2019-05-20 17:08:12 +00:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
2005-04-16 22:20:36 +00:00
|
|
|
/*
|
2011-09-21 05:37:46 +00:00
|
|
|
md.h : kernel internal structure of the Linux MD driver
|
2005-04-16 22:20:36 +00:00
|
|
|
Copyright (C) 1996-98 Ingo Molnar, Gadi Oxman
|
2014-09-30 04:23:59 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
|
|
|
|
2009-04-14 02:01:53 +00:00
|
|
|
#ifndef _MD_MD_H
|
|
|
|
#define _MD_MD_H
|
|
|
|
|
|
|
|
#include <linux/blkdev.h>
|
2015-05-22 21:13:32 +00:00
|
|
|
#include <linux/backing-dev.h>
|
2015-12-25 02:20:34 +00:00
|
|
|
#include <linux/badblocks.h>
|
2009-04-14 02:01:53 +00:00
|
|
|
#include <linux/kobject.h>
|
|
|
|
#include <linux/list.h>
|
|
|
|
#include <linux/mm.h>
|
|
|
|
#include <linux/mutex.h>
|
|
|
|
#include <linux/timer.h>
|
|
|
|
#include <linux/wait.h>
|
|
|
|
#include <linux/workqueue.h>
|
2014-03-29 15:01:53 +00:00
|
|
|
#include "md-cluster.h"
|
[PATCH] BLOCK: Make it possible to disable the block layer [try #6]
Make it possible to disable the block layer. Not all embedded devices require
it, some can make do with just JFFS2, NFS, ramfs, etc - none of which require
the block layer to be present.
This patch does the following:
(*) Introduces CONFIG_BLOCK to disable the block layer, buffering and blockdev
support.
(*) Adds dependencies on CONFIG_BLOCK to any configuration item that controls
an item that uses the block layer. This includes:
(*) Block I/O tracing.
(*) Disk partition code.
(*) All filesystems that are block based, eg: Ext3, ReiserFS, ISOFS.
(*) The SCSI layer. As far as I can tell, even SCSI chardevs use the
block layer to do scheduling. Some drivers that use SCSI facilities -
such as USB storage - end up disabled indirectly from this.
(*) Various block-based device drivers, such as IDE and the old CDROM
drivers.
(*) MTD blockdev handling and FTL.
(*) JFFS - which uses set_bdev_super(), something it could avoid doing by
taking a leaf out of JFFS2's book.
(*) Makes most of the contents of linux/blkdev.h, linux/buffer_head.h and
linux/elevator.h contingent on CONFIG_BLOCK being set. sector_div() is,
however, still used in places, and so is still available.
(*) Also made contingent are the contents of linux/mpage.h, linux/genhd.h and
parts of linux/fs.h.
(*) Makes a number of files in fs/ contingent on CONFIG_BLOCK.
(*) Makes mm/bounce.c (bounce buffering) contingent on CONFIG_BLOCK.
(*) set_page_dirty() doesn't call __set_page_dirty_buffers() if CONFIG_BLOCK
is not enabled.
(*) fs/no-block.c is created to hold out-of-line stubs and things that are
required when CONFIG_BLOCK is not set:
(*) Default blockdev file operations (to give error ENODEV on opening).
(*) Makes some /proc changes:
(*) /proc/devices does not list any blockdevs.
(*) /proc/diskstats and /proc/partitions are contingent on CONFIG_BLOCK.
(*) Makes some compat ioctl handling contingent on CONFIG_BLOCK.
(*) If CONFIG_BLOCK is not defined, makes sys_quotactl() return -ENODEV if
given command other than Q_SYNC or if a special device is specified.
(*) In init/do_mounts.c, no reference is made to the blockdev routines if
CONFIG_BLOCK is not defined. This does not prohibit NFS roots or JFFS2.
(*) The bdflush, ioprio_set and ioprio_get syscalls can now be absent (return
error ENOSYS by way of cond_syscall if so).
(*) The seclvl_bd_claim() and seclvl_bd_release() security calls do nothing if
CONFIG_BLOCK is not set, since they can't then happen.
Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2006-09-30 18:45:40 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
#define MaxSector (~(sector_t)0)
|
|
|
|
|
2016-11-18 05:16:11 +00:00
|
|
|
/*
|
|
|
|
* These flags should really be called "NO_RETRY" rather than
|
|
|
|
* "FAILFAST" because they don't make any promise about time lapse,
|
|
|
|
* only about the number of retries, which will be zero.
|
|
|
|
* REQ_FAILFAST_DRIVER is not included because
|
|
|
|
* Commit: 4a27446f3e39 ("[SCSI] modify scsi to handle new fail fast flags.")
|
|
|
|
* seems to suggest that the errors it avoids retrying should usually
|
|
|
|
* be retried.
|
|
|
|
*/
|
|
|
|
#define MD_FAILFAST (REQ_FAILFAST_DEV | REQ_FAILFAST_TRANSPORT)
|
2019-12-23 09:49:00 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The struct embedded in rdev is used to serialize IO.
|
|
|
|
*/
|
|
|
|
struct serial_in_rdev {
|
|
|
|
struct rb_root_cached serial_rb;
|
|
|
|
spinlock_t serial_lock;
|
|
|
|
wait_queue_head_t serial_io_wait;
|
|
|
|
};
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/*
|
|
|
|
* MD's 'extended' device
|
|
|
|
*/
|
2011-10-11 05:45:26 +00:00
|
|
|
struct md_rdev {
|
2005-04-16 22:20:36 +00:00
|
|
|
struct list_head same_set; /* RAID devices within the same set */
|
|
|
|
|
2009-03-31 03:33:13 +00:00
|
|
|
sector_t sectors; /* Device size (in 512bytes sectors) */
|
2011-10-11 05:47:53 +00:00
|
|
|
struct mddev *mddev; /* RAID array if running */
|
2009-03-31 03:27:02 +00:00
|
|
|
int last_events; /* IO event timestamp */
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2011-01-13 22:14:34 +00:00
|
|
|
/*
|
|
|
|
* If meta_bdev is non-NULL, it means that a separate device is
|
|
|
|
* being used to store the metadata (superblock/bitmap) which
|
|
|
|
* would otherwise be contained on the same device as the data (bdev).
|
|
|
|
*/
|
|
|
|
struct block_device *meta_bdev;
|
2005-04-16 22:20:36 +00:00
|
|
|
struct block_device *bdev; /* block device handle */
|
|
|
|
|
2011-07-28 01:31:47 +00:00
|
|
|
struct page *sb_page, *bb_page;
|
2005-04-16 22:20:36 +00:00
|
|
|
int sb_loaded;
|
2006-06-26 07:27:57 +00:00
|
|
|
__u64 sb_events;
|
2005-04-16 22:20:36 +00:00
|
|
|
sector_t data_offset; /* start of data in array */
|
2012-05-20 23:27:00 +00:00
|
|
|
sector_t new_data_offset;/* only relevant while reshaping */
|
2014-09-30 04:23:59 +00:00
|
|
|
sector_t sb_start; /* offset of the super block (in 512byte sectors) */
|
2005-09-09 23:23:53 +00:00
|
|
|
int sb_size; /* bytes in the superblock */
|
2005-04-16 22:20:36 +00:00
|
|
|
int preferred_minor; /* autorun support */
|
|
|
|
|
2005-11-09 05:39:24 +00:00
|
|
|
struct kobject kobj;
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* A device can be in one of three states based on two flags:
|
|
|
|
* Not working: faulty==1 in_sync==0
|
|
|
|
* Fully working: faulty==0 in_sync==1
|
|
|
|
* Working, but not
|
|
|
|
* in sync with array
|
|
|
|
* faulty==0 in_sync==0
|
|
|
|
*
|
|
|
|
* It can never have faulty==1, in_sync==1
|
|
|
|
* This reduces the burden of testing multiple flags in many cases
|
|
|
|
*/
|
|
|
|
|
2011-12-22 23:17:51 +00:00
|
|
|
unsigned long flags; /* bit set of 'enum flag_bits' bits. */
|
2008-04-30 07:52:32 +00:00
|
|
|
wait_queue_head_t blocked_wait;
|
2005-09-09 23:23:45 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
int desc_nr; /* descriptor index in the superblock */
|
|
|
|
int raid_disk; /* role of device in array */
|
2010-06-15 08:36:03 +00:00
|
|
|
int new_raid_disk; /* role that the device will have in
|
|
|
|
* the array after a level-change completes.
|
|
|
|
*/
|
2005-06-22 00:17:25 +00:00
|
|
|
int saved_raid_disk; /* role that device used to have in the
|
|
|
|
* array and could again if we did a partial
|
|
|
|
* resync from the bitmap
|
|
|
|
*/
|
2015-08-13 21:31:56 +00:00
|
|
|
union {
|
|
|
|
sector_t recovery_offset;/* If this device has been partially
|
2006-06-26 07:27:40 +00:00
|
|
|
* recovered, this is where we were
|
|
|
|
* up to.
|
|
|
|
*/
|
2015-08-13 21:31:56 +00:00
|
|
|
sector_t journal_tail; /* If this device is a journal device,
|
|
|
|
* this is the journal tail (journal
|
|
|
|
* recovery start point)
|
|
|
|
*/
|
|
|
|
};
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
atomic_t nr_pending; /* number of pending requests.
|
|
|
|
* only maintained for arrays that
|
|
|
|
* support hot removal
|
|
|
|
*/
|
2005-11-09 05:39:31 +00:00
|
|
|
atomic_t read_errors; /* number of consecutive read errors that
|
|
|
|
* we have tried to ignore.
