If reshape is performed on drives larger then 2 TB,
migration checkpoint area that is calculated exeeds 32-bit value.
This checkpoint area is a reserved space threated as backup
during reshape - at the end of the drive, right before metadata.
As a result - wrong space is used and the data that may exists there
is overwritten.
Adding additional field to migration record to track high order 32-bits
of pba of this area. Three other fields that may exceed 32-bit value
for large drives are added as well.
Signed-off-by: Pawel Baldysiak <pawel.baldysiak@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Commit d7a1fda276 ("imsm: update metadata correctly while raid10 double
degradation") resolves main Imsm double degradation problems but it
omits one case. Now metadata hangs in the rebuilding state if the drive
under rebuild is removed during recovery from double degradation.
The root cause of this problem is comparing new map_state with current
and if they both are degraded assuming that nothing new happens.
Don't rely on map states, just check if device is failed. If the drive
under rebuild fails then finish migration, in other cases update map
state only (second fail means that destination map state can't be normal).
To avoid problems with reassembling move end_migration (called after
double degradation successful recovery) after check if recovery really
finished, for details see (7ce057018 "imsm: fix: rebuild does not
continue after reboot").
Remove redundant code responsible for finishing rebuild process. Function
end_migration do exactly the same. Set last_checkpoint to 0, to prepare
it for the next rebuild.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
After cd72f9d(policy: support devices with multiple paths.) compilation
on old compilers fails because "‘p’ may be used uninitialized
in this function".
Initialize it with NULL to prevent this.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
paths could be NULL and paths[0] should be followed by NULL pointer
checking.
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Gioh Kim <gi-oh.kim@cloud.ionos.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
When using "--grow --chunk=" to change chunk
size, the old chunksize is reported instead of the new.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
With a chunk size of 16Meg and data drive count of 8,
this calculate can easily overflow the 'int' type that
is used for the multiplications.
So force it to use "long" instead.
Reported-and-tested-by: Ed Spiridonov <edo.rus@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
If devices[].i.disk.state has MD_DISK_FAILFAST or MD_DISK_WRITEMOSTLY
flag, it cannot be the most recent device. Both flags should be masked
before checking the state.
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Gioh Kim <gi-oh.kim@cloud.ionos.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Mdmon calls end_migration() when map state changes from normal to
degraded. It is not valid because in raid 10 double degradation case
mdmon breaks checkpointing but array is still rebuilding.
In this case mdmon has to mark map as degraded and continues marking
recovery checkpoint in metadata. Migration can be finished only if newly
failed device is a rebuilding device.
Add catching double degraded to degraded transition. Migration is
finished but map state doesn't change, array is still degraded.
Update failed_disk_num correctly. If double degradation
happens rebuild will start on the lowest slot, but this variable points
to the first failed slot. If second fail happens while rebuild this
variable shouldn't be updated until rebuild is not finished.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
"mdadm --monitor --oneshot" can be used to get a warning
if there are any degraded arrays. It can be helpful to get
this warning periodically while the condition persists.
This patch add a systemd service and timer which can
be enabled with
systemctl enable mdmonitor-oneshot.service
and will then provide daily warnings.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Having the mdcheck script is not use if is never run.
This patch adds systemd unit files so that it can easily
be run on the first Sunday of each month for 6 hours,
then on every subsequent morning until the check is
finished.
The units still need to be enabled with
systemctl enable mdcheck_start.timer
The timer will only actually be started when an array
which might need it becomes active.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
As new releases of Linux some time change the name of
a path, some distros keep "legacy" names as well. This
is useful, but confuses mdadm which assumes each device has
precisely one path.
So change this assumption: allow a disk to have several
paths, and allow any to match when looking for a policy
which matches a disk.
Reported-and-tested-by: Mariusz Tkaczyk <mariusz.tkaczyk@intel.com>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
PART-POLICY has been accepted in mdadm.conf since the same
time that POLICY was accepted, but it was never documented.
So add the missing documentation.
Also fix a bug which would have stopped it from working if
anyone had ever tried to use it.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Before updating superblock of slave disks, desired_state value
is set for the target state of the slave disks. But it forgets
to check MD_DISK_FAILFAST and MD_DISK_WRITEMOSTLY flags. Then
start_arrays() calls ADD_NEW_DISK ioctl-call and pass the state
without MD_DISK_FAILFAST and MD_DISK_WRITEMOSTLY.
Currenlty it does not generate any problem because kernel does not
care MD_DISK_FAILFAST or MD_DISK_WRITEMOSTLY flags.
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Gioh Kim <gi-oh.kim@profitbricks.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
When IMSM_NO_PLATFORM is exported mdadm allows to create array with
partitions or add partition to existing array but there is no
possibilty to assemble it after stopping, see commit 691c6ee1b6
("IMSM/DDF: don't recognised these metadata on partitions.").
