1. 26 7月, 2010 1 次提交
  2. 21 7月, 2010 2 次提交
  3. 24 6月, 2010 6 次提交
    • N
      md/raid5: don't include 'spare' drives when reshaping to fewer devices. · 3424bf6a
      NeilBrown 提交于
      There are few situations where it would make any sense to add a spare
      when reducing the number of devices in an array, but it is
      conceivable:  A 6 drive RAID6 with two missing devices could be
      reshaped to a 5 drive RAID6, and a spare could become available
      just in time for the reshape, but not early enough to have been
      recovered first.  'freezing' recovery can make this easy to
      do without any races.
      
      However doing such a thing is a bad idea.  md will not record the
      partially-recovered state of the 'spare' and when the reshape
      finished it will think that the spare is still spare.
      Easiest way to avoid this confusion is to simply disallow it.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      3424bf6a
    • N
      md/raid5: add a missing 'continue' in a loop. · 2f115882
      NeilBrown 提交于
      As the comment says, the tail of this loop only applies to devices
      that are not fully in sync, so if In_sync was set, we should avoid
      the rest of the loop.
      
      This bug will hardly ever cause an actual problem.  The worst it
      can do is allow an array to be assembled that is dirty and degraded,
      which is not generally a good idea (without warning the sysadmin
      first).
      
      This will only happen if the array is RAID4 or a RAID5/6 in an
      intermediate state during a reshape and so has one drive that is
      all 'parity' - no data - while some other device has failed.
      
      This is certainly possible, but not at all common.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      2f115882
    • N
      md/raid5: Allow recovered part of partially recovered devices to be in-sync · 415e72d0
      NeilBrown 提交于
      During a recovery of reshape the early part of some devices might be
      in-sync while the later parts are not.
      We we know we are looking at an early part it is good to treat that
      part as in-sync for stripe calculations.
      
      This is particularly important for a reshape which suffers device
      failure.  Treating the data as in-sync can mean the difference between
      data-safety and data-loss.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      415e72d0
    • N
      md/raid5: More careful check for "has array failed". · 674806d6
      NeilBrown 提交于
      When we are reshaping an array, the device failure combinations
      that cause us to decide that the array as failed are more subtle.
      
      In particular, any 'spare' will be fully in-sync in the section
      of the array that has already been reshaped, thus failures that
      affect only that section are less critical.
      
      So encode this subtlety in a new function and call it as appropriate.
      
      The case that showed this problem was a 4 drive RAID5 to 8 drive RAID6
      conversion where the last two devices failed.
      This resulted in:
      
        good good good good incomplete good good failed failed
      
      while converting a 5-drive RAID6 to 8 drive RAID5
      The incomplete device causes the whole array to look bad,
      bad as it was actually good for the section that had been
      converted to 8-drives, all the data was actually safe.
      Reported-by: NTerry Morris <tbmorris@tbmorris.com>
      Signed-off-by: NNeilBrown <neilb@suse.de>
      674806d6
    • N
      md: Don't update ->recovery_offset when reshaping an array to fewer devices. · 70fffd0b
      NeilBrown 提交于
      When an array is reshaped to have fewer devices, the reshape proceeds
      from the end of the devices to the beginning.
      
      If a device happens to be non-In_sync (which is possible but rare)
      we would normally update the ->recovery_offset as the reshape
      progresses. However that would be wrong as the recover_offset records
      that the early part of the device is in_sync, while in fact it would
      only be the later part that is in_sync, and in any case the offset
      number would be measured from the wrong end of the device.
      
      Relatedly, if after a reshape a spare is discovered to not be
      recoverred all the way to the end, not allow spare_active
      to incorporate it in the array.
      
      This becomes relevant in the following sample scenario:
      
      A 4 drive RAID5 is converted to a 6 drive RAID6 in a combined
      operation.
      The RAID5->RAID6 conversion will cause a 5 drive to be included as a
      spare, then the 5drive -> 6drive reshape will effectively rebuild that
      spare as it progresses.  The 6th drive is treated as in_sync the whole
      time as there is never any case that we might consider reading from
      it, but must not because there is no valid data.
      
