1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 /* 26 * Virtual Device Labels 27 * --------------------- 28 * 29 * The vdev label serves several distinct purposes: 30 * 31 * 1. Uniquely identify this device as part of a ZFS pool and confirm its 32 * identity within the pool. 33 * 34 * 2. Verify that all the devices given in a configuration are present 35 * within the pool. 36 * 37 * 3. Determine the uberblock for the pool. 38 * 39 * 4. In case of an import operation, determine the configuration of the 40 * toplevel vdev of which it is a part. 41 * 42 * 5. If an import operation cannot find all the devices in the pool, 43 * provide enough information to the administrator to determine which 44 * devices are missing. 45 * 46 * It is important to note that while the kernel is responsible for writing the 47 * label, it only consumes the information in the first three cases. The 48 * latter information is only consumed in userland when determining the 49 * configuration to import a pool. 50 * 51 * 52 * Label Organization 53 * ------------------ 54 * 55 * Before describing the contents of the label, it's important to understand how 56 * the labels are written and updated with respect to the uberblock. 57 * 58 * When the pool configuration is altered, either because it was newly created 59 * or a device was added, we want to update all the labels such that we can deal 60 * with fatal failure at any point. To this end, each disk has two labels which 61 * are updated before and after the uberblock is synced. Assuming we have 62 * labels and an uberblock with the following transaction groups: 63 * 64 * L1 UB L2 65 * +------+ +------+ +------+ 66 * | | | | | | 67 * | t10 | | t10 | | t10 | 68 * | | | | | | 69 * +------+ +------+ +------+ 70 * 71 * In this stable state, the labels and the uberblock were all updated within 72 * the same transaction group (10). Each label is mirrored and checksummed, so 73 * that we can detect when we fail partway through writing the label. 74 * 75 * In order to identify which labels are valid, the labels are written in the 76 * following manner: 77 * 78 * 1. For each vdev, update 'L1' to the new label 79 * 2. Update the uberblock 80 * 3. For each vdev, update 'L2' to the new label 81 * 82 * Given arbitrary failure, we can determine the correct label to use based on 83 * the transaction group. If we fail after updating L1 but before updating the 84 * UB, we will notice that L1's transaction group is greater than the uberblock, 85 * so L2 must be valid. If we fail after writing the uberblock but before 86 * writing L2, we will notice that L2's transaction group is less than L1, and 87 * therefore L1 is valid. 88 * 89 * Another added complexity is that not every label is updated when the config 90 * is synced. If we add a single device, we do not want to have to re-write 91 * every label for every device in the pool. This means that both L1 and L2 may 92 * be older than the pool uberblock, because the necessary information is stored 93 * on another vdev. 94 * 95 * 96 * On-disk Format 97 * -------------- 98 * 99 * The vdev label consists of two distinct parts, and is wrapped within the 100 * vdev_label_t structure. The label includes 8k of padding to permit legacy 101 * VTOC disk labels, but is otherwise ignored. 