Commit Graph

903 Commits

Author SHA1 Message Date
Pawel Jakub Dawidek
a245a5483c - Add genid field to the metadata which will allow to improve reliability a bit.
After this change, when component is disconnected because of an I/O error,
  it will not be connected and synchronized automatically, it will be logged
  as broken and skipped. Autosynchronization can occur, when component is
  disconnected (on orphan event) and connected again - there were no I/O
  error, so there is no need to not connected the component, but when there were
  writes while it wasn't connected, it will be synchronized.
  This fix cases, when component is disconnected because of I/O error and can be
  connected again and again.
- Bump version number.
- Implement backward compatibility mechanism. After this change when metadata in
  old version is detected, it is automatically upgraded to the new (current)
  version.
2004-12-25 19:17:47 +00:00
Pawel Jakub Dawidek
538ff5ee7a Update disk->d_genid field when increasing sc->sc_genid. 2004-12-23 21:15:15 +00:00
Pawel Jakub Dawidek
9a9f504132 - Add genid field to the metadata which will allow to improve reliability a bit.
After this change, when component is disconnected because of an I/O error,
  it will not be connected and synchronized automatically, it will be logged
  as broken and skipped. Autosynchronization can occur, when component is
  disconnected (on orphan event) and connected again - there were no I/O
  error, so there is no need to not connected the component, but when there were
  writes while it wasn't connected, it will be synchronized.
  This fix cases, when component is disconnected because of I/O error and can be
  connected again and again.
- Bump version number.
- Add version change history.
- Implement backward compatibility mechanism. After this change when metadata in
  old version is detected, it is automatically upgraded to the new (current)
  version.
2004-12-22 23:09:32 +00:00
Pawel Jakub Dawidek
4485f00081 Now, when force device destruction is done on shutdown, hide warning,
that device cannot be destroyed immediately, under debug=1.

Suggested by:	simon
2004-12-21 19:50:18 +00:00
Pawel Jakub Dawidek
d97d5ee931 Improve reliability and clean up code a bit.
For more details check src/sys/geom/mirror/g_mirror.c rev.1.47,1.48,1.49,1.50.
2004-12-21 19:30:59 +00:00
Pawel Jakub Dawidek
f663832b75 This should not be permitted, but some GEOM classes held the topology lock
while doing g_(read|write)_data() (e.g. BSD). This can cause a deadlock
in MIRROR class. Not sure if this is safe to drop the topology lock in BSD
class, so change the code in MIRROR class to avoid this deadlock.
2004-12-21 18:42:51 +00:00
Pawel Jakub Dawidek
54bab03f04 Implement g_topology_try_lock().
No objection from:	phk
2004-12-21 18:32:46 +00:00
Pawel Jakub Dawidek
dc7d54e7b3 Remove unused variables. 2004-12-19 23:55:49 +00:00
Pawel Jakub Dawidek
a2a7b44de0 - Argument 'flags' in g_mirror_destroy_consumer() function is unsed -
mark it as such.
- Before closing consumer check if it is open. It can be closed here
  when g_mirror_connect_disk() fails on g_access().
2004-12-19 23:33:59 +00:00
Pawel Jakub Dawidek
9eec299fab Some major cleanups.
Keeping consumers open when device is closed is very hard. We need to
open consumers sometimes to update metadata, etc.
Many hacks was introduced in the past to made it possible. You cannot
be sure that you can open consumer for writing always, even if you think
it should be allowed. If one of the mirror components is for example da0
and you try to open it, you can get EPERM when da0s1 is opened for reading
(because BSD class opens consumers (da0) with an extra 'e' bit set).
Waiting for the events queue to be empty may do the trick, but it makes
code much uglier (as you cannot always call g_waitidle()), it doesn't
solve all edge cases and it can introduce deadlocks if there are events
in the queue that wait for gmirror.

I removed those hacks. Now all consumers are open r1w1e1 always, even if
device is closed. Maybe it is less clean from GEOM perspective, but simpify
code a lot and make it much more reliable.
The only issue was retaste event which is sent when we close consumers
opened for writing. I ignore retaste event by not detaching consumer
immediately (so retaste event is not send to my class) and sending event
right after it to detach and destroy consumer.
2004-12-19 23:12:00 +00:00
Pawel Jakub Dawidek
c37e2f9bbf Don't quit on first failure, just skip failures. 2004-12-19 22:58:25 +00:00
Christian Brueffer
44d086bde6 Fix typo in a comment.
MFC after:	3 days
2004-12-15 12:18:41 +00:00
Pawel Jakub Dawidek
89dd8e5326 bioq_insert_head() function is already in subr_disk.c. 2004-12-13 13:02:06 +00:00
Poul-Henning Kamp
2221dbebce Pass the file->flags down to geom ioctl handlers.
Reject certain ioctls if write permission is not indicated.

Bump geom API version.