|
|
|
|
*/
|
2016-06-17 15:33:10 +00:00
|
|
|
time64_t last_read_error; /* monotonic time since our
|
2009-12-14 01:49:58 +00:00
|
|
|
* last read error
|
|
|
|
*/
|
2006-01-06 08:20:52 +00:00
|
|
|
atomic_t corrected_errors; /* number of corrected read errors,
|
|
|
|
* for reporting to userspace and storing
|
|
|
|
* in superblock.
|
|
|
|
*/
|
2019-06-19 09:30:46 +00:00
|
|
|
|
2019-12-23 09:49:00 +00:00
|
|
|
struct serial_in_rdev *serial; /* used for raid1 io serialization */
|
2019-06-19 09:30:46 +00:00
|
|
|
|
2007-04-05 02:08:18 +00:00
|
|
|
struct work_struct del_work; /* used for delayed sysfs removal */
|
2008-10-21 02:25:28 +00:00
|
|
|
|
2013-12-11 19:11:53 +00:00
|
|
|
struct kernfs_node *sysfs_state; /* handle for 'state'
|
2008-10-21 02:25:28 +00:00
|
|
|
* sysfs entry */
|
2020-07-14 23:10:26 +00:00
|
|
|
/* handle for 'unacknowledged_bad_blocks' sysfs dentry */
|
|
|
|
struct kernfs_node *sysfs_unack_badblocks;
|
|
|
|
/* handle for 'bad_blocks' sysfs dentry */
|
|
|
|
struct kernfs_node *sysfs_badblocks;
|
2015-12-25 02:20:34 +00:00
|
|
|
struct badblocks badblocks;
|
2017-03-09 08:59:57 +00:00
|
|
|
|
|
|
|
struct {
|
|
|
|
short offset; /* Offset from superblock to start of PPL.
|
|
|
|
* Not used by external metadata. */
|
|
|
|
unsigned int size; /* Size in sectors of the PPL space */
|
|
|
|
sector_t sector; /* First sector of the PPL space */
|
|
|
|
} ppl;
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
2011-12-22 23:17:51 +00:00
|
|
|
enum flag_bits {
|
|
|
|
Faulty, /* device is known to have a fault */
|
|
|
|
In_sync, /* device is in_sync with rest of array */
|
2013-12-11 23:13:33 +00:00
|
|
|
Bitmap_sync, /* ..actually, not quite In_sync. Need a
|
2017-07-04 03:20:30 +00:00
|
|
|
* bitmap-based recovery to get fully in sync.
|
|
|
|
* The bit is only meaningful before device
|
|
|
|
* has been passed to pers->hot_add_disk.
|
2013-12-11 23:13:33 +00:00
|
|
|
*/
|
2011-12-22 23:17:51 +00:00
|
|
|
WriteMostly, /* Avoid reading if at all possible */
|
|
|
|
AutoDetected, /* added by auto-detect */
|
|
|
|
Blocked, /* An error occurred but has not yet
|
|
|
|
* been acknowledged by the metadata
|
|
|
|
* handler, so don't allow writes
|
|
|
|
* until it is cleared */
|
|
|
|
WriteErrorSeen, /* A write error has been seen on this
|
|
|
|
* device
|
|
|
|
*/
|
|
|
|
FaultRecorded, /* Intermediate state for clearing
|
|
|
|
* Blocked. The Fault is/will-be
|
|
|
|
* recorded in the metadata, but that
|
|
|
|
* metadata hasn't been stored safely
|
|
|
|
* on disk yet.
|
|
|
|
*/
|
|
|
|
BlockedBadBlocks, /* A writer is blocked because they
|
|
|
|
* found an unacknowledged bad-block.
|
|
|
|
* This can safely be cleared at any
|
|
|
|
* time, and the writer will re-check.
|
|
|
|
* It may be set at any time, and at
|
|
|
|
* worst the writer will timeout and
|
|
|
|
* re-check. So setting it as
|
|
|
|
* accurately as possible is good, but
|
|
|
|
* not absolutely critical.
|
|
|
|
*/
|
|
|
|
WantReplacement, /* This device is a candidate to be
|
|
|
|
* hot-replaced, either because it has
|
|
|
|
* reported some faults, or because
|
|
|
|
* of explicit request.
|
|
|
|
*/
|
|
|
|
Replacement, /* This device is a replacement for
|
|
|
|
* a want_replacement device with same
|
|
|
|
* raid_disk number.
|
|
|
|
*/
|
2014-10-29 23:51:31 +00:00
|
|
|
Candidate, /* For clustered environments only:
|
|
|
|
* This device is seen locally but not
|
|
|
|
* by the whole cluster
|
|
|
|
*/
|
2015-08-13 21:31:55 +00:00
|
|
|
Journal, /* This device is used as journal for
|
|
|
|
* raid-5/6.
|
|
|
|
* Usually, this device should be faster
|
|
|
|
* than other devices in the array
|
|
|
|
*/
|
2015-12-20 23:50:59 +00:00
|
|
|
ClusterRemove,
|
2016-06-02 06:19:53 +00:00
|
|
|
RemoveSynchronized, /* synchronize_rcu() was called after
|
|
|
|
* this device was known to be faulty,
|
|
|
|
* so it is safe to remove without
|
|
|
|
* another synchronize_rcu() call.
|
|
|
|
*/
|
2016-10-21 14:26:57 +00:00
|
|
|
ExternalBbl, /* External metadata provides bad
|
|
|
|
* block management for a disk
|
|
|
|
*/
|
2016-11-18 05:16:11 +00:00
|
|
|
FailFast, /* Minimal retries should be attempted on
|
|
|
|
* this device, so use REQ_FAILFAST_DEV.
|
|
|
|
* Also don't try to repair failed reads.
|
|
|
|
* It is expects that no bad block log
|
|
|
|
* is present.
|
|
|
|
*/
|
2016-11-18 05:16:11 +00:00
|
|
|
LastDev, /* Seems to be the last working dev as
|
|
|
|
* it didn't fail, so don't use FailFast
|
|
|
|
* any more for metadata
|
|
|
|
*/
|
2019-12-23 09:48:53 +00:00
|
|
|
CollisionCheck, /*
|
|
|
|
* check if there is collision between raid1
|
|
|
|
* serial bios.
|
2019-06-19 09:30:46 +00:00
|
|
|
*/
|
2011-12-22 23:17:51 +00:00
|
|
|
};
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2011-10-11 05:45:26 +00:00
|
|
|
static inline int is_badblock(struct md_rdev *rdev, sector_t s, int sectors,
|
2011-07-28 01:31:46 +00:00
|
|
|
sector_t *first_bad, int *bad_sectors)
|
|
|
|
{
|
|
|
|
if (unlikely(rdev->badblocks.count)) {
|
2015-12-25 02:20:34 +00:00
|
|
|
int rv = badblocks_check(&rdev->badblocks, rdev->data_offset + s,
|
2011-07-28 01:31:46 +00:00
|
|
|
sectors,
|
|
|
|
first_bad, bad_sectors);
|
|
|
|
if (rv)
|
|
|
|
*first_bad -= rdev->data_offset;
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
2011-10-11 05:45:26 +00:00
|
|
|
extern int rdev_set_badblocks(struct md_rdev *rdev, sector_t s, int sectors,
|
2012-05-20 23:27:00 +00:00
|
|
|
int is_new);
|
|
|
|
extern int rdev_clear_badblocks(struct md_rdev *rdev, sector_t s, int sectors,
|
|
|
|
int is_new);
|
2014-03-29 15:20:02 +00:00
|
|
|
struct md_cluster_info;
|
|
|
|
|
2017-01-05 00:10:19 +00:00
|
|
|
/* change UNSUPPORTED_MDDEV_FLAGS for each array type if new flag is added */
|
2016-11-08 23:21:33 +00:00
|
|
|
enum mddev_flags {
|
|
|
|
MD_ARRAY_FIRST_USE, /* First use of array, needs initialization */
|
|
|
|
MD_CLOSING, /* If set, we are closing the array, do not open
|
|
|
|
* it then */
|
|
|
|
MD_JOURNAL_CLEAN, /* A raid with journal is already clean */
|
|
|
|
MD_HAS_JOURNAL, /* The raid array has journal feature set */
|
|
|
|
MD_CLUSTER_RESYNC_LOCKED, /* cluster raid only, which means node
|
|
|
|
* already took resync lock, need to
|
|
|
|
* release the lock */
|
2016-11-18 05:16:11 +00:00
|
|
|
MD_FAILFAST_SUPPORTED, /* Using MD_FAILFAST on metadata writes is
|
|
|
|
* supported as calls to md_error() will
|
|
|
|
* never cause the array to become failed.
|
|
|
|
*/
|
2017-03-09 08:59:57 +00:00
|
|
|
MD_HAS_PPL, /* The raid array has PPL feature set */
|
2017-08-16 15:13:45 +00:00
|
|
|
MD_HAS_MULTIPLE_PPLS, /* The raid array has multiple PPLs feature set */
|
2017-10-17 02:46:43 +00:00
|
|
|
MD_ALLOW_SB_UPDATE, /* md_check_recovery is allowed to update
|
|
|
|
* the metadata without taking reconfig_mutex.
|
|
|
|
*/
|
|
|
|
MD_UPDATING_SB, /* md_check_recovery is updating the metadata
|
|
|
|
* without explicitly holding reconfig_mutex.
|
|
|
|
*/
|
2019-08-20 00:21:09 +00:00
|
|
|
MD_NOT_READY, /* do_md_run() is active, so 'array_state'
|
|
|
|
* must not report that array is ready yet
|
|
|
|
*/
|
md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone
Currently md raid0/linear are not provided with any mechanism to validate
if an array member got removed or failed. The driver keeps sending BIOs
regardless of the state of array members, and kernel shows state 'clean'
in the 'array_state' sysfs attribute. This leads to the following
situation: if a raid0/linear array member is removed and the array is
mounted, some user writing to this array won't realize that errors are
happening unless they check dmesg or perform one fsync per written file.