When searching for hba capabilities first test device and print
corresponding error if it is a partition.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Since load_devices frees "devices" when it can't find any
device, we should set it to NULL to avoid double free issue
which can be reproduced by below steps:
mdadm -CR /dev/md/vol -l0 -e 1.2 -n2 /dev/sd[b-c] --assume-clean
mdadm -Ss
mdadm -A /dev/md127 /dev/sd[b-c] --update metadata
Reported-by: Tkaczyk Mariusz <mariusz.tkaczyk@intel.com>
Tested-by: Tkaczyk Mariusz <mariusz.tkaczyk@intel.com>
Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Like other failure cases in load_devices, we need
to free those resources as well.
Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
In some scenarios mdadm --detail-platform shows duplicated info about one
of controllers. Block it.
Signed-off-by: Roman Sobanski <roman.sobanski@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
There is a possibility to create a RAID with empty name. Block it. Also
remove trailing and leading whitespaces from given name.
Signed-off-by: Roman Sobanski <roman.sobanski@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
When Kill() cannot open device or find superblock it return the same
error and mdadm ignores it.
Change error handling in Kill() function. Return error if device is
busy, ignore it only when superblock doesn't exist- assume that metadata
is zeroed.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Kernel returns EBUSY when device fail invokes array fail.
In external metadata if kernel returns it, mdadm doesn't stop member
arrays but it will try to stop container directly. It fails because
container still has working arrays, so udev remove is triggered.
Try to set faulty state on device in member arrays first. If kernel
returns EBUSY, stop this array. After that remove the device from
container.
In external metadata mdmon has to remove faulty devices from degraded
arrays, just remove device from container.
Raid5 array doesn't return EBUSY, it allows to remove every device.
Mdadm shouldn't block it.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
When array is frozen but there is no recovery/reshape in mdstat,
check_idle() will not return error but grow countinue can still working.
Check is array frozen. Do not use sysfs sync_action parameter because it
doesn't exist for Raid0, simply check metadata_version in mdstat.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Instead of /usr/bin/sh, and /usr/bin/echo, use /bin/sh and shell
built-in echo respectively. This makes
udev-md-raid-safe-timeouts.rules to be compatible with both usr-merged
and split-usr systems alike.
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
For HA product, RA (resource agent) assembles cluster raid
through call below cmd:
$MDADM --assemble $mddev --config=$RAIDCONF $MDADM_HOMEHOST
Sometimes node can't assemble array because all the nodes
need to contend dlm lock, which causes node fence in automatic
test.
And in fact, we don't need the protection since the assemble
cmd called by RA doesn't change superblock, so revert the
commit 76781701a4 ("Assemble:
provide protection when clustered raid do assemble") to remove
unneccessary protection.
Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
We can see "double free or corruption" with below steps
as reported by Mariusz:
export IMSM_NO_PLATFORM=1
export IMSM_DEVNAME_AS_SERIAL=1
mdadm --zero-super /dev/sd*
mdadm -C /dev/md/imsm -n2 -eimsm /dev/sdb /dev/sdc --run
mdadm -C /dev/md/r1 -n2 -z15G -eimsm /dev/sdb /dev/sdc -l1 --run --assume-clean
mdadm -f /dev/md126 /dev/sdb
mdadm -Ss
It is caused by Manage_stop calls map_remove and map_unlock,
but *mapp is not set to NULL after map_remove -> map_free,
so map_unlock will call map_free again.
Reported-by: Tkaczyk Mariusz <mariusz.tkaczyk@intel.com>
Tested-by: Tkaczyk Mariusz <mariusz.tkaczyk@intel.com>
Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Tests should calucalte expected array_size accordingly to raid level. Also
tests should take care about runding to neares MB introduced from b53bfba6
"imsm: use rounded size for metadata initialization".
Expect proper size in tests. Simplify 09imsm-overlap test by creating array
with size which has not been rounded. Main purpose of this test is checking
something else.
Signed-off-by: Michal Zylowski <michal.zylowski@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
When test tries to change RAID level from RAID5 to RAID0 mdadm respond with
error about unsporrted operation.
Make 16imsm-r5_3d-migrate-r0_3d and 16imsm-r5_5d-migrate-r0_5d test
negative.
Signed-off-by: Michal Zylowski <michal.zylowski@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Since a3b831c9 "Grow.c: Block any level migration with chunk size change"
there is no possibility to perform migration between level and chunk in
one operation. When any test tries to do this error message is printed
and tests finishes with fail.
Signed-off-by: Michal Zylowski <michal.zylowski@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
In some migration tests, variable new_num_disks should be set to expected
number of disks after migration. This is required for proper expected size
calculation.