      If we interrupt this reshape part-way through and reverse it to return
      to a 5-drive RAID6 (or event a 4-drive RAID5), we don't want to update
      the recovery_offset - as that would be wrong - and we don't want to
      include that spare as active in the 5-drive RAID6 when the reversed
      reshape completed and it will be mostly out-of-sync still.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      70fffd0b
    • N
      md/raid5: avoid oops when number of devices is reduced then increased. · e4e11e38
      NeilBrown 提交于
      The entries in the stripe_cache maintained by raid5 are enlarged
      when we increased the number of devices in the array, but not
      shrunk when we reduce the number of devices.
      So if entries are added after reducing the number of devices, we
      much ensure to initialise the whole entry, not just the part that
      is currently relevant.  Otherwise if we enlarge the array again,
      we will reference uninitialised values.
      
      As grow_buffers/shrink_buffer now want to use a count that is stored
      explicity in the raid_conf, they should get it from there rather than
      being passed it as a parameter.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      e4e11e38
  4. 28 5月, 2010 1 次提交
  5. 18 5月, 2010 10 次提交
  6. 17 5月, 2010 1 次提交
    • N
      md: manage redundancy group in sysfs when changing level. · a64c876f
      NeilBrown 提交于
      Some levels expect the 'redundancy group' to be present,
      others don't.
      So when we change level of an array we might need to
      add or remove this group.
      
      This requires fixing up the current practice of overloading ->private
      to indicate (when ->pers == NULL) that something needs to be removed.
      So create a new ->to_remove to fill that role.
      
      When changing levels, we may need to add or remove attributes.  When
      changing RAID5 -> RAID6, we both add and remove the same thing.  It is
      important to catch this and optimise it out as the removal is delayed
      until a lock is released, so trying to add immediately would cause
      problems.
      
      
      Cc: stable@kernel.org
      Signed-off-by: NNeilBrown <neilb@suse.de>
      a64c876f
  7. 07 5月, 2010 1 次提交
  8. 23 4月, 2010 1 次提交
  9. 20 4月, 2010 1 次提交
  10. 30 3月, 2010 1 次提交
    • T
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo 提交于
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Guess-its-ok-by: NChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  11. 26 2月, 2010 1 次提交
  12. 17 2月, 2010 1 次提交
    • T
      percpu: add __percpu sparse annotations to what's left · a29d8b8e
      Tejun Heo 提交于
      Add __percpu sparse annotations to places which didn't make it in one
      of the previous patches.  All converions are trivial.
      
      These annotations are to make sparse consider percpu variables to be
      in a different address space and warn if accessed without going
      through percpu accessors.  This patch doesn't affect normal builds.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Acked-by: NBorislav Petkov <borislav.petkov@amd.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Huang Ying <ying.huang@intel.com>
      Cc: Len Brown <lenb@kernel.org>
      Cc: Neil Brown <neilb@suse.de>
      a29d8b8e
  13. 10 2月, 2010 1 次提交
    • N
      md: fix some lockdep issues between md and sysfs. · ef286f6f
      NeilBrown 提交于
      ======
      This fix is related to
          http://bugzilla.kernel.org/show_bug.cgi?id=15142
      but does not address that exact issue.
      ======
      
      sysfs does like attributes being removed while they are being accessed
      (i.e. read or written) and waits for the access to complete.
      
      As accessing some md attributes takes the same lock that is held while
      removing those attributes a deadlock can occur.
      
      This patch addresses 3 issues in md that could lead to this deadlock.
      
      Two relate to calling flush_scheduled_work while the lock is held.
      This is probably a bad idea in general and as we use schedule_work to
      delete various sysfs objects it is particularly bad.
      
      In one case flush_scheduled_work is called from md_alloc (called by
      md_probe) called from do_md_run which holds the lock.  This call is
      only present to ensure that ->gendisk is set.  However we can be sure
      that gendisk is always set (though possibly we couldn't when that code
      was originally written.  This is because do_md_run is called in three
      different contexts:
        1/ from md_ioctl.  This requires that md_open has succeeded, and it
           fails if ->gendisk is not set.
        2/ from writing a sysfs attribute.  This can only happen if the
           mddev has been registered in sysfs which happens in md_alloc
           after ->gendisk has been set.
        3/ from autorun_array which is only called by autorun_devices, which
           checks for ->gendisk to be set before calling autorun_array.
      So the call to md_probe in do_md_run can be removed, and the check on
      ->gendisk can also go.
      