Despite udev signaling the member device is gone, 'mdadm' cannot issue the
STOP_ARRAY ioctl successfully, given the array is mounted.
In other words, no -EIO is returned and writes (except direct ones) appear
normal. Meaning the user might think the wrote data is correctly stored in
the array, but instead garbage was written given that raid0 does stripping
(and so, it requires all its members to be working in order to not corrupt
data). For md/linear, writes to the available members will work fine, but
if the writes go to the missing member(s), it'll cause a file corruption
situation, whereas the portion of the writes to the missing devices aren't
written effectively.
This patch changes this behavior: we check if the block device's gendisk
is UP when submitting the BIO to the array member, and if it isn't, we flag
the md device as MD_BROKEN and fail subsequent I/Os to that device; a read
request to the array requiring data from a valid member is still completed.
While flagging the device as MD_BROKEN, we also show a rate-limited warning
in the kernel log.
A new array state 'broken' was added too: it mimics the state 'clean' in
every aspect, being useful only to distinguish if the array has some member
missing. We rely on the MD_BROKEN flag to put the array in the 'broken'
state. This state cannot be written in 'array_state' as it just shows
one or more members of the array are missing but acts like 'clean', it
wouldn't make sense to write it.
With this patch, the filesystem reacts much faster to the event of missing
array member: after some I/O errors, ext4 for instance aborts the journal
and prevents corruption. Without this change, we're able to keep writing
in the disk and after a machine reboot, e2fsck shows some severe fs errors
that demand fixing. This patch was tested in ext4 and xfs filesystems, and
requires a 'mdadm' counterpart to handle the 'broken' state.
Cc: Song Liu <songliubraving@fb.com>
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
2019-09-03 19:49:00 +00:00
|
|
|
MD_BROKEN, /* This is used in RAID-0/LINEAR only, to stop
|
|
|
|
* I/O in case an array member is gone/failed.
|
|
|
|
*/
|
2016-11-08 23:21:33 +00:00
|
|
|
};
|
2016-12-08 23:48:19 +00:00
|
|
|
|
|
|
|
enum mddev_sb_flags {
|
|
|
|
MD_SB_CHANGE_DEVS, /* Some device status has changed */
|
|
|
|
MD_SB_CHANGE_CLEAN, /* transition to or from 'clean' */
|
|
|
|
MD_SB_CHANGE_PENDING, /* switch from 'clean' to 'active' in progress */
|
|
|
|
MD_SB_NEED_REWRITE, /* metadata write needs to be repeated */
|
|
|
|
};
|
|
|
|
|
2019-12-23 09:48:53 +00:00
|
|
|
#define NR_SERIAL_INFOS 8
|
|
|
|
/* record current range of serialize IOs */
|
|
|
|
struct serial_info {
|
2019-12-23 09:49:00 +00:00
|
|
|
struct rb_node node;
|
|
|
|
sector_t start; /* start sector of rb node */
|
|
|
|
sector_t last; /* end sector of rb node */
|
|
|
|
sector_t _subtree_last; /* highest sector in subtree of rb node */
|
2019-06-19 09:30:46 +00:00
|
|
|
};
|
|
|
|
|
2011-10-11 05:47:53 +00:00
|
|
|
struct mddev {
|
2005-04-16 22:20:36 +00:00
|
|
|
void *private;
|
2011-10-11 05:49:58 +00:00
|
|
|
struct md_personality *pers;
|
2005-04-16 22:20:36 +00:00
|
|
|
dev_t unit;
|
|
|
|
int md_minor;
|
2013-08-27 06:28:23 +00:00
|
|
|
struct list_head disks;
|
2006-10-03 08:15:46 +00:00
|
|
|
unsigned long flags;
|
2016-12-08 23:48:19 +00:00
|
|
|
unsigned long sb_flags;
|
2006-10-03 08:15:46 +00:00
|
|
|
|
2009-03-31 03:39:39 +00:00
|
|
|
int suspended;
|
|
|
|
atomic_t active_io;
|
2005-04-16 22:20:36 +00:00
|
|
|
int ro;
|
2010-08-08 11:18:03 +00:00
|
|
|
int sysfs_active; /* set when sysfs deletes
|
|
|
|
* are happening, so run/
|
|
|
|
* takeover/stop are not safe
|
|
|
|
*/
|
2005-04-16 22:20:36 +00:00
|
|
|
struct gendisk *gendisk;
|
|
|
|
|
2005-11-09 05:39:23 +00:00
|
|
|
struct kobject kobj;
|
md: make devices disappear when they are no longer needed.
Currently md devices, once created, never disappear until the module
is unloaded. This is essentially because the gendisk holds a
reference to the mddev, and the mddev holds a reference to the
gendisk, this a circular reference.
If we drop the reference from mddev to gendisk, then we need to ensure
that the mddev is destroyed when the gendisk is destroyed. However it
is not possible to hook into the gendisk destruction process to enable
this.
So we drop the reference from the gendisk to the mddev and destroy the
gendisk when the mddev gets destroyed. However this has a
complication.
Between the call
__blkdev_get->get_gendisk->kobj_lookup->md_probe
and the call
__blkdev_get->md_open
there is no obvious way to hold a reference on the mddev any more, so
unless something is done, it will disappear and gendisk will be
destroyed prematurely.
Also, once we decide to destroy the mddev, there will be an unlockable
moment before the gendisk is unlinked (blk_unregister_region) during
which a new reference to the gendisk can be created. We need to
ensure that this reference can not be used. i.e. the ->open must
fail.
So:
1/ in md_probe we set a flag in the mddev (hold_active) which
indicates that the array should be treated as active, even
though there are no references, and no appearance of activity.
This is cleared by md_release when the device is closed if it
is no longer needed.
This ensures that the gendisk will survive between md_probe and
md_open.
2/ In md_open we check if the mddev we expect to open matches
the gendisk that we did open.
If there is a mismatch we return -ERESTARTSYS and modify
__blkdev_get to retry from the top in that case.
In the -ERESTARTSYS sys case we make sure to wait until
the old gendisk (that we succeeded in opening) is really gone so
we loop at most once.
Some udev configurations will always open an md device when it first
appears. If we allow an md device that was just created by an open
to disappear on an immediate close, then this can race with such udev
configurations and result in an infinite loop the device being opened
and closed, then re-open due to the 'ADD' even from the first open,
and then close and so on.
So we make sure an md device, once created by an open, remains active
at least until some md 'ioctl' has been made on it. This means that
all normal usage of md devices will allow them to disappear promptly
when not needed, but the worst that an incorrect usage will do it
cause an inactive md device to be left in existence (it can easily be
removed).
As an array can be stopped by writing to a sysfs attribute
echo clear > /sys/block/mdXXX/md/array_state
we need to use scheduled work for deleting the gendisk and other
kobjects. This allows us to wait for any pending gendisk deletion to
complete by simply calling flush_scheduled_work().
Signed-off-by: NeilBrown <neilb@suse.de>
2009-01-08 21:31:10 +00:00
|
|
|
int hold_active;
|
|
|
|
#define UNTIL_IOCTL 1
|
2009-01-08 21:31:10 +00:00
|
|
|
#define UNTIL_STOP 2
|
2005-11-09 05:39:23 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Superblock information */
|
|
|
|
int major_version,
|
|
|
|
minor_version,
|
|
|
|
patch_version;
|
|
|
|
int persistent;
|
2014-09-30 04:23:59 +00:00
|
|
|
int external; /* metadata is
|
2008-02-06 09:39:51 +00:00
|
|
|
* managed externally */
|
|
|
|
char metadata_type[17]; /* externally set*/
|
2020-12-14 17:08:48 +00:00
|
|
|
int chunk_sectors;
|
2015-12-20 23:51:01 +00:00
|
|
|
time64_t ctime, utime;
|
2005-04-16 22:20:36 +00:00
|
|
|
int level, layout;
|
2006-01-06 08:20:51 +00:00
|
|
|
char clevel[16];
|
2005-04-16 22:20:36 +00:00
|
|
|
int raid_disks;
|
|
|
|
int max_disks;
|
2014-09-30 04:23:59 +00:00
|
|
|
sector_t dev_sectors; /* used size of
|
2009-03-31 03:33:13 +00:00
|
|
|
* component devices */
|
2008-07-21 07:05:22 +00:00
|
|
|
sector_t array_sectors; /* exported array size */
|
2009-03-31 04:00:31 +00:00
|
|
|
int external_size; /* size managed
|
|
|
|
* externally */
|
2005-04-16 22:20:36 +00:00
|
|
|
__u64 events;
|
2010-05-17 23:28:43 +00:00
|
|
|
/* If the last 'event' was simply a clean->dirty transition, and
|
|
|
|
* we didn't write it to the spares, then it is safe and simple
|
|
|
|
* to just decrement the event count on a dirty->clean transition.
|
|
|
|
* So we record that possibility here.
|
|
|
|
*/
|
|
|
|
int can_decrease_events;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
char uuid[16];
|
|
|
|
|
2006-03-27 09:18:11 +00:00
|
|
|
/* If the array is being reshaped, we need to record the
|
|
|
|
* new shape and an indication of where we are up to.
|
|
|
|
* This is written to the superblock.
|
|
|
|
* If reshape_position is MaxSector, then no reshape is happening (yet).
|
|
|
|
*/
|
|
|
|
sector_t reshape_position;
|
2009-06-17 22:45:27 +00:00
|
|
|
int delta_disks, new_level, new_layout;
|
2020-12-14 17:08:48 +00:00
|
|
|
int new_chunk_sectors;
|
2012-05-20 23:27:00 +00:00
|
|
|
int reshape_backwards;
|
2006-03-27 09:18:11 +00:00
|
|
|
|
2011-10-11 05:48:23 +00:00
|
|
|
struct md_thread *thread; /* management thread */
|
|
|
|
struct md_thread *sync_thread; /* doing resync or reconstruct */
|
2013-06-25 06:23:59 +00:00
|
|
|
|
|
|
|
/* 'last_sync_action' is initialized to "none". It is set when a
|
|
|
|
* sync operation (i.e "data-check", "requested-resync", "resync",
|
|
|
|
* "recovery", or "reshape") is started. It holds this value even
|
|
|
|
* when the sync thread is "frozen" (interrupted) or "idle" (stopped
|
|
|
|
* or finished). It is overwritten when a new sync operation is begun.