102 * 103 * The first half of the label is a packed nvlist which contains pool wide 104 * properties, per-vdev properties, and configuration information. It is 105 * described in more detail below. 106 * 107 * The latter half of the label consists of a redundant array of uberblocks. 108 * These uberblocks are updated whenever a transaction group is committed, 109 * or when the configuration is updated. When a pool is loaded, we scan each 110 * vdev for the 'best' uberblock. 111 * 112 * 113 * Configuration Information 114 * ------------------------- 115 * 116 * The nvlist describing the pool and vdev contains the following elements: 117 * 118 * version ZFS on-disk version 119 * name Pool name 120 * state Pool state 121 * txg Transaction group in which this label was written 122 * pool_guid Unique identifier for this pool 123 * vdev_tree An nvlist describing vdev tree. 124 * 125 * Each leaf device label also contains the following: 126 * 127 * top_guid Unique ID for top-level vdev in which this is contained 128 * guid Unique ID for the leaf vdev 129 * 130 * The 'vs' configuration follows the format described in 'spa_config.c'. 131 */ 132 133 #include <sys/zfs_context.h> 134 #include <sys/spa.h> 135 #include <sys/spa_impl.h> 136 #include <sys/dmu.h> 137 #include <sys/zap.h> 138 #include <sys/vdev.h> 139 #include <sys/vdev_impl.h> 140 #include <sys/uberblock_impl.h> 141 #include <sys/metaslab.h> 142 #include <sys/zio.h> 143 #include <sys/dsl_scan.h> 144 #include <sys/fs/zfs.h> 145 146 /* 147 * Basic routines to read and write from a vdev label. 148 * Used throughout the rest of this file. 149 */ 150 uint64_t 151 vdev_label_offset(uint64_t psize, int l, uint64_t offset) 152 { 153 ASSERT(offset < sizeof (vdev_label_t)); 154 ASSERT(P2PHASE_TYPED(psize, sizeof (vdev_label_t), uint64_t) == 0); 155 156 return (offset + l * sizeof (vdev_label_t) + (l < VDEV_LABELS / 2 ? 157 0 : psize - VDEV_LABELS * sizeof (vdev_label_t))); 158 } 159 160 /* 161 * Returns back the vdev label associated with the passed in offset. 162 */ 163 int 164 vdev_label_number(uint64_t psize, uint64_t offset) 165 { 166 int l; 167 168 if (offset >= psize - VDEV_LABEL_END_SIZE) { 169 offset -= psize - VDEV_LABEL_END_SIZE; 170 offset += (VDEV_LABELS / 2) * sizeof (vdev_label_t); 171 } 172 l = offset / sizeof (vdev_label_t); 173 return (l < VDEV_LABELS ? l : -1); 174 } 175 176 static void 177 vdev_label_read(zio_t *zio, vdev_t *vd, int l, void *buf, uint64_t offset, 178 uint64_t size, zio_done_func_t *done, void *private, int flags) 179 { 180 ASSERT(spa_config_held(zio->io_spa, SCL_STATE_ALL, RW_WRITER) == 181 SCL_STATE_ALL); 182 ASSERT(flags & ZIO_FLAG_CONFIG_WRITER); 183 184 zio_nowait(zio_read_phys(zio, vd, 185 vdev_label_offset(vd->vdev_psize, l, offset), 186 size, buf, ZIO_CHECKSUM_LABEL, done, private, 187 ZIO_PRIORITY_SYNC_READ, flags, B_TRUE)); 188 } 189 190 static void 191 vdev_label_write(zio_t *zio, vdev_t *vd, int l, void *buf, uint64_t offset, 192 uint64_t size, zio_done_func_t *done, void *private, int flags) 193 { 194 ASSERT(spa_config_held(zio->io_spa, SCL_ALL, RW_WRITER) == SCL_ALL || 195 (spa_config_held(zio->io_spa, SCL_CONFIG | SCL_STATE, RW_READER) == 196 (SCL_CONFIG | SCL_STATE) && 197 dsl_pool_sync_context(spa_get_dsl(zio->io_spa)))); 198 ASSERT(flags & ZIO_FLAG_CONFIG_WRITER); 199 200 zio_nowait(zio_write_phys(zio, vd, 201 vdev_label_offset(vd->vdev_psize, l, offset), 202 size, buf, ZIO_CHECKSUM_LABEL, done, private, 203 ZIO_PRIORITY_SYNC_WRITE, flags, B_TRUE)); 204 } 205 206 /* 207 * Generate the nvlist representing this vdev's config. 