM_CONF_AUTO environment variable) we can end up
setting everything to 'yes' which over-rides 'no'.
DDF: handle fake RAIDs with changing subarray UUIDs
Some fake RAID BIOSes (in particular, LSI ones) change the
VD GUID at every boot. These GUIDs are not suitable for
identifying an array. Luckily the header GUID appears to
remain constant.
We construct a pseudo-UUID from the header GUID and those
properties of the subarray that we expect to remain constant.
This is only array name and index; all else might change e.g.
during grow.
Don't do this for all non-MD arrays, only for those known
to use varying volume GUIDs.
This patch obsoletes my previous patch "DDF: new algorithm
for subarray UUID"
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
If a distribution allows the choice between using mdadm and
dmraid for DDF and IMSM to be made by some config file
(/etc/defaults/ /sys/sysconfig/ etc) which is queried by
/etc/init.d scripts, then the fact that mdadm implements this
choce through the config file is not very helpful.
So allow the "AUTO" line to be specified in part using MDADM_CONF_AUTO
in environment.
Config: multiple occurences of lines is not an error.
As we now support config directories it is helpful if
lines are allowed to occur multiple times with one
over-riding the other.
So stop giving warnings when later lines are ignored.
config: read /etc/mdadm.conf.d as well as /etc/mdadm.conf
If a configfile is explicitly given, just that file or directory
is read. Otherwise we now read both a file
/etc/mdadm.conf
and a directory
/etc/mdadm.conf.d
This allows a transition to directory based config, which in turn
allows easy control from scripts.
If config file is a directory, process each file within with a name
ending in ".conf" that doesn't start with ".".
Files are processed in lexical order.
Without this, array may not go clean and mdmon will then
not exit.
A safe_mode of '0' (which is the only one that is handled differently
by this patch) means "never switch to 'active_idle'". We don't want
that when mdmon is stopping.
Assemble: don't ever consider a 'spare' to be the 'most recent'.
If all devices have the same event count and the first one is a spare,
then that spare will be the 'most_recent'.
However then other devices will think the 'most_recent' has failed
(for v0.90 metadata) and will be rejected from the array.
So never consider a 'spare' to be 'most recent'.
Reported-by: Andreas Baer <synthetic.gods@gmail.com> Signed-off-by: NeilBrown <neilb@suse.de>
mwilck@arcor.de [Fri, 16 Aug 2013 18:21:58 +0000 (20:21 +0200)]
DDF: increase default value for safe_mode_delay to 4000ms
That is the same value that IMSM uses. The current default of 200ms
seems to have been copied from the native MD meta data. That value
appears to be much too low for DDF, given that writing the DDF meta
data means that easily several MB worth of data need to be written to
disk.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
mwilck@arcor.de [Fri, 16 Aug 2013 18:21:57 +0000 (20:21 +0200)]
DDF: container_content_ddf: set safe_mode_delay > 0
Set safe_mode_delay to something >0, otherwise all container subarrays
assembled will have safe_mode_delay=0. That will break the assumption that
meta data becomes clean after running mdadm --wait-clean.
Use the same value as in getinfo_super_ddf_bvd. It would be cleaner
to call that directly from container_content_ddf, but I need to check
possible side effects first.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
At this point 'di' and 'rv' both have the same value. gcc doesn't
realise that and a human reader might not either.
'rv' makes more sense too, so use that.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
mwilck@arcor.de [Tue, 6 Aug 2013 21:38:02 +0000 (23:38 +0200)]
DDF: ddf_open_new: check device status for new subarray
It is possible that mdadm creates a new subarray containing failed
devices. This may happen if a device has failed, but the meta data
containing that information hasn't been written out yet.
This code tests for this situation, and handles it in the monitor.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
mwilck@arcor.de [Tue, 6 Aug 2013 21:38:01 +0000 (23:38 +0200)]
tests/10ddf-fail-create-race: test handling of fail/create race
If a disk fails and simulaneously a new array is created, a race
condition may arise because the meta data on disk doesn't reflect
the disk failure yet. This is a test for that case.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Wed, 7 Aug 2013 06:59:26 +0000 (16:59 +1000)]
DDF: Write new conf entries with a single write.
The recent change to skip over invalid conf entries was bad because
it could leave garbage on the disk.
But we don't to write each entry separately as the writes a O_DIRECT
and so synchronous so it takes way too long.
So allocate a large buffer (probably the one used to read the config records)
and fill that then write it all at once.
Reported-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
mwilck@arcor.de [Mon, 5 Aug 2013 20:37:51 +0000 (22:37 +0200)]
test: allow LVM volumes or RAM disks as test devices
Allow other device types for testing; this allows to test on
a larger variety of devices.
Option --dev=[loop|lvm|ram] selects loop device (default), lvm,
and ram disk, respecively. To use RAM disks with DDF,
the kernel parameter ramdisk_size=65536 must be used.
For LVM, use --volgroup=<vg> to specify the name of the volume
group in which the test LVs will be created.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Mon, 5 Aug 2013 06:39:45 +0000 (16:39 +1000)]
Makefile: check that 'run' directory exists.
mdadm default to using /run/mdadm. However not all distros
provide /run yet. This can confuse people who build their own
mdadm.
So have "make" complain if the given directory doesn't exist.
This will make it harder to build an mdadm which doesn't work.