|
|
|
|
*/
|
|
|
|
char *last_sync_action;
|
2006-07-10 11:44:16 +00:00
|
|
|
sector_t curr_resync; /* last block scheduled */
|
2009-03-31 03:33:13 +00:00
|
|
|
/* As resync requests can complete out of order, we cannot easily track
|
|
|
|
* how much resync has been completed. So we occasionally pause until
|
|
|
|
* everything completes, then set curr_resync_completed to curr_resync.
|
|
|
|
* As such it may be well behind the real resync mark, but it is a value
|
|
|
|
* we are certain of.
|
|
|
|
*/
|
|
|
|
sector_t curr_resync_completed;
|
2005-04-16 22:20:36 +00:00
|
|
|
unsigned long resync_mark; /* a recent timestamp */
|
|
|
|
sector_t resync_mark_cnt;/* blocks written at resync_mark */
|
2006-07-10 11:44:16 +00:00
|
|
|
sector_t curr_mark_cnt; /* blocks scheduled now */
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
sector_t resync_max_sectors; /* may be set by personality */
|
2005-11-09 05:39:26 +00:00
|
|
|
|
2012-10-11 03:17:59 +00:00
|
|
|
atomic64_t resync_mismatches; /* count of sectors where
|
2005-11-09 05:39:26 +00:00
|
|
|
* parity/replica mismatch found
|
|
|
|
*/
|
2006-03-27 09:18:14 +00:00
|
|
|
|
|
|
|
/* allow user-space to request suspension of IO to regions of the array */
|
|
|
|
sector_t suspend_lo;
|
|
|
|
sector_t suspend_hi;
|
2006-01-06 08:21:36 +00:00
|
|
|
/* if zero, use the system-wide default */
|
|
|
|
int sync_speed_min;
|
|
|
|
int sync_speed_max;
|
|
|
|
|
2008-05-23 20:04:38 +00:00
|
|
|
/* resync even though the same disks are shared among md-devices */
|
|
|
|
int parallel_resync;
|
|
|
|
|
2006-01-06 08:20:15 +00:00
|
|
|
int ok_start_degraded;
|
2006-06-26 07:27:40 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
unsigned long recovery;
|
2011-07-27 01:00:36 +00:00
|
|
|
/* If a RAID personality determines that recovery (of a particular
|
|
|
|
* device) will fail due to a read error on the source device, it
|
|
|
|
* takes a copy of this number and does not attempt recovery again
|
|
|
|
* until this number changes.
|
|
|
|
*/
|
|
|
|
int recovery_disabled;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
int in_sync; /* know to not need resync */
|
2009-08-10 02:50:52 +00:00
|
|
|
/* 'open_mutex' avoids races between 'md_open' and 'do_md_stop', so
|
|
|
|
* that we are never stopping an array while it is open.
|
|
|
|
* 'reconfig_mutex' protects all other reconfiguration.
|
|
|
|
* These locks are separate due to conflicting interactions
|
2021-05-25 06:12:56 +00:00
|
|
|
* with disk->open_mutex.
|
2009-08-10 02:50:52 +00:00
|
|
|
* Lock ordering is:
|
2021-05-25 06:12:56 +00:00
|
|
|
* reconfig_mutex -> disk->open_mutex
|
|
|
|
* disk->open_mutex -> open_mutex: e.g. __blkdev_get -> md_open
|
2009-08-10 02:50:52 +00:00
|
|
|
*/
|
|
|
|
struct mutex open_mutex;
|
2006-03-27 09:18:20 +00:00
|
|
|
struct mutex reconfig_mutex;
|
2008-07-21 07:05:25 +00:00
|
|
|
atomic_t active; /* general refcount */
|
|
|
|
atomic_t openers; /* number of active opens */
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2011-02-24 06:26:41 +00:00
|
|
|
int changed; /* True if we might need to
|
|
|
|
* reread partition info */
|
2005-04-16 22:20:36 +00:00
|
|
|
int degraded; /* whether md should consider
|
|
|
|
* adding a spare
|
|
|
|
*/
|
|
|
|
|
|
|
|
atomic_t recovery_active; /* blocks scheduled, but not written */
|
|
|
|
wait_queue_head_t recovery_wait;
|
|
|
|
sector_t recovery_cp;
|
2008-06-27 22:31:24 +00:00
|
|
|
sector_t resync_min; /* user requested sync
|
|
|
|
* starts here */
|
2008-02-06 09:39:52 +00:00
|
|
|
sector_t resync_max; /* resync should pause
|
|
|
|
* when it gets here */
|
2005-06-22 00:17:12 +00:00
|
|
|
|
2013-12-11 19:11:53 +00:00
|
|
|
struct kernfs_node *sysfs_state; /* handle for 'array_state'
|
2008-10-21 02:25:21 +00:00
|
|
|
* file in sysfs.
|
|
|
|
*/
|
2013-12-11 19:11:53 +00:00
|
|
|
struct kernfs_node *sysfs_action; /* handle for 'sync_action' */
|
2020-07-14 23:10:26 +00:00
|
|
|
struct kernfs_node *sysfs_completed; /*handle for 'sync_completed' */
|
|
|
|
struct kernfs_node *sysfs_degraded; /*handle for 'degraded' */
|
|
|
|
struct kernfs_node *sysfs_level; /*handle for 'level' */
|
2008-10-21 02:25:21 +00:00
|
|
|
|
md: make devices disappear when they are no longer needed.
Currently md devices, once created, never disappear until the module
is unloaded. This is essentially because the gendisk holds a
reference to the mddev, and the mddev holds a reference to the
gendisk, this a circular reference.
If we drop the reference from mddev to gendisk, then we need to ensure
that the mddev is destroyed when the gendisk is destroyed. However it
is not possible to hook into the gendisk destruction process to enable
this.
So we drop the reference from the gendisk to the mddev and destroy the
gendisk when the mddev gets destroyed. However this has a
complication.
Between the call
__blkdev_get->get_gendisk->kobj_lookup->md_probe
and the call
__blkdev_get->md_open
there is no obvious way to hold a reference on the mddev any more, so
unless something is done, it will disappear and gendisk will be
destroyed prematurely.
Also, once we decide to destroy the mddev, there will be an unlockable
moment before the gendisk is unlinked (blk_unregister_region) during
which a new reference to the gendisk can be created. We need to
ensure that this reference can not be used. i.e. the ->open must
fail.
So:
1/ in md_probe we set a flag in the mddev (hold_active) which
indicates that the array should be treated as active, even
though there are no references, and no appearance of activity.
This is cleared by md_release when the device is closed if it
is no longer needed.
This ensures that the gendisk will survive between md_probe and
md_open.
2/ In md_open we check if the mddev we expect to open matches
the gendisk that we did open.
If there is a mismatch we return -ERESTARTSYS and modify
__blkdev_get to retry from the top in that case.
In the -ERESTARTSYS sys case we make sure to wait until
the old gendisk (that we succeeded in opening) is really gone so
we loop at most once.
Some udev configurations will always open an md device when it first
appears. If we allow an md device that was just created by an open
to disappear on an immediate close, then this can race with such udev
configurations and result in an infinite loop the device being opened
and closed, then re-open due to the 'ADD' even from the first open,
and then close and so on.
So we make sure an md device, once created by an open, remains active
at least until some md 'ioctl' has been made on it. This means that
all normal usage of md devices will allow them to disappear promptly
when not needed, but the worst that an incorrect usage will do it
cause an inactive md device to be left in existence (it can easily be
removed).
As an array can be stopped by writing to a sysfs attribute
echo clear > /sys/block/mdXXX/md/array_state
we need to use scheduled work for deleting the gendisk and other
kobjects. This allows us to wait for any pending gendisk deletion to
complete by simply calling flush_scheduled_work().
Signed-off-by: NeilBrown <neilb@suse.de>
2009-01-08 21:31:10 +00:00
|
|
|
struct work_struct del_work; /* used for delayed sysfs removal */
|
|
|
|
|
2014-12-15 01:56:56 +00:00
|
|
|
/* "lock" protects:
|
|
|
|
* flush_bio transition from NULL to !NULL
|
|
|
|
* rdev superblocks, events
|
|
|
|
* clearing MD_CHANGE_*
|
|
|
|
* in_sync - and related safemode and MD_CHANGE changes
|
2014-12-15 01:56:58 +00:00
|
|
|
* pers (also protected by reconfig_mutex and pending IO).
|
2014-12-15 01:56:58 +00:00
|
|
|
* clearing ->bitmap
|
2014-12-15 01:57:00 +00:00
|
|
|
* clearing ->bitmap_info.file
|
2014-12-15 01:57:01 +00:00
|
|
|
* changing ->resync_{min,max}
|
|
|
|
* setting MD_RECOVERY_RUNNING (which interacts with resync_{min,max})
|
2014-12-15 01:56:56 +00:00
|
|
|
*/
|
|
|
|
spinlock_t lock;
|
2005-06-22 00:17:26 +00:00
|
|
|
wait_queue_head_t sb_wait; /* for waiting on superblock updates */
|
2005-06-22 00:17:28 +00:00
|
|
|
atomic_t pending_writes; /* number of active superblock writes */
|
2005-06-22 00:17:12 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
unsigned int safemode; /* if set, update "clean" superblock
|
|
|
|
* when no writes pending.
|
2014-09-30 04:23:59 +00:00
|
|
|
*/
|
2005-04-16 22:20:36 +00:00
|
|
|
unsigned int safemode_delay;
|
|
|
|
struct timer_list safemode_timer;
|
MD: use per-cpu counter for writes_pending
The 'writes_pending' counter is used to determine when the
array is stable so that it can be marked in the superblock
as "Clean". Consequently it needs to be updated frequently
but only checked for zero occasionally. Recent changes to
raid5 cause the count to be updated even more often - once
per 4K rather than once per bio. This provided
justification for making the updates more efficient.