      
      In the other case flush_scheduled_work is being called in do_md_stop,
      purportedly to wait for all md_delayed_delete calls (which delete the
      component rdevs) to complete.  However there really isn't any need to
      wait for them - they have already been disconnected in all important
      ways.
      
      The third issue is that raid5->stop() removes some attribute names
      while the lock is held.  There is already some infrastructure in place
      to delay attribute removal until after the lock is released (using
      schedule_work).  So extend that infrastructure to remove the
      raid5_attrs_group.
      
      This does not address all lockdep issues related to the sysfs
      "s_active" lock.  The rest can be address by splitting that lockdep
      context between symlinks and non-symlinks which hopefully will happen.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      ef286f6f
  14. 09 2月, 2010 1 次提交
    • N
      md: fix 'degraded' calculation when starting a reshape. · 9eb07c25
      NeilBrown 提交于
      This code was written long ago when it was not possible to
      reshape a degraded array.  Now it is so the current level of
      degraded-ness needs to be taken in to account.  Also newly addded
      devices should only reduce degradedness if they are deemed to be
      in-sync.
      
      In particular, if you convert a RAID5 to a RAID6, and increase the
      number of devices at the same time, then the 5->6 conversion will
      make the array degraded so the current code will produce a wrong
      value for 'degraded' - "-1" to be precise.
      
      If the reshape runs to completion end_reshape will calculate a correct
      new value for 'degraded', but if a device fails during the reshape an
      incorrect decision might be made based on the incorrect value of
      "degraded".
      
      This patch is suitable for 2.6.32-stable and if they are still open,
      2.6.31-stable and 2.6.30-stable as well.
      
      Cc: stable@kernel.org
      Reported-by: NMichael Evans <mjevans1983@gmail.com>
      Signed-off-by: NNeilBrown <neilb@suse.de>
      9eb07c25
  15. 14 12月, 2009 4 次提交
    • N
      md: add MODULE_DESCRIPTION for all md related modules. · 0efb9e61
      NeilBrown 提交于
      Suggested by  Oren Held <orenhe@il.ibm.com>
      Signed-off-by: NNeilBrown <neilb@suse.de>
      0efb9e61
    • N
      md/raid5: don't complete make_request on barrier until writes are scheduled · 729a1866
      NeilBrown 提交于
      The post-barrier-flush is sent by md as soon as make_request on the
      barrier write completes.  For raid5, the data might not be in the
      per-device queues yet.  So for barrier requests, wait for any
      pre-reading to be done so that the request will be in the per-device
      queues.
      
      We use the 'preread_active' count to check that nothing is still in
      the preread phase, and delay the decrement of this count until after
      write requests have been submitted to the underlying devices.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      729a1866
    • N
      md: support barrier requests on all personalities. · a2826aa9
      NeilBrown 提交于
      Previously barriers were only supported on RAID1.  This is because
      other levels requires synchronisation across all devices and so needed
      a different approach.
      Here is that approach.
      
      When a barrier arrives, we send a zero-length barrier to every active
      device.  When that completes - and if the original request was not
      empty -  we submit the barrier request itself (with the barrier flag
      cleared) and then submit a fresh load of zero length barriers.
      
      The barrier request itself is asynchronous, but any subsequent
      request will block until the barrier completes.
      
      The reason for clearing the barrier flag is that a barrier request is
      allowed to fail.  If we pass a non-empty barrier through a striping
      raid level it is conceivable that part of it could succeed and part
      could fail.  That would be way too hard to deal with.
      So if the first run of zero length barriers succeed, we assume all is
      sufficiently well that we send the request and ignore errors in the
      second run of barriers.
      
      RAID5 needs extra care as write requests may not have been submitted
      to the underlying devices yet.  So we flush the stripe cache before
      proceeding with the barrier.
      
      Note that the second set of zero-length barriers are submitted
      immediately after the original request is submitted.  Thus when
      a personality finds mddev->barrier to be set during make_request,
      it should not return from make_request until the corresponding
      per-device request(s) have been queued.
      