Reported-by: Albert Pauw <albert.pauw@gmail.com> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Mon, 5 Aug 2013 04:56:23 +0000 (14:56 +1000)]
DDF: fix removal of failed devices.
Commit c7079c84 arrange for DDF to forget about any device
that is failed and not still marked as part of any array.
However such devices could still be part of the container and this
removal and updating of 'pdnum' can result in multiple devices having
the same pdnum. This in turn easily leads to confusion and
corruption.
So only discard pd entries for devices which are failed, not listed in
any virtual device, and for which we don't have a handle on the
device.
pd entries will not get removed until a new device is added after
the device has been removed from the container, either by
"mdadm --remove" or by assembling without the failed devices.
Reported-by: Albert Pauw <albert.pauw@gmail.com> Analysed-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
NeilBrown [Mon, 5 Aug 2013 04:21:10 +0000 (14:21 +1000)]
DDF: fix writing metadata updates.
Recent commit 273989b93a3185c0e4d54f0d1bc404248a92d157
skipped writing some large blocks of 0xFF, but didn't seek
over the space, so subsequent data was written wrongly.
NeilBrown [Thu, 1 Aug 2013 05:59:24 +0000 (15:59 +1000)]
mdmon: don't lie to systemd.
Now that mdmon responds fairly well to SIGTERM, stop lying to
systemd about being started on the initrd.
Note that if mdmon is rerun (--takeover) for some reason, and systemd
chooses to kill processes before remounting / readonly, then the
unmount will hang.
If systemd ever lets us tell it that we don't want to be killed until
root is readonly, then we should do that.
NeilBrown [Thu, 1 Aug 2013 04:32:04 +0000 (14:32 +1000)]
Introduce devid2kname - slightly different to devid2devnm.
The purpose od devid2devnm is to return a kernel name of an
md device, whether that device is a whole device or a partition,
we want the whole device. md4, never md4p2.
In one place I was using devid2devnm where I really wanted the
partition if there was one ... and wasn't really interested in it
being an md device.
So introduce a new 'devid2kname' for that case.
NeilBrown [Thu, 1 Aug 2013 04:04:07 +0000 (14:04 +1000)]
Don't lie to systemd about mdadm's status.
Telling systemd that mdadm was started from the initrd
is often a lie and never necessary. Now that the reshape monitoring
thread handles SIGTERM gracefully it is OK for system to kill
and mdadm that it finds running.
mdmon still have a bit of a question mark over it so I won't remove
the '@' from there just yet.
NeilBrown [Thu, 1 Aug 2013 01:16:14 +0000 (11:16 +1000)]
Grow: exit background thread cleanly on SIGTERM.
If the mdadm thread that monitors a reshape gets SIGTERM it should
exit cleanly and clear the 'suspended' region of the array.
However it mustn't clear 'sync_max' as that would allow the
reshape to continue unmonitored.
If the thread ever does get killed, the array should really be
shutdown soon after if possible.
Martin Wilck [Tue, 30 Jul 2013 21:18:33 +0000 (23:18 +0200)]
mdmon: manage_member: fix race condition during slow meta data writes
In order to track kernel state changes, the monitor needs to
notice changes in sysfs. If the changes are transient, and the
monitor is busy writing meta data, it can happen that the changes
are missed. This will cause the meta data to be inconsistent with
the real state of the array.
I can reproduce this in a test scenario with a DDF container and
two subarrays, where I set a disk to "failed" and then add a global
hot-spare. On a typical MD test setup with loop devices, I can
reliably reproduce a failure where the metadata show degraded members
although the kernel finished the recovery successfully.
This patch fixes this problem by applying two changes. First, when
a metadata update is queued, wait until it is certain that the monitor
actually applied these meta data (the for loop is actually needed to
avoid failures completely in my test case). Second, after triggering the
recovery, set prev_state of the changed array to "recover", in case
the monitor misses the transient "recover" state.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
Martin Wilck [Tue, 30 Jul 2013 21:18:31 +0000 (23:18 +0200)]
mdmon: wait_and_act: fix debug message for SIGUSR1
Correctly print out wake reason if it was a signal. Previous code
would print misleading select events (pselect(2) man page says the
fdsets become undefined in case of error).
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
Martin Wilck [Tue, 30 Jul 2013 21:18:30 +0000 (23:18 +0200)]
monitor: read_and_act: log status when called
read_and_act() currently prints a debug message only very late.
Print the status seen by mdmon right away, to track mdmon's
actions more closely. Add a time stamp to observe long delays
between read_and_act calls, e.g. caused by meta data writes.
Signed-off-by: Martin Wilck <mwilck@arcor.de> Signed-off-by: NeilBrown <neilb@suse.de>
_avail_space1() is calls from both avail_space1() and validate_geometry1()
and does slightly different things.
The partial code sharing doesn't really help. In particularly the
responsibility for setting the size of the array is currently
confused.
So duplicate the code into the two locations - one where 'super' is
always NULL (validate_geometry1) and one where it is never NULL
(avail_space1), and simplify.
This call to validate_geometry is really rather gratuitous.
It is purely about the fact that super0 cannot use more than 4TB.
So just make it an explicit test - less confusing that way.
With this, validate_geometry is only called from Create, which
makes it easier to reason about.
Also validate_geometry is now never passed NULL for the 'chunk'
parameter, so we can remove those annoying tests for NULL.