So we replace the atomic counter a percpu-refcount.
This can be incremented and decremented cheaply most of the
time, and can be switched to "atomic" mode when more
precise counting is needed. As it is possible for multiple
threads to want a precise count, we introduce a
"sync_checker" counter to count the number of threads
in "set_in_sync()", and only switch the refcount back
to percpu mode when that is zero.
We need to be careful about races between set_in_sync()
setting ->in_sync to 1, and md_write_start() setting it
to zero. md_write_start() holds the rcu_read_lock()
while checking if the refcount is in percpu mode. If
it is, then we know a switch to 'atomic' will not happen until
after we call rcu_read_unlock(), in which case set_in_sync()
will see the elevated count, and not set in_sync to 1.
If it is not in percpu mode, we take the mddev->lock to
ensure proper synchronization.
It is no longer possible to quickly check if the count is zero, which
we previously did to update a timer or to schedule the md_thread.
So now we do these every time we decrement that counter, but make
sure they are fast.
mod_timer() already optimizes the case where the timeout value doesn't
actually change. We leverage that further by always rounding off the
jiffies to the timeout value. This may delay the marking of 'clean'
slightly, but ensure we only perform atomic operation here when absolutely
needed.
md_wakeup_thread() current always calls wake_up(), even if
THREAD_WAKEUP is already set. That too can be optimised to avoid
calls to wake_up().
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
2017-03-15 03:05:14 +00:00
|
|
|
struct percpu_ref writes_pending;
|
|
|
|
int sync_checkers; /* # of threads checking writes_pending */
|
2007-07-24 07:28:11 +00:00
|
|
|
struct request_queue *queue; /* for plugging ... */
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2014-09-30 04:23:59 +00:00
|
|
|
struct bitmap *bitmap; /* the bitmap for the device */
|
2009-12-14 01:49:52 +00:00
|
|
|
struct {
|
|
|
|
struct file *file; /* the bitmap file */
|
2009-12-14 01:49:54 +00:00
|
|
|
loff_t offset; /* offset from superblock of
|
2009-12-14 01:49:52 +00:00
|
|
|
* start of bitmap. May be
|
|
|
|
* negative, but not '0'
|
2009-12-14 01:49:54 +00:00
|
|
|
* For external metadata, offset
|
2014-09-30 04:23:59 +00:00
|
|
|
* from start of device.
|
2009-12-14 01:49:52 +00:00
|
|
|
*/
|
2012-05-22 03:55:07 +00:00
|
|
|
unsigned long space; /* space available at this offset */
|
2009-12-14 01:49:54 +00:00
|
|
|
loff_t default_offset; /* this is the offset to use when
|
2009-12-14 01:49:52 +00:00
|
|
|
* hot-adding a bitmap. It should
|
|
|
|
* eventually be settable by sysfs.
|
|
|
|
*/
|
2012-05-22 03:55:07 +00:00
|
|
|
unsigned long default_space; /* space available at
|
|
|
|
* default offset */
|
2009-12-14 01:49:52 +00:00
|
|
|
struct mutex mutex;
|
2009-12-14 01:49:53 +00:00
|
|
|
unsigned long chunksize;
|
2010-06-01 09:37:31 +00:00
|
|
|
unsigned long daemon_sleep; /* how many jiffies between updates? */
|
2009-12-14 01:49:53 +00:00
|
|
|
unsigned long max_write_behind; /* write-behind mode */
|
2009-12-14 01:49:56 +00:00
|
|
|
int external;
|
2014-03-29 15:20:02 +00:00
|
|
|
int nodes; /* Maximum number of nodes in the cluster */
|
2014-03-30 05:42:49 +00:00
|
|
|
char cluster_name[64]; /* Name of the cluster */
|
2009-12-14 01:49:52 +00:00
|
|
|
} bitmap_info;
|
2005-06-22 00:17:14 +00:00
|
|
|
|
2014-09-30 04:23:59 +00:00
|
|
|
atomic_t max_corr_read_errors; /* max read retries */
|
2005-04-16 22:20:36 +00:00
|
|
|
struct list_head all_mddevs;
|
2009-12-14 01:49:49 +00:00
|
|
|
|
2021-05-29 10:30:49 +00:00
|
|
|
const struct attribute_group *to_remove;
|
2010-06-01 09:37:29 +00:00
|
|
|
|
2018-05-20 22:25:52 +00:00
|
|
|
struct bio_set bio_set;
|
|
|
|
struct bio_set sync_set; /* for sync operations like
|
2017-06-20 23:12:21 +00:00
|
|
|
* metadata and bitmap writes
|
|
|
|
*/
|
2021-05-25 09:46:17 +00:00
|
|
|
struct bio_set io_acct_set; /* for raid0 and raid5 io accounting */
|
2010-10-26 07:31:13 +00:00
|
|
|
|
2019-03-29 17:46:16 +00:00
|
|
|
/* Generic flush handling.
|
|
|
|
* The last to finish preflush schedules a worker to submit
|
|
|
|
* the rest of the request (without the REQ_PREFLUSH flag).
|
|
|
|
*/
|
|
|
|
struct bio *flush_bio;
|
|
|
|
atomic_t flush_pending;
|
2020-11-11 05:16:56 +00:00
|
|
|
ktime_t start_flush, prev_flush_start; /* prev_flush_start is when the previous completed
|
|
|
|
* flush was started.
|
|
|
|
*/
|
2019-03-29 17:46:16 +00:00
|
|
|
struct work_struct flush_work;
|
2010-07-26 01:49:55 +00:00
|
|
|
struct work_struct event_work; /* used by dm to report failure event */
|
2019-12-23 09:48:53 +00:00
|
|
|
mempool_t *serial_info_pool;
|
2011-10-11 05:47:53 +00:00
|
|
|
void (*sync_super)(struct mddev *mddev, struct md_rdev *rdev);
|
2014-03-29 15:20:02 +00:00
|
|
|
struct md_cluster_info *cluster_info;
|
2015-12-20 23:51:00 +00:00
|
|
|
unsigned int good_device_nr; /* good device num within cluster raid */
|
md: use memalloc scope APIs in mddev_suspend()/mddev_resume()
In raid5.c:resize_chunk(), scribble_alloc() is called with GFP_NOIO
flag, then it is sent into kvmalloc_array() inside scribble_alloc().
The problem is kvmalloc_array() eventually calls kvmalloc_node() which
does not accept non GFP_KERNEL compatible flag like GFP_NOIO, then
kmalloc_node() is called indeed to allocate physically continuous
pages. When system memory is under heavy pressure, and the requesting
size is large, there is high probability that allocating continueous
pages will fail.
But simply using GFP_KERNEL flag to call kvmalloc_array() is also
progblematic. In the code path where scribble_alloc() is called, the
raid array is suspended, if kvmalloc_node() triggers memory reclaim I/Os
and such I/Os go back to the suspend raid array, deadlock will happen.
What is desired here is to allocate non-physically (a.k.a virtually)
continuous pages and avoid memory reclaim I/Os. Michal Hocko suggests
to use the mmealloc sceope APIs to restrict memory reclaim I/O in
allocating context, specifically to call memalloc_noio_save() when
suspend the raid array and to call memalloc_noio_restore() when
resume the raid array.
This patch adds the memalloc scope APIs in mddev_suspend() and
mddev_resume(), to restrict memory reclaim I/Os during the raid array
is suspended. The benifit of adding the memalloc scope API in the
unified entry point mddev_suspend()/mddev_resume() is, no matter which
md raid array type (personality), we are sure the deadlock by recursive
memory reclaim I/O won't happen on the suspending context.
Please notice that the memalloc scope APIs only take effect on the raid
array suspending context, if the memory allocation is from another new
created kthread after raid array suspended, the recursive memory reclaim
I/Os won't be restricted. The mddev_suspend()/mddev_resume() entries are
used for the critical section where the raid metadata is modifying,
creating a kthread to allocate memory inside the critical section is
queer and very probably being buggy.