Pass new_num_disks variable during test execution for:
- 16imsm-r0_3d-migrate-r5_4d
- 18imsm-r1_2d-takeover-r0_1d
- 16imsm-r0_5d-migrate-r5_6d
Signed-off-by: Michal Zylowski <michal.zylowski@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Chunk size copied from sysfs should be divied by 1024 to compare with
expected chunk size.
Signed-off-by: Michal Zylowski <michal.zylowski@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Since 611d9529 (imsm: change reserved space to 4MB) gap between RAID
volumes has changed. Tests should expect correct offset in size
calulations.
Fix expected offset for tests.
Signed-off-by: Michal Zylowski <michal.zylowski@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
1. There are some places which didn't free map as
discovered by coverity.
CID 289661 (#1 of 1): Resource leak (RESOURCE_LEAK)12. leaked_storage: Variable mapl going out of scope leaks the storage it points to.
CID 289619 (#3 of 3): Resource leak (RESOURCE_LEAK)63. leaked_storage: Variable map going out of scope leaks the storage it points to.
CID 289618 (#1 of 1): Resource leak (RESOURCE_LEAK)26. leaked_storage: Variable map going out of scope leaks the storage it points to.
CID 289607 (#1 of 1): Resource leak (RESOURCE_LEAK)41. leaked_storage: Variable map going out of scope leaks the storage it points to.
2. If we call map_by_* inside a loop, then map_free
should be called in the same loop, and it is better
to set map to NULL after free.
3. And map_unlock is always called with map_lock,
if we don't call map_remove before map_unlock,
then the memory (allocated by map_lock -> map_read
-> map_add -> xmalloc) could be leaked. So we
need to free it in map_unlock as well.
Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
When migrating an array from R0 to R10 num_data_stripes in metadata map
will not be updated. Update it to allow correct migration process.
Changes in R10 to R0 migration for clarity of code.
Signed-off-by: Roman Sobanski <roman.sobanski@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Since commit 20dc76d15b ("imsm: Set disk slot number") mdadm
sets slot number for each disk in imsm array. Now auto-assemble determines
devices using slot number and ignores devices on the same slot that have
older generation number.
It causes infinit loop if failed device is still visible in system
(it has metadata, but it is not merged with exisiting array).
To avoid it, out-of-sync device should be added to the best[]. Later
mdadm adds it as spare to the container.
Imsm doesn't support disk replacement feature, so it can use rooms for
replacements.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Fixes: a6994ccc23 ("mdadm/test: get rid of the tests/testdev")
Signed-off-by: Zhilong Liu <zlliu@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Fixes: beb71de04d ("mdadm/test: enable clustermd testing under clustermd_tests/")
clustermd_tests/func.sh:
remove unnecessary 'make install', just ensure 'make everything' has done.
the original idea is to make the /sbin/mdadm version same as ./mdadm, and
this breakage has pointed out by commit:
59416da78f ("tests/func.sh: Fix some total breakage in the test scripts")
Signed-off-by: Zhilong Liu <zlliu@suse.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
It give error message when query a non md device.
mdadm /dev/null
/dev/null: is an md device, but gives "Inappropriate ioctl for device" when queried
It's introduced by commit 5cb8599 and 8d0cd09
At first it checks whether a block is md device by function md_get_version.
In this function it does mainly two jobs:
1. send request by ioctl. (now it can be replace by argument ioctlerr)
2. check the block device major number which we don't do this.
We add the second judgement in this patch.
Fixes: 5cb8599 and 8d0cd09
Reported-by: Karsten Weiss <karsten.weiss@atos.net>
Signed-off-by: Xiao Ni <xni@redhat.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Cast to types that are big enough to hold the values, but also guarantee
no overflow of the buffer keepts gcc happy.
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Find the string length, copy it, and zero out the rest, instead of
relying on strncpy cleaning up for us.
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
We already cut symlinks longer than 1000, so rely on this calling
readlink and error out if we are able to read more than 1000 bytes.
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
gcc-8.1 complains about truncated string operations. While we know
percent will never grow larger than 100, it doesn't cost us anything
to increase the size of 'percentalert' on the stack like this.
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Grow feature for IMSM metadata is currently fully supported and tested.
Reshape operation is not in experimental state anymore, so usage of this
flag is unnecessary.
Do not require MDADM_EXPERIMENTAL flag and remove obsolete information
from manual.
Signed-off-by: Michal Zylowski <michal.zylowski@intel.com>
Acked-by: Mariusz Dabrowski <mariusz.dabrowski@intel.com>
Acked-by: Roman Sobanski <roman.sobanski@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Currently when created container keeps disks with mixed sector size (few
4K disks and some 512 disks) there is no possibility to create volume from
disks with one sector size.
Allow volume creation when given disks are related with mixed container.
Signed-off-by: Michal Zylowski <michal.zylowski@intel.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>