Reported by:	Ruben de Groot <mail25@bzerk.org>
2004-12-12 10:09:05 +00:00
Pawel Jakub Dawidek
53ed4e0d54 - Turn off 'fast' mode by default and increase maximum memory to consume
when this mode is used.
- Manual page update.
2004-12-09 12:26:47 +00:00
Marcel Moolenaar
9055ed836a o Don't limit GPT as a rank 2 provider. Allow it to be connected
anywhere in the DAG. This includes configurations that are not
   allowed by the EFI specification.
o  Reject a GPT partition table if it's not preceeded by a PMBR.
   There's no need to preserve the MBR partitioning anymore as GPT
   is mature and with the first bullet extending the applicability
   of GPT, it's better to be a bit more strict.
2004-12-05 06:02:21 +00:00
Pawel Jakub Dawidek
afd05d741f When initializing device, set d_softc and d_no fields for all components,
because we know it then and we need it when inserting a component which
wasn't destroyed while device was running.

Reported by:	Michael Handler <handler@grendel.net>
MFC after:	1 week
2004-12-04 21:20:59 +00:00
Warner Losh
3bc18cb767 Add observations of the Linux98 and Grub/98 boot loaders. These
observations lead me to believe that the convetion for pc98 boot
loaders is to have a jump unstruction, followed by a string, followed
by code.  The jump usually doesn't have a nop after it and usually the
string is NUL terminated, but Grub/98 breaks both of these rules.

# I looked for, but failed to find the Minux boot blocks for PC-9801 port.
2004-11-30 09:40:11 +00:00
Warner Losh
696ac86f2c Reject tasting of this provider if the sector size isn't a multiple of
512.  If I had an audio cdrom in my cd player when I booted my system,
I'd get a panic from geom because you can't read 8192 bytes from an
audio cdrom.

Remove XXX comment about IPL1 and replace it with some information
from my soon to be published web page on the pc98 disk layout.  The
IPL1 test was the result of an observation of a disk with FreeBSD's
boot0 program.  It was testing part of an area what appears to be
reserved for a boot loader name, which comes after a jump over this
area.  I don't yet know if it is required to be any specific jump
instruction, or if the destination has to be location 11. [1]

[1] FreeBSD Press No. 13, page 115, poorly translated by myself.  The
picture there shows offset 8 as the destination of the jump, but
FreeBSD's boot0 program has three padding NULs after the IPL1 name and
uses a 16-bit 'jmp' instruction.
2004-11-30 08:00:14 +00:00
Poul-Henning Kamp
d4dbba5f83 Fix a long standing bug in geom_mbr which is only now exposed by the
correct open/close behaviour of filesystems:

When an ioctl to modify the MBR arrives, we cannot take for granted that
we have the consumer open.

The symptom is that one cannot run 'boot0cfg -s2 /dev/ad0' in single-user
mode because / is the only open partition in only open r1w0e1.

If it is not, we attempt to increase the write count by one and
decrease it again afterwards.

Presumably most if not all other slices suffer from the same problem.
2004-11-28 20:57:25 +00:00
Lukas Ertl
997337fd20 Implement 'setstate' to allow setting the state of drives and subdisks
for debugging and emergency purposes.
2004-11-26 12:31:36 +00:00
Lukas Ertl
fb5885af37 Implement checkparity/rebuildparity. 2004-11-26 12:01:00 +00:00
Pawel Jakub Dawidek
a17dd95f14 - Add missing Giant drop before acquiring the topology lock.
- Move DROP_GIANT()/PICKUP_GIANT() to g_gate_ioctl().
2004-11-23 11:18:26 +00:00
Max Khon
9595dba40d Use M_ZERO to not panic in mtx_init when INVARIANTS enabled.
Submitted by:	simokawa
MFC after:	1 week
2004-11-20 13:10:04 +00:00
Lukas Ertl
fb4e65d035 Move RAID5 offset calculation into a separate function to avoid
code duplication.
2004-11-15 13:04:55 +00:00
Lukas Ertl
94175098f1 Share gv_roughlength() between kernel and userland, as we will need it
there later.
2004-11-15 12:30:59 +00:00
Pawel Jakub Dawidek
085f43afae Before trying to update metadata (so open consumer for writing), be sure
that the events queue is empty. In other case we're able to hit the race
where for example da0s1 is tasted by some other class, which means that
da0 is open with exclusive bit set, which means that we can't open da0
for writing if it is our component.

Reported by:	Attila Nagy <bra@fsn.hu> (and somebody else sometime ago,
		                          but I cannot find who it was)
2004-11-09 23:27:21 +00:00
Pawel Jakub Dawidek
b8005b9b24 Introduce g_waitidlelock() function which is simlar to g_waitidle(),
but should be called with the topology lock held and returns with the
topology lock held and empty event queue.