Fixes: b330e6a49dc3 ("md: convert to kvmalloc")
Suggested-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Song Liu <songliubraving@fb.com>
2020-04-09 14:17:20 +00:00
|
|
|
unsigned int noio_flag; /* for memalloc scope API */
|
2018-02-02 22:13:19 +00:00
|
|
|
|
|
|
|
bool has_superblocks:1;
|
2019-07-24 09:09:19 +00:00
|
|
|
bool fail_last_dev:1;
|
2019-12-23 09:48:56 +00:00
|
|
|
bool serialize_policy:1;
|
2016-11-08 23:21:33 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
enum recovery_flags {
|
|
|
|
/*
|
|
|
|
* If neither SYNC or RESHAPE are set, then it is a recovery.
|
|
|
|
*/
|
|
|
|
MD_RECOVERY_RUNNING, /* a thread is running, or about to be started */
|
|
|
|
MD_RECOVERY_SYNC, /* actually doing a resync, not a recovery */
|
|
|
|
MD_RECOVERY_RECOVER, /* doing recovery, or need to try it. */
|
|
|
|
MD_RECOVERY_INTR, /* resync needs to be aborted for some reason */
|
|
|
|
MD_RECOVERY_DONE, /* thread is done and is waiting to be reaped */
|
|
|
|
MD_RECOVERY_NEEDED, /* we might need to start a resync/recover */
|
|
|
|
MD_RECOVERY_REQUESTED, /* user-space has requested a sync (used with SYNC) */
|
|
|
|
MD_RECOVERY_CHECK, /* user-space request for check-only, no repair */
|
|
|
|
MD_RECOVERY_RESHAPE, /* A reshape is happening */
|
|
|
|
MD_RECOVERY_FROZEN, /* User request to abort, and not restart, any action */
|
|
|
|
MD_RECOVERY_ERROR, /* sync-action interrupted because io-error */
|
2017-11-20 06:17:01 +00:00
|
|
|
MD_RECOVERY_WAIT, /* waiting for pers->start() to finish */
|
2018-07-02 08:26:25 +00:00
|
|
|
MD_RESYNCING_REMOTE, /* remote node is running resync thread */
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
2014-12-15 01:57:01 +00:00
|
|
|
static inline int __must_check mddev_lock(struct mddev *mddev)
|
|
|
|
{
|
|
|
|
return mutex_lock_interruptible(&mddev->reconfig_mutex);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Sometimes we need to take the lock in a situation where
|
|
|
|
* failure due to interrupts is not acceptable.
|
|
|
|
*/
|
|
|
|
static inline void mddev_lock_nointr(struct mddev *mddev)
|
|
|
|
{
|
|
|
|
mutex_lock(&mddev->reconfig_mutex);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline int mddev_trylock(struct mddev *mddev)
|
|
|
|
{
|
|
|
|
return mutex_trylock(&mddev->reconfig_mutex);
|
|
|
|
}
|
|
|
|
extern void mddev_unlock(struct mddev *mddev);
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors)
|
|
|
|
{
|
2020-09-03 05:40:59 +00:00
|
|
|
atomic_add(nr_sectors, &bdev->bd_disk->sync_io);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2017-08-23 17:10:32 +00:00
|
|
|
static inline void md_sync_acct_bio(struct bio *bio, unsigned long nr_sectors)
|
|
|
|
{
|
2021-01-24 10:02:34 +00:00
|
|
|
md_sync_acct(bio->bi_bdev, nr_sectors);
|
2017-08-23 17:10:32 +00:00
|
|
|
}
|
|
|
|
|
2011-10-11 05:49:58 +00:00
|
|
|
struct md_personality
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
char *name;
|
2006-01-06 08:20:36 +00:00
|
|
|
int level;
|
|
|
|
struct list_head list;
|
2005-04-16 22:20:36 +00:00
|
|
|
struct module *owner;
|
2019-09-16 17:15:14 +00:00
|
|
|
bool __must_check (*make_request)(struct mddev *mddev, struct bio *bio);
|
2017-11-20 06:17:01 +00:00
|
|
|
/*
|
|
|
|
* start up works that do NOT require md_thread. tasks that
|
|
|
|
* requires md_thread should go into start()
|
|
|
|
*/
|
2011-10-11 05:47:53 +00:00
|
|
|
int (*run)(struct mddev *mddev);
|
2017-11-20 06:17:01 +00:00
|
|
|
/* start up works that require md threads */
|
|
|
|
int (*start)(struct mddev *mddev);
|
2014-12-15 01:56:58 +00:00
|
|
|
void (*free)(struct mddev *mddev, void *priv);
|
2011-10-11 05:47:53 +00:00
|
|
|
void (*status)(struct seq_file *seq, struct mddev *mddev);
|
2005-04-16 22:20:36 +00:00
|
|
|
/* error_handler must set ->faulty and clear ->in_sync
|
2014-09-30 04:23:59 +00:00
|
|
|
* if appropriate, and should abort recovery if needed
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
2011-10-11 05:47:53 +00:00
|
|
|
void (*error_handler)(struct mddev *mddev, struct md_rdev *rdev);
|
|
|
|
int (*hot_add_disk) (struct mddev *mddev, struct md_rdev *rdev);
|
2011-12-22 23:17:51 +00:00
|
|
|
int (*hot_remove_disk) (struct mddev *mddev, struct md_rdev *rdev);
|
2011-10-11 05:47:53 +00:00
|
|
|
int (*spare_active) (struct mddev *mddev);
|
2015-02-19 05:04:40 +00:00
|
|
|
sector_t (*sync_request)(struct mddev *mddev, sector_t sector_nr, int *skipped);
|
2011-10-11 05:47:53 +00:00
|
|
|
int (*resize) (struct mddev *mddev, sector_t sectors);
|
|
|
|
sector_t (*size) (struct mddev *mddev, sector_t sectors, int raid_disks);
|
|
|
|
int (*check_reshape) (struct mddev *mddev);
|
|
|
|
int (*start_reshape) (struct mddev *mddev);
|
|
|
|
void (*finish_reshape) (struct mddev *mddev);
|
md-cluster/raid10: support add disk under grow mode
For clustered raid10 scenario, we need to let all the nodes
know about that a new disk is added to the array, and the
reshape caused by add new member just need to be happened in
one node, but other nodes should know about the change.
Since reshape means read data from somewhere (which is already
used by array) and write data to unused region. Obviously, it
is awful if one node is reading data from address while another
node is writing to the same address. Considering we have
implemented suspend writes in the resyncing area, so we can
just broadcast the reading address to other nodes to avoid the
trouble.
For master node, it would call reshape_request then update sb
during the reshape period. To avoid above trouble, we call
resync_info_update to send RESYNC message in reshape_request.
Then from slave node's view, it receives two type messages:
1. RESYNCING message
Slave node add the address (where master node reading data from)
to suspend list.
2. METADATA_UPDATED message
Once slave nodes know the reshaping is started in master node,
it is time to update reshape position and call start_reshape to
follow master node's step. After reshape is done, only reshape
position is need to be updated, so the majority task of reshaping
is happened on the master node.
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
2018-10-18 08:37:42 +00:00
|
|
|
void (*update_reshape_pos) (struct mddev *mddev);
|
2017-10-19 01:49:15 +00:00
|
|
|
/* quiesce suspends or resumes internal processing.
|
|
|
|
* 1 - stop new actions and wait for action io to complete
|
|
|
|
* 0 - return to normal behaviour
|
2005-09-09 23:23:45 +00:00
|
|
|
*/
|
2017-10-19 01:49:15 +00:00
|
|
|
void (*quiesce) (struct mddev *mddev, int quiesce);
|
2009-03-31 03:39:39 +00:00
|
|
|
/* takeover is used to transition an array from one
|
|
|
|
* personality to another. The new personality must be able
|
|
|
|
* to handle the data in the current layout.
|
|
|
|
* e.g. 2drive raid1 -> 2drive raid5
|
|
|
|
* ndrive raid5 -> degraded n+1drive raid6 with special layout
|
|
|
|
* If the takeover succeeds, a new 'private' structure is returned.
|
|
|
|
* This needs to be installed and then ->run used to activate the
|
|
|
|
* array.
|
|
|
|
*/
|
2011-10-11 05:47:53 +00:00
|
|
|
void *(*takeover) (struct mddev *mddev);
|
2017-03-09 09:00:03 +00:00
|
|
|
/* Changes the consistency policy of an active array. */
|
|
|
|
int (*change_consistency_policy)(struct mddev *mddev, const char *buf);
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
2005-11-09 05:39:30 +00:00
|
|
|
struct md_sysfs_entry {
|
|
|
|
struct attribute attr;
|
2011-10-11 05:47:53 +00:00
|
|
|
ssize_t (*show)(struct mddev *, char *);
|
|
|
|
ssize_t (*store)(struct mddev *, const char *, size_t);
|
2005-11-09 05:39:30 +00:00
|
|
|
};
|
2021-05-29 10:30:49 +00:00
|
|
|
extern const struct attribute_group md_bitmap_group;
|
2005-11-09 05:39:30 +00:00
|
|
|
|
2013-12-11 19:11:53 +00:00
|
|
|
static inline struct kernfs_node *sysfs_get_dirent_safe(struct kernfs_node *sd, char *name)
|
2010-06-01 09:37:23 +00:00
|
|
|
{
|
|
|
|
if (sd)
|
2013-09-12 03:19:13 +00:00
|
|
|
return sysfs_get_dirent(sd, name);
|
2010-06-01 09:37:23 +00:00
|
|
|
return sd;
|
|
|
|
}
|
2013-12-11 19:11:53 +00:00
|
|
|
static inline void sysfs_notify_dirent_safe(struct kernfs_node *sd)
|
2010-06-01 09:37:23 +00:00
|
|
|
{
|
|
|
|
if (sd)
|
|
|
|
sysfs_notify_dirent(sd);
|
|
|
|
}
|
|
|
|
|
2011-10-11 05:47:53 +00:00
|
|
|
static inline char * mdname (struct mddev * mddev)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
return mddev->gendisk ? mddev->gendisk->disk_name : "mdX";
|
|
|
|
}
|
|
|
|
|
2011-10-11 05:47:53 +00:00
|
|
|
static inline int sysfs_link_rdev(struct mddev *mddev, struct md_rdev *rdev)
|
2011-07-27 01:00:36 +00:00
|
|
|
{
|
|
|
|
char nm[20];
|
2015-12-18 04:19:16 +00:00
|
|
|
if (!test_bit(Replacement, &rdev->flags) &&
|
|
|
|
!test_bit(Journal, &rdev->flags) &&
|
|
|
|
mddev->kobj.sd) {
|
2011-12-22 23:17:51 +00:00
|
|
|
sprintf(nm, "rd%d", rdev->raid_disk);
|
|
|
|
return sysfs_create_link(&mddev->kobj, &rdev->kobj, nm);
|
|
|
|
} else
|
|
|
|
return 0;
|
2011-07-27 01:00:36 +00:00
|
|
|
}
|
|
|
|
|
2011-10-11 05:47:53 +00:00
|
|
|
static inline void sysfs_unlink_rdev(struct mddev *mddev, struct md_rdev *rdev)
|
2011-07-27 01:00:36 +00:00
|
|
|
{
|
|
|
|
char nm[20];
|
2015-12-18 04:19:16 +00:00
|
|
|
if (!test_bit(Replacement, &rdev->flags) &&
|
|
|
|
!test_bit(Journal, &rdev->flags) &&
|
|
|
|
mddev->kobj.sd) {
|
2011-12-22 23:17:51 +00:00
|
|
|
sprintf(nm, "rd%d", rdev->raid_disk);
|
|
|
|
sysfs_remove_link(&mddev->kobj, nm);
|
|
|
|
}
|
2011-07-27 01:00:36 +00:00
|
|
|
}
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/*
|
|
|
|
* iterates through some rdev ringlist. It's safe to remove the
|
|
|
|
* current 'rdev'. Dont touch 'tmp' though.