      That will be done in later patches.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      Reviewed-by: NAndre Noll <maan@systemlinux.org>
      a2826aa9
    • N
      md/raid5: remove some sparse warnings. · 8553fe7e
      NeilBrown 提交于
      qd_idx is previously declared and given exactly the same value!
      Signed-off-by: NNeilBrown <neilb@suse.de>
      8553fe7e
  16. 13 11月, 2009 2 次提交
    • N
      md/raid5: Allow dirty-degraded arrays to be assembled when only party is degraded. · c148ffdc
      NeilBrown 提交于
      Normally is it not safe to allow a raid5 that is both dirty and
      degraded to be assembled without explicit request from that admin, as
      it can cause hidden data corruption.
      This is because 'dirty' means that the parity cannot be trusted, and
      'degraded' means that the parity needs to be used.
      
      However, if the device that is missing contains only parity, then
      there is no issue and assembly can continue.
      This particularly applies when a RAID5 is being converted to a RAID6
      and there is an unclean shutdown while the conversion is happening.
      
      So check for whether the degraded space only contains parity, and
      in that case, allow the assembly.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      c148ffdc
    • N
      Don't unconditionally set in_sync on newly added device in raid5_reshape · 7ef90146
      NeilBrown 提交于
      When a reshape finds that it can add spare devices into the array,
      those devices might already be 'in_sync' if they are beyond the old
      size of the array, or they might not if they are within the array.
      
      The first case happens when we change an N-drive RAID5 to an
      N+1-drive RAID5.
      The second happens when we convert an N-drive RAID5 to an
      N+1-drive RAID6.
      
      So set the flag more carefully.
      Also, ->recovery_offset is only meaningful when the flag is clear,
      so only set it in that case.
      
      This change needs the preceding two to ensure that the non-in_sync
      device doesn't get evicted from the array when it is stopped, in the
      case where v0.90 metadata is used.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      7ef90146
  17. 06 11月, 2009 1 次提交
    • N
      md/raid5: make sure curr_sync_completes is uptodate when reshape starts · 8dee7211
      NeilBrown 提交于
      This value is visible through sysfs and is used by mdadm
      when it manages a reshape (backing up data that is about to be
      rearranged).  So it is important that it is always correct.
      Current it does not get updated properly when a reshape
      starts which can cause problems when assembling an array
      that is in the middle of being reshaped.
      
      This is suitable for 2.6.31.y stable kernels.
      
      Cc: stable@kernel.org
      Signed-off-by: NNeilBrown <neilb@suse.de>
      8dee7211
  18. 20 10月, 2009 1 次提交
  19. 16 10月, 2009 3 次提交
    • N
      md/async: don't pass a memory pointer as a page pointer. · 5dd33c9a
      NeilBrown 提交于
      md/raid6 passes a list of 'struct page *' to the async_tx routines,
      which then either DMA map them for offload, or take the page_address
      for CPU based calculations.
      
      For RAID6 we sometime leave 'blanks' in the list of pages.
      For CPU based calcs, we want to treat theses as a page of zeros.
      For offloaded calculations, we simply don't pass a page to the
      hardware.
      
      Currently the 'blanks' are encoded as a pointer to
      raid6_empty_zero_page.  This is a 4096 byte memory region, not a
      'struct page'.  This is mostly handled correctly but is rather ugly.
      
      So change the code to pass and expect a NULL pointer for the blanks.
      When taking page_address of a page, we need to check for a NULL and
      in that case use raid6_empty_zero_page.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      5dd33c9a
    • N
      md: Fix handling of raid5 array which is being reshaped to fewer devices. · 5e5e3e78
      NeilBrown 提交于
      When a raid5 (or raid6) array is being reshaped to have fewer devices,
      conf->raid_disks is the latter and hence smaller number of devices.
      However sometimes we want to use a number which is the total number of
      currently required devices - the larger of the 'old' and 'new' sizes.
      Before we implemented reducing the number of devices, this was always
      'new' i.e. ->raid_disks.
      Now we need max(raid_disks, previous_raid_disks) in those places.
      
      This particularly affects assembling an array that was shutdown while
      in the middle of a reshape to fewer devices.
      
      md.c needs a similar fix when interpreting the md metadata.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      5e5e3e78
    • N
      md: fix problems with RAID6 calculations for DDF. · e4424fee
      NeilBrown 提交于
      Signed-off-by: NNeilBrown <neilb@suse.de>
      e4424fee