Approved by:	phk (sometime ago)
2004-11-09 23:20:50 +00:00
Pawel Jakub Dawidek
b36b4bfb55 Don't rely on DIRTY flag to be sure that consumer if open, because
DIRTY flag can be removed in idle process. Use consumer's acw field
instead to avoid opening consumer twice.
2004-11-09 23:15:40 +00:00
Pawel Jakub Dawidek
9c6a3f03c6 For BIO_READ check if provider is open for reading and for BIO_WRITE,
check if provider is open for writing.
This fixes panic when device is open only for writing and we send write
request.
2004-11-09 23:04:45 +00:00
Pawel Jakub Dawidek
fdc3c6ce23 Drop Giant lock before grabbing the topology lock. 2004-11-09 00:35:08 +00:00
Pawel Jakub Dawidek
463674f7e0 If device is marked as beeing destroyed, deny all access requests. 2004-11-08 20:23:53 +00:00
Pawel Jakub Dawidek
9bb09163fc Don't forget to make sure that there are no not-finished requests before
marking components as clean.

Pointed out by:	scottl
2004-11-05 17:18:39 +00:00
Pawel Jakub Dawidek
4d006a98d1 - Mark all raid3 components as clean after kern.geom.raid3.idletime seconds.
- Make kern.geom.raid3.timeout variable tunable.
2004-11-05 13:12:58 +00:00
Pawel Jakub Dawidek
9da3072cae Mark raid3 devices as clean on shutdown (after all file systems are
unmounted).

Suggested by:	scottl
2004-11-05 13:01:25 +00:00
Pawel Jakub Dawidek
79e614937e - Use ->index consumer's field to track number of in-flight requests.
- Remove unused #include.
2004-11-05 12:42:16 +00:00
Pawel Jakub Dawidek
6349471be3 Use shutdown hooks to mark mirrors as clean after all file systems are
unmounted.

Suggested by:	scottl
2004-11-05 12:35:21 +00:00
Pawel Jakub Dawidek
127cf38ee4 Remove unused #include. 2004-11-05 12:31:32 +00:00
Pawel Jakub Dawidek
14089dae44 - Add a sysctl kern.geom.mirror.idletime, so one can specify after how many
seconds of idling, DRITY flags are removed.
- If mirror is in idle state or is not open for writing, sleep without
  timeout when waiting for I/O requests.
- Don't use atomic operations, for now sysctls are protected by Giant.
- Update debugs.
2004-11-05 10:55:04 +00:00
Pawel Jakub Dawidek
2fdf5be172 MFp4:
- Fix for good (I hope) force-stopping mirrors and some filure cases
  (e.g. the last good component dies when synchronization is in progress).
  Don't use ->nstart/->nend consumer's fields, as this could be racy,
  because those fields are used in g_down/g_up, use ->index consumer's
  field instead for tracking number of not finished requests.

  Reported by:	marcel

- After 5 seconds of idle time (this should be configurable) mark all
  dirty providers as clean, so when mirror is not used in 5 seconds
  and there will be power failure, no synchronization on boot is needed.

  Idea from:	sorry, I can't find who suggested this

- When there are no ACTIVE components and no NEW components destroy whole
  mirror, not only provider.

- Fix one debug to show information about I/O request, before we change
  its command.
2004-11-05 09:05:15 +00:00
Poul-Henning Kamp
f9eeb89522 Finish cut&paste adjustments.
Spotted by:	tegge
2004-11-04 07:17:08 +00:00
Poul-Henning Kamp
e93a5ce092 Stop dumping the MBR entries under bootverbose 2004-11-03 09:08:33 +00:00
Poul-Henning Kamp
2859a695dc Stop wasting a bootverbose line on all geom slices. 2004-11-03 09:08:10 +00:00
Poul-Henning Kamp
55f499a94f Don't set si_bsize_phys, nobody cares. 2004-10-29 11:11:44 +00:00
Poul-Henning Kamp
4d13ab3da2 Add GEOM class "VFS" for filesystems and other buffer cache users
of GEOM devices.

There is nothing magic about this, it just gives a bufobj interface
to GEOM.
2004-10-29 09:56:56 +00:00
Poul-Henning Kamp
725419af56 Add g_wither_geom_close() function. 2004-10-29 09:19:03 +00:00
Poul-Henning Kamp
6afb3b1c37 Give dev_strategy() an explict cdev argument in preparation for removing
buf->b-dev.

Put a bio between the buf passed to dev_strategy() and the device driver
strategy routine in order to not clobber fields in the buf.

Assert copyright on vfs_bio.c and update copyright message to canonical
text.  There is no legal difference between John Dysons two-clause
abbreviated BSD license and the canonical text.
2004-10-29 07:16:37 +00:00
Lukas Ertl
6c39d46363 Give each plex a separate queue where held back bios are put on.
This lowers the CPU usage of the worker thread and prevents a
possible live lock on non-SMP machines.

MFC candidate.
2004-10-26 21:01:42 +00:00
Poul-Henning Kamp
8c24ef5f78 Use unit number allocation functions for GEOM minor numbers. 2004-10-25 12:28:28 +00:00
Poul-Henning Kamp
f8fe7a735c Retire si_stripesize and si_stripeoffset they will not be needed in cdev
in the future.
2004-10-25 07:40:54 +00:00