|
|
|
|
*/
|
2009-01-08 21:31:08 +00:00
|
|
|
#define rdev_for_each_list(rdev, tmp, head) \
|
|
|
|
list_for_each_entry_safe(rdev, tmp, head, same_set)
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/*
|
|
|
|
* iterates through the 'same array disks' ringlist
|
|
|
|
*/
|
2012-03-19 01:46:39 +00:00
|
|
|
#define rdev_for_each(rdev, mddev) \
|
|
|
|
list_for_each_entry(rdev, &((mddev)->disks), same_set)
|
|
|
|
|
|
|
|
#define rdev_for_each_safe(rdev, tmp, mddev) \
|
2009-01-08 21:31:08 +00:00
|
|
|
list_for_each_entry_safe(rdev, tmp, &((mddev)->disks), same_set)
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2008-07-21 07:05:25 +00:00
|
|
|
#define rdev_for_each_rcu(rdev, mddev) \
|
|
|
|
list_for_each_entry_rcu(rdev, &((mddev)->disks), same_set)
|
|
|
|
|
2011-10-11 05:48:23 +00:00
|
|
|
struct md_thread {
|
2012-10-11 02:34:00 +00:00
|
|
|
void (*run) (struct md_thread *thread);
|
2011-10-11 05:47:53 +00:00
|
|
|
struct mddev *mddev;
|
2005-04-16 22:20:36 +00:00
|
|
|
wait_queue_head_t wqueue;
|
2014-09-30 04:23:59 +00:00
|
|
|
unsigned long flags;
|
2005-04-16 22:20:36 +00:00
|
|
|
struct task_struct *tsk;
|
2005-06-22 00:17:14 +00:00
|
|
|
unsigned long timeout;
|
2012-10-11 02:34:00 +00:00
|
|
|
void *private;
|
2011-10-11 05:48:23 +00:00
|
|
|
};
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2021-05-25 09:46:17 +00:00
|
|
|
struct md_io_acct {
|
|
|
|
struct bio *orig_bio;
|
|
|
|
unsigned long start_time;
|
|
|
|
struct bio bio_clone;
|
|
|
|
};
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
#define THREAD_WAKEUP 0
|
|
|
|
|
2006-01-06 08:20:40 +00:00
|
|
|
static inline void safe_put_page(struct page *p)
|
|
|
|
{
|
|
|
|
if (p) put_page(p);
|
|
|
|
}
|
|
|
|
|
2011-10-11 05:49:58 +00:00
|
|
|
extern int register_md_personality(struct md_personality *p);
|
|
|
|
extern int unregister_md_personality(struct md_personality *p);
|
2014-03-29 15:01:53 +00:00
|
|
|
extern int register_md_cluster_operations(struct md_cluster_operations *ops,
|
|
|
|
struct module *module);
|
|
|
|
extern int unregister_md_cluster_operations(void);
|
|
|
|
extern int md_setup_cluster(struct mddev *mddev, int nodes);
|
|
|
|
extern void md_cluster_stop(struct mddev *mddev);
|
2011-10-11 05:48:23 +00:00
|
|
|
extern struct md_thread *md_register_thread(
|
2012-10-11 02:34:00 +00:00
|
|
|
void (*run)(struct md_thread *thread),
|
2011-10-11 05:48:23 +00:00
|
|
|
struct mddev *mddev,
|
|
|
|
const char *name);
|
|
|
|
extern void md_unregister_thread(struct md_thread **threadp);
|
|
|
|
extern void md_wakeup_thread(struct md_thread *thread);
|
2011-10-11 05:47:53 +00:00
|
|
|
extern void md_check_recovery(struct mddev *mddev);
|
2013-04-24 01:42:43 +00:00
|
|
|
extern void md_reap_sync_thread(struct mddev *mddev);
|
2017-06-05 06:05:13 +00:00
|
|
|
extern int mddev_init_writes_pending(struct mddev *mddev);
|
2017-06-05 06:49:39 +00:00
|
|
|
extern bool md_write_start(struct mddev *mddev, struct bio *bi);
|
md/raid5: use md_write_start to count stripes, not bios
We use md_write_start() to increase the count of pending writes, and
md_write_end() to decrement the count. We currently count bios
submitted to md/raid5. Change it count stripe_heads that a WRITE bio
has been attached to.
So now, raid5_make_request() calls md_write_start() and then
md_write_end() to keep the count elevated during the setup of the
request.
add_stripe_bio() calls md_write_start() for each stripe_head, and the
completion routines always call md_write_end(), instead of only
calling it when raid5_dec_bi_active_stripes() returns 0.
make_discard_request also calls md_write_start/end().
The parallel between md_write_{start,end} and use of bi_phys_segments
can be seen in that:
Whenever we set bi_phys_segments to 1, we now call md_write_start.
Whenever we increment it on non-read requests with
raid5_inc_bi_active_stripes(), we now call md_write_start().
Whenever we decrement bi_phys_segments on non-read requsts with
raid5_dec_bi_active_stripes(), we now call md_write_end().
This reduces our dependence on keeping a per-bio count of active
stripes in bi_phys_segments.
md_write_inc() is added which parallels md_write_start(), but requires
that a write has already been started, and is certain never to sleep.
This can be used inside a spinlocked region when adding to a write
request.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
2017-03-15 03:05:12 +00:00
|
|
|
extern void md_write_inc(struct mddev *mddev, struct bio *bi);
|
2011-10-11 05:47:53 +00:00
|
|
|
extern void md_write_end(struct mddev *mddev);
|
|
|
|
extern void md_done_sync(struct mddev *mddev, int blocks, int ok);
|
|
|
|
extern void md_error(struct mddev *mddev, struct md_rdev *rdev);
|
2012-05-20 23:27:00 +00:00
|
|
|
extern void md_finish_reshape(struct mddev *mddev);
|
2021-02-04 07:50:43 +00:00
|
|
|
void md_submit_discard_bio(struct mddev *mddev, struct md_rdev *rdev,
|
|
|
|
struct bio *bio, sector_t start, sector_t size);
|
2021-12-10 09:31:15 +00:00
|
|
|
int acct_bioset_init(struct mddev *mddev);
|
|
|
|
void acct_bioset_exit(struct mddev *mddev);
|
2021-05-25 09:46:17 +00:00
|
|
|
void md_account_bio(struct mddev *mddev, struct bio **bio);
|
2011-10-11 05:47:53 +00:00
|
|
|
|
2019-09-16 17:15:14 +00:00
|
|
|
extern bool __must_check md_flush_request(struct mddev *mddev, struct bio *bio);
|
2011-10-11 05:47:53 +00:00
|
|
|
extern void md_super_write(struct mddev *mddev, struct md_rdev *rdev,
|
2009-03-31 03:33:13 +00:00
|
|
|
sector_t sector, int size, struct page *page);
|
2016-11-18 05:16:11 +00:00
|
|
|
extern int md_super_wait(struct mddev *mddev);
|
2014-09-30 04:23:59 +00:00
|
|
|
extern int sync_page_io(struct md_rdev *rdev, sector_t sector, int size,
|
2016-06-05 19:32:07 +00:00
|
|
|
struct page *page, int op, int op_flags,
|
|
|
|
bool metadata_op);
|
2012-10-11 02:34:00 +00:00
|
|
|
extern void md_do_sync(struct md_thread *thread);
|
2021-10-04 15:34:53 +00:00
|
|
|
extern void md_new_event(void);
|
2017-05-08 09:56:55 +00:00
|
|
|
extern void md_allow_write(struct mddev *mddev);
|
2011-10-11 05:47:53 +00:00
|
|
|
extern void md_wait_for_blocked_rdev(struct md_rdev *rdev, struct mddev *mddev);
|
|
|
|
extern void md_set_array_sectors(struct mddev *mddev, sector_t array_sectors);
|
|
|
|
extern int md_check_no_bitmap(struct mddev *mddev);
|
|
|
|
extern int md_integrity_register(struct mddev *mddev);
|
2016-01-14 00:00:07 +00:00
|
|
|
extern int md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev);
|
2009-12-14 01:49:55 +00:00
|
|
|
extern int strict_strtoul_scaled(const char *cp, unsigned long *res, int scale);
|
2009-04-14 02:01:53 +00:00
|
|
|
|
2011-10-11 05:47:53 +00:00
|
|
|
extern void mddev_init(struct mddev *mddev);
|
|
|
|
extern int md_run(struct mddev *mddev);
|
2017-11-20 06:17:01 +00:00
|
|
|
extern int md_start(struct mddev *mddev);
|
2011-10-11 05:47:53 +00:00
|
|
|
extern void md_stop(struct mddev *mddev);
|
|
|
|
extern void md_stop_writes(struct mddev *mddev);
|
2011-10-11 05:45:26 +00:00
|
|
|
extern int md_rdev_init(struct md_rdev *rdev);
|
2012-05-22 03:54:30 +00:00
|
|
|
extern void md_rdev_clear(struct md_rdev *rdev);
|
2009-04-14 02:01:53 +00:00
|
|
|
|
2017-09-21 17:23:35 +00:00
|
|
|
extern void md_handle_request(struct mddev *mddev, struct bio *bio);
|
2011-10-11 05:47:53 +00:00
|
|
|
extern void mddev_suspend(struct mddev *mddev);
|
|
|
|
extern void mddev_resume(struct mddev *mddev);
|
2012-07-31 07:08:14 +00:00
|
|
|
|
2015-08-21 15:33:39 +00:00
|
|
|
extern void md_reload_sb(struct mddev *mddev, int raid_disk);
|
2014-10-29 23:51:31 +00:00
|
|
|
extern void md_update_sb(struct mddev *mddev, int force);
|
2015-04-14 15:43:24 +00:00
|
|
|
extern void md_kick_rdev_from_array(struct md_rdev * rdev);
|
2019-12-23 09:48:53 +00:00
|
|
|
extern void mddev_create_serial_pool(struct mddev *mddev, struct md_rdev *rdev,
|
2019-12-23 09:48:55 +00:00
|
|
|
bool is_suspend);
|
2019-12-23 09:49:00 +00:00
|
|
|
extern void mddev_destroy_serial_pool(struct mddev *mddev, struct md_rdev *rdev,
|
|
|
|
bool is_suspend);
|
2015-04-14 15:43:55 +00:00
|
|
|
struct md_rdev *md_find_rdev_nr_rcu(struct mddev *mddev, int nr);
|
2017-12-27 09:31:40 +00:00
|
|
|
struct md_rdev *md_find_rdev_rcu(struct mddev *mddev, dev_t dev);
|
2012-07-26 09:12:18 +00:00
|
|
|
|
md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone
Currently md raid0/linear are not provided with any mechanism to validate
if an array member got removed or failed. The driver keeps sending BIOs
regardless of the state of array members, and kernel shows state 'clean'
in the 'array_state' sysfs attribute. This leads to the following
situation: if a raid0/linear array member is removed and the array is
mounted, some user writing to this array won't realize that errors are
happening unless they check dmesg or perform one fsync per written file.
Despite udev signaling the member device is gone, 'mdadm' cannot issue the
STOP_ARRAY ioctl successfully, given the array is mounted.
In other words, no -EIO is returned and writes (except direct ones) appear
normal. Meaning the user might think the wrote data is correctly stored in
the array, but instead garbage was written given that raid0 does stripping
(and so, it requires all its members to be working in order to not corrupt
data). For md/linear, writes to the available members will work fine, but
if the writes go to the missing member(s), it'll cause a file corruption
situation, whereas the portion of the writes to the missing devices aren't
written effectively.
This patch changes this behavior: we check if the block device's gendisk
is UP when submitting the BIO to the array member, and if it isn't, we flag
the md device as MD_BROKEN and fail subsequent I/Os to that device; a read
request to the array requiring data from a valid member is still completed.
While flagging the device as MD_BROKEN, we also show a rate-limited warning
in the kernel log.
A new array state 'broken' was added too: it mimics the state 'clean' in
every aspect, being useful only to distinguish if the array has some member
missing. We rely on the MD_BROKEN flag to put the array in the 'broken'
state. This state cannot be written in 'array_state' as it just shows
one or more members of the array are missing but acts like 'clean', it
wouldn't make sense to write it.
With this patch, the filesystem reacts much faster to the event of missing
array member: after some I/O errors, ext4 for instance aborts the journal
and prevents corruption. Without this change, we're able to keep writing
in the disk and after a machine reboot, e2fsck shows some severe fs errors
that demand fixing. This patch was tested in ext4 and xfs filesystems, and
requires a 'mdadm' counterpart to handle the 'broken' state.
Cc: Song Liu <songliubraving@fb.com>
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
2019-09-03 19:49:00 +00:00
|
|
|
static inline bool is_mddev_broken(struct md_rdev *rdev, const char *md_type)
|
|
|
|
{
|
2021-08-09 06:40:28 +00:00
|
|
|
if (!disk_live(rdev->bdev->bd_disk)) {
|
md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone
Currently md raid0/linear are not provided with any mechanism to validate
if an array member got removed or failed. The driver keeps sending BIOs
regardless of the state of array members, and kernel shows state 'clean'
in the 'array_state' sysfs attribute. This leads to the following
situation: if a raid0/linear array member is removed and the array is
mounted, some user writing to this array won't realize that errors are
happening unless they check dmesg or perform one fsync per written file.
Despite udev signaling the member device is gone, 'mdadm' cannot issue the
STOP_ARRAY ioctl successfully, given the array is mounted.
In other words, no -EIO is returned and writes (except direct ones) appear
normal. Meaning the user might think the wrote data is correctly stored in
the array, but instead garbage was written given that raid0 does stripping
(and so, it requires all its members to be working in order to not corrupt
data). For md/linear, writes to the available members will work fine, but
if the writes go to the missing member(s), it'll cause a file corruption
situation, whereas the portion of the writes to the missing devices aren't
written effectively.
This patch changes this behavior: we check if the block device's gendisk
is UP when submitting the BIO to the array member, and if it isn't, we flag
the md device as MD_BROKEN and fail subsequent I/Os to that device; a read
request to the array requiring data from a valid member is still completed.
While flagging the device as MD_BROKEN, we also show a rate-limited warning
in the kernel log.
A new array state 'broken' was added too: it mimics the state 'clean' in
every aspect, being useful only to distinguish if the array has some member
missing. We rely on the MD_BROKEN flag to put the array in the 'broken'
state. This state cannot be written in 'array_state' as it just shows
one or more members of the array are missing but acts like 'clean', it
wouldn't make sense to write it.
With this patch, the filesystem reacts much faster to the event of missing
array member: after some I/O errors, ext4 for instance aborts the journal
and prevents corruption. Without this change, we're able to keep writing
in the disk and after a machine reboot, e2fsck shows some severe fs errors
that demand fixing. This patch was tested in ext4 and xfs filesystems, and
requires a 'mdadm' counterpart to handle the 'broken' state.
Cc: Song Liu <songliubraving@fb.com>
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
2019-09-03 19:49:00 +00:00
|
|
|
if (!test_and_set_bit(MD_BROKEN, &rdev->mddev->flags))
|
|
|
|
pr_warn("md: %s: %s array has a missing/failed member\n",
|
|
|
|
mdname(rdev->mddev), md_type);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2012-07-26 09:12:18 +00:00
|
|
|
static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev)
|
|
|
|
{
|
|
|
|
int faulty = test_bit(Faulty, &rdev->flags);
|
|
|
|
if (atomic_dec_and_test(&rdev->nr_pending) && faulty) {
|
|
|
|
set_bit(MD_RECOVERY_NEEDED, &mddev->recovery);
|
|
|
|
md_wakeup_thread(mddev->thread);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-03-29 15:01:53 +00:00
|
|
|
extern struct md_cluster_operations *md_cluster_ops;
|
2014-03-29 15:20:02 +00:00
|
|
|
static inline int mddev_is_clustered(struct mddev *mddev)
|
|
|
|
{
|
|
|
|
return mddev->cluster_info && mddev->bitmap_info.nodes > 1;
|
|
|
|
}
|
2017-01-05 00:10:19 +00:00
|
|
|
|
|
|
|
/* clear unsupported mddev_flags */
|
|
|
|
static inline void mddev_clear_unsupported_flags(struct mddev *mddev,
|
|
|
|
unsigned long unsupported_flags)
|
|
|
|
{
|
|
|
|
mddev->flags &= ~unsupported_flags;
|
|
|
|
}
|
2017-02-14 00:21:49 +00:00
|
|
|
|
|
|
|
static inline void mddev_check_writesame(struct mddev *mddev, struct bio *bio)
|
|
|
|
{
|
|
|
|
if (bio_op(bio) == REQ_OP_WRITE_SAME &&
|
2021-01-24 10:02:34 +00:00
|
|
|
!bio->bi_bdev->bd_disk->queue->limits.max_write_same_sectors)
|
2017-02-14 00:21:49 +00:00
|
|
|
mddev->queue->limits.max_write_same_sectors = 0;
|
|
|
|
}
|
2017-04-05 17:21:03 +00:00
|
|
|
|
|
|
|
static inline void mddev_check_write_zeroes(struct mddev *mddev, struct bio *bio)
|
|
|
|
{
|
|
|
|
if (bio_op(bio) == REQ_OP_WRITE_ZEROES &&
|
2021-01-24 10:02:34 +00:00
|
|
|
!bio->bi_bdev->bd_disk->queue->limits.max_write_zeroes_sectors)
|
2017-04-05 17:21:03 +00:00
|
|
|
mddev->queue->limits.max_write_zeroes_sectors = 0;
|
|
|
|
}
|
2020-06-06 13:00:24 +00:00
|
|
|
|
2020-06-07 15:31:19 +00:00
|
|
|
struct mdu_array_info_s;
|
|
|
|
struct mdu_disk_info_s;
|
|
|
|
|
2020-06-07 14:33:01 +00:00
|
|
|
extern int mdp_major;
|
2020-06-06 13:00:24 +00:00
|
|
|
void md_autostart_arrays(int part);
|
2020-06-07 15:31:19 +00:00
|
|
|
int md_set_array_info(struct mddev *mddev, struct mdu_array_info_s *info);
|
|
|
|
int md_add_new_disk(struct mddev *mddev, struct mdu_disk_info_s *info);
|
|
|
|
int do_md_run(struct mddev *mddev);
|
|
|
|
|
|
|
|
extern const struct block_device_operations md_fops;
|
2020-06-06 13:00:24 +00:00
|
|
|
|
2009-04-14 02:01:53 +00:00
|
|
|
#endif /* _MD_MD_H */
|