208 */ 209 nvlist_t * 210 vdev_config_generate(spa_t *spa, vdev_t *vd, boolean_t getstats, 211 vdev_config_flag_t flags) 212 { 213 nvlist_t *nv = NULL; 214 215 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 216 217 VERIFY(nvlist_add_string(nv, ZPOOL_CONFIG_TYPE, 218 vd->vdev_ops->vdev_op_type) == 0); 219 if (!(flags & (VDEV_CONFIG_SPARE | VDEV_CONFIG_L2CACHE))) 220 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_ID, vd->vdev_id) 221 == 0); 222 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_GUID, vd->vdev_guid) == 0); 223 224 if (vd->vdev_path != NULL) 225 VERIFY(nvlist_add_string(nv, ZPOOL_CONFIG_PATH, 226 vd->vdev_path) == 0); 227 228 if (vd->vdev_devid != NULL) 229 VERIFY(nvlist_add_string(nv, ZPOOL_CONFIG_DEVID, 230 vd->vdev_devid) == 0); 231 232 if (vd->vdev_physpath != NULL) 233 VERIFY(nvlist_add_string(nv, ZPOOL_CONFIG_PHYS_PATH, 234 vd->vdev_physpath) == 0); 235 236 if (vd->vdev_fru != NULL) 237 VERIFY(nvlist_add_string(nv, ZPOOL_CONFIG_FRU, 238 vd->vdev_fru) == 0); 239 240 if (vd->vdev_nparity != 0) { 241 ASSERT(strcmp(vd->vdev_ops->vdev_op_type, 242 VDEV_TYPE_RAIDZ) == 0); 243 244 /* 245 * Make sure someone hasn't managed to sneak a fancy new vdev 246 * into a crufty old storage pool. 247 */ 248 ASSERT(vd->vdev_nparity == 1 || 249 (vd->vdev_nparity <= 2 && 250 spa_version(spa) >= SPA_VERSION_RAIDZ2) || 251 (vd->vdev_nparity <= 3 && 252 spa_version(spa) >= SPA_VERSION_RAIDZ3)); 253 254 /* 255 * Note that we'll add the nparity tag even on storage pools 256 * that only support a single parity device -- older software 257 * will just ignore it. 258 */ 259 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_NPARITY, 260 vd->vdev_nparity) == 0); 261 } 262 263 if (vd->vdev_wholedisk != -1ULL) 264 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_WHOLE_DISK, 265 vd->vdev_wholedisk) == 0); 266 267 if (vd->vdev_not_present) 268 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_NOT_PRESENT, 1) == 0); 269 270 if (vd->vdev_isspare) 271 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_IS_SPARE, 1) == 0); 272 273 if (!(flags & (VDEV_CONFIG_SPARE | VDEV_CONFIG_L2CACHE)) && 274 vd == vd->vdev_top) { 275 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_METASLAB_ARRAY, 276 vd->vdev_ms_array) == 0); 277 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_METASLAB_SHIFT, 278 vd->vdev_ms_shift) == 0); 279 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_ASHIFT, 280 vd->vdev_ashift) == 0); 281 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_ASIZE, 282 vd->vdev_asize) == 0); 283 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_IS_LOG, 284 vd->vdev_islog) == 0); 285 if (vd->vdev_removing) 286 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_REMOVING, 287 vd->vdev_removing) == 0); 288 } 289 290 if (vd->vdev_dtl_smo.smo_object != 0) 291 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_DTL, 292 vd->vdev_dtl_smo.smo_object) == 0); 293 294 if (vd->vdev_crtxg) 295 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_CREATE_TXG, 296 vd->vdev_crtxg) == 0); 297 298 if (getstats) { 299 vdev_stat_t vs; 300 pool_scan_stat_t ps; 301 302 vdev_get_stats(vd, &vs); 303 VERIFY(nvlist_add_uint64_array(nv, ZPOOL_CONFIG_VDEV_STATS, 304 (uint64_t *)&vs, sizeof (vs) / sizeof (uint64_t)) == 0); 305 306 /* provide either current or previous scan information */ 307 if (spa_scan_get_stats(spa, &ps) == 0) { 308 VERIFY(nvlist_add_uint64_array(nv, 309 ZPOOL_CONFIG_SCAN_STATS, (uint64_t *)&ps, 310 sizeof (pool_scan_stat_t) / sizeof (uint64_t)) 311 == 0); 312 } 313 } 314 315 if (!vd->vdev_ops->vdev_op_leaf) { 316 nvlist_t **child; 317 int c, idx; 318 319 ASSERT(!vd->vdev_ishole); 320 321 child = kmem_alloc(vd->vdev_children * sizeof (nvlist_t *), 322 KM_SLEEP); 323 324 for (c = 0, idx = 0; c < vd->vdev_children; c++) { 325 vdev_t *cvd = vd->vdev_child[c]; 326 327 /* 328 * If we're generating an nvlist of removing 329 * vdevs then skip over any device which is 330 * not being removed. 331 */ 332 if ((flags & VDEV_CONFIG_REMOVING) && 333 !cvd->vdev_removing) 334 continue; 335 336 child[idx++] = vdev_config_generate(spa, cvd, 337 getstats, flags); 338 } 339 340 if (idx) { 341 VERIFY(nvlist_add_nvlist_array(nv, 342 ZPOOL_CONFIG_CHILDREN, child, idx) == 0); 343 } 344 345 for (c = 0; c < idx; c++) 346 nvlist_free(child[c]); 347 348 kmem_free(child, vd->vdev_children * sizeof (nvlist_t *)); 349 350 } else { 351 const char *aux = NULL; 352 353 if (vd->vdev_offline && !vd->vdev_tmpoffline) 354 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_OFFLINE, 355 B_TRUE) == 0); 356 if (vd->vdev_resilvering) 357 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_RESILVERING, 358 B_TRUE) == 0); 359 if (vd->vdev_faulted) 360 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_FAULTED, 361 B_TRUE) == 0); 362 if (vd->vdev_degraded) 363 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_DEGRADED, 364 B_TRUE) == 0); 365 if (vd->vdev_removed) 366 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_REMOVED, 367 B_TRUE) == 0); 368 if (vd->vdev_unspare) 369 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_UNSPARE, 370 B_TRUE) == 0); 371 if (vd->vdev_ishole) 372 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_IS_HOLE, 373 B_TRUE) == 0); 374 375 switch (vd->vdev_stat.vs_aux) { 376 case VDEV_AUX_ERR_EXCEEDED: 377 aux = "err_exceeded"; 378 break; 379 380 case VDEV_AUX_EXTERNAL: 381 aux = "external"; 382 break; 383 } 384 385 if (aux != NULL) 386 VERIFY(nvlist_add_string(nv, ZPOOL_CONFIG_AUX_STATE, 387 aux) == 0); 388 389 if (vd->vdev_splitting && vd->vdev_orig_guid != 0LL) { 390 VERIFY(nvlist_add_uint64(nv, ZPOOL_CONFIG_ORIG_GUID, 391 vd->vdev_orig_guid) == 0); 392 } 393 } 394 395 return (nv); 396 } 397 398 /* 399 * Generate a view of the top-level vdevs. If we currently have holes 400 * in the namespace, then generate an array which contains a list of holey 401 * vdevs. Additionally, add the number of top-level children that currently 402 * exist. 403 */ 404 void 405 vdev_top_config_generate(spa_t *spa, nvlist_t *config) 406 { 407 vdev_t *rvd = spa->spa_root_vdev; 408 uint64_t *array; 409 uint_t c, idx; 410 411 array = kmem_alloc(rvd->vdev_children * sizeof (uint64_t), KM_SLEEP); 412 413 for (c = 0, idx = 0; c < rvd->vdev_children; c++) { 414 vdev_t *tvd = rvd->vdev_child[c]; 415 416 if (tvd->vdev_ishole) 417 array[idx++] = c; 418 } 419 420 if (idx) { 421 VERIFY(nvlist_add_uint64_array(config, ZPOOL_CONFIG_HOLE_ARRAY, 422 array, idx) == 0); 423 } 424 425 VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_VDEV_CHILDREN, 426 rvd->vdev_children) == 0); 427 428 kmem_free(array, rvd->vdev_children * sizeof (uint64_t)); 429 } 430 431 nvlist_t * 432 vdev_label_read_config(vdev_t *vd) 433 { 434 spa_t *spa = vd->vdev_spa; 435 nvlist_t *config = NULL; 436 vdev_phys_t *vp; 437 zio_t *zio; 438 int flags = ZIO_FLAG_CONFIG_WRITER | ZIO_FLAG_CANFAIL | 439 ZIO_FLAG_SPECULATIVE; 440 441 ASSERT(spa_config_held(spa, SCL_STATE_ALL, RW_WRITER) == SCL_STATE_ALL); 442 443 if (!vdev_readable(vd)) 444 return (NULL); 445 446 vp = zio_buf_alloc(sizeof (vdev_phys_t)); 447 448 retry: 449 for (int l = 0; l < VDEV_LABELS; l++) { 450 451 zio = zio_root(spa, NULL, NULL, flags); 452 453 vdev_label_read(zio, vd, l, vp, 454 offsetof(vdev_label_t, vl_vdev_phys), 455 sizeof (vdev_phys_t), NULL, NULL, flags); 456 457 if (zio_wait(zio) == 0 && 458 nvlist_unpack(vp->vp_nvlist, sizeof (vp->vp_nvlist), 459 &config, 0) == 0) 460 break; 461 462 if (config != NULL) { 463 nvlist_free(config); 464 config = NULL; 465 } 466 } 467 468 if (config == NULL && !(flags & ZIO_FLAG_TRYHARD)) { 469 flags |= ZIO_FLAG_TRYHARD; 470 goto retry; 471 } 472 473 zio_buf_free(vp, sizeof (vdev_phys_t)); 474 475 return (config); 476 } 477 478 /* 479 * Determine if a device is in use. The 'spare_guid' parameter will be filled 480 * in with the device guid if this spare is active elsewhere on the system. 481 */ 482 static boolean_t 483 vdev_inuse(vdev_t *vd, uint64_t crtxg, vdev_labeltype_t reason, 484 uint64_t *spare_guid, uint64_t *l2cache_guid) 485 { 486 spa_t *spa = vd->vdev_spa; 487 uint64_t state, pool_guid, device_guid, txg, spare_pool; 488 uint64_t vdtxg = 0; 489 nvlist_t *label; 490 491 if (spare_guid) 492 *spare_guid = 0ULL; 493 if (l2cache_guid) 494 *l2cache_guid = 0ULL; 495 496 /* 497 * Read the label, if any, and perform some basic sanity checks. 498 */ 499 if ((label = vdev_label_read_config(vd)) == NULL) 500 return (B_FALSE); 501 502 (void) nvlist_lookup_uint64(label, ZPOOL_CONFIG_CREATE_TXG, 503 &vdtxg); 504 505 if (nvlist_lookup_uint64(label, ZPOOL_CONFIG_POOL_STATE, 506 &state) != 0 || 507 nvlist_lookup_uint64(label, ZPOOL_CONFIG_GUID, 508 &device_guid) != 0) { 509 nvlist_free(label); 510 return (B_FALSE); 511 } 512 513 if (state != POOL_STATE_SPARE && state != POOL_STATE_L2CACHE && 514 (nvlist_lookup_uint64(label, ZPOOL_CONFIG_POOL_GUID, 515 &pool_guid) != 0 || 516 nvlist_lookup_uint64(label, ZPOOL_CONFIG_POOL_TXG, 517 &txg) != 0)) { 518 nvlist_free(label); 519 return (B_FALSE); 520 } 521 522 nvlist_free(label); 523 524 /* 525 * Check to see if this device indeed belongs to the pool it claims to 526 * be a part of. The only way this is allowed is if the device is a hot 527 * spare (which we check for later on). 528 */ 529 if (state != POOL_STATE_SPARE && state != POOL_STATE_L2CACHE && 530 !spa_guid_exists(pool_guid, device_guid) && 531 !spa_spare_exists(device_guid, NULL, NULL) && 532 !spa_l2cache_exists(device_guid, NULL)) 533 return (B_FALSE); 534 535 /* 536 * If the transaction group is zero, then this an initialized (but 537 * unused) label. This is only an error if the create transaction 538 * on-disk is the same as the one we're using now, in which case the 539 * user has attempted to add the same vdev multiple times in the same 540 * transaction. 541 */ 542 if (state != POOL_STATE_SPARE && state != POOL_STATE_L2CACHE && 543 txg == 0 && vdtxg == crtxg) 544 return (B_TRUE); 545 546 /* 547 * Check to see if this is a spare device. We do an explicit check for 548 * spa_has_spare() here because it may be on our pending list of spares 549 * to add. We also check if it is an l2cache device. 550 */ 551 if (spa_spare_exists(device_guid, &spare_pool, NULL) || 552 spa_has_spare(spa, device_guid)) { 553 if (spare_guid) 554 *spare_guid = device_guid; 555 556 switch (reason) { 557 case VDEV_LABEL_CREATE: 558 case VDEV_LABEL_L2CACHE: 559 return (B_TRUE); 560 561 case VDEV_LABEL_REPLACE: 562 return (!spa_has_spare(spa, device_guid) || 563 spare_pool != 0ULL); 564 565 case VDEV_LABEL_SPARE: 566 return (spa_has_spare(spa, device_guid)); 567 } 568 } 569 570 /* 571 * Check to see if this is an l2cache device. 572 */ 573 if (spa_l2cache_exists(device_guid, NULL)) 574 return (B_TRUE); 575 576 /* 577 * We can't rely on a pool's state if it's been imported 578 * read-only. Instead we look to see if the pools is marked 579 * read-only in the namespace and set the state to active. 580 */ 581 if ((spa = spa_by_guid(pool_guid, device_guid)) != NULL && 582 spa_mode(spa) == FREAD) 583 state = POOL_STATE_ACTIVE; 584 585 /* 586 * If the device is marked ACTIVE, then this device is in use by another 587 * pool on the system. 588 */ 589 return (state == POOL_STATE_ACTIVE); 590 } 591 592 /* 593 * Initialize a vdev label. We check to make sure each leaf device is not in 594 * use, and writable. We put down an initial label which we will later 595 * overwrite with a complete label. Note that it's important to do this 596 * sequentially, not in parallel, so that we catch cases of multiple use of the 597 * same leaf vdev in the vdev we're creating -- e.g. mirroring a disk with 598 * itself. 599 */ 600 int 601 vdev_label_init(vdev_t *vd, uint64_t crtxg, vdev_labeltype_t reason) 602 { 603 spa_t *spa = vd->vdev_spa; 604 nvlist_t *label; 605 vdev_phys_t *vp; 606 char *pad2; 607 uberblock_t *ub; 608 zio_t *zio; 609 char *buf; 610 size_t buflen; 611 int error; 612 uint64_t spare_guid, l2cache_guid; 613 int flags = ZIO_FLAG_CONFIG_WRITER | ZIO_FLAG_CANFAIL; 614 615 ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL); 616 617 for (int c = 0; c < vd->vdev_children; c++) 618 if ((error = vdev_label_init(vd->vdev_child[c], 619 crtxg, reason)) != 0) 620 return (error); 621 622 /* Track the creation time for this vdev */ 623 vd->vdev_crtxg = crtxg; 624 625 if (!vd->vdev_ops->vdev_op_leaf) 626 return (0); 627 628 /* 629 * Dead vdevs cannot be initialized. 630 */ 631 if (vdev_is_dead(vd)) 632 return (EIO); 633 634 /* 635 * Determine if the vdev is in use. 636 */ 637 if (reason != VDEV_LABEL_REMOVE && reason != VDEV_LABEL_SPLIT && 638 vdev_inuse(vd, crtxg, reason, &spare_guid, &l2cache_guid)) 639 return (EBUSY); 640 641 /* 642 * If this is a request to add or replace a spare or l2cache device 643 * that is in use elsewhere on the system, then we must update the 644 * guid (which was initialized to a random value) to reflect the 645 * actual GUID (which is shared between multiple pools). 646 */ 647 if (reason != VDEV_LABEL_REMOVE && reason != VDEV_LABEL_L2CACHE && 648 spare_guid != 0ULL) { 649 uint64_t guid_delta = spare_guid - vd->vdev_guid; 650 651 vd->vdev_guid += guid_delta; 652 653 for (vdev_t *pvd = vd; pvd != NULL; pvd = pvd->vdev_parent) 654 pvd->vdev_guid_sum += guid_delta; 655 656 /* 657 * If this is a replacement, then we want to fallthrough to the 658 * rest of the code. If we're adding a spare, then it's already 659 * labeled appropriately and we can just return. 660 */ 661 if (reason == VDEV_LABEL_SPARE) 662 return (0); 663 ASSERT(reason == VDEV_LABEL_REPLACE || 664 reason == VDEV_LABEL_SPLIT); 665 } 666 667 if (reason != VDEV_LABEL_REMOVE && reason != VDEV_LABEL_SPARE && 668 l2cache_guid != 0ULL) { 669 uint64_t guid_delta = l2cache_guid - vd->vdev_guid; 670 671 vd->vdev_guid += guid_delta; 672 673 for (vdev_t *pvd = vd; pvd != NULL; pvd = pvd->vdev_parent) 674 pvd->vdev_guid_sum += guid_delta; 675 676 /* 677 * If this is a replacement, then we want to fallthrough to the 678 * rest of the code. If we're adding an l2cache, then it's 679 * already labeled appropriately and we can just return. 680 */ 681 if (reason == VDEV_LABEL_L2CACHE) 682 return (0); 683 ASSERT(reason == VDEV_LABEL_REPLACE); 684 } 685 686 /* 687 * Initialize its label. 688 */ 689 vp = zio_buf_alloc(sizeof (vdev_phys_t)); 690 bzero(vp, sizeof (vdev_phys_t)); 691 692 /* 693 * Generate a label describing the pool and our top-level vdev. 694 * We mark it as being from txg 0 to indicate that it's not 695 * really part of an active pool just yet. The labels will 696 * be written again with a meaningful txg by spa_sync(). 697 */ 698 if (reason == VDEV_LABEL_SPARE || 699 (reason == VDEV_LABEL_REMOVE && vd->vdev_isspare)) { 700 /* 701 * For inactive hot spares, we generate a special label that 702 * identifies as a mutually shared hot spare. We write the 703 * label if we are adding a hot spare, or if we are removing an 704 * active hot spare (in which case we want to revert the 705 * labels). 706 */ 707 VERIFY(nvlist_alloc(&label, NV_UNIQUE_NAME, KM_SLEEP) == 0); 708 709 VERIFY(nvlist_add_uint64(label, ZPOOL_CONFIG_VERSION, 710 spa_version(spa)) == 0); 711 VERIFY(nvlist_add_uint64(label, ZPOOL_CONFIG_POOL_STATE, 712 POOL_STATE_SPARE) == 0); 713 VERIFY(nvlist_add_uint64(label, ZPOOL_CONFIG_GUID, 714 vd->vdev_guid) == 0); 715 } else if (reason == VDEV_LABEL_L2CACHE || 716 (reason == VDEV_LABEL_REMOVE && vd->vdev_isl2cache)) { 717 /* 718 * For level 2 ARC devices, add a special label. 719 */ 720 VERIFY(nvlist_alloc(&label, NV_UNIQUE_NAME, KM_SLEEP) == 0); 721 722 VERIFY(nvlist_add_uint64(label, ZPOOL_CONFIG_VERSION, 723 spa_version(spa)) == 0); 724 VERIFY(nvlist_add_uint64(label, ZPOOL_CONFIG_POOL_STATE, 725 POOL_STATE_L2CACHE) == 0); 726 VERIFY(nvlist_add_uint64(label, ZPOOL_CONFIG_GUID, 727 vd->vdev_guid) == 0); 728 } else { 729 uint64_t txg = 0ULL; 730 731 if (reason == VDEV_LABEL_SPLIT) 732 txg = spa->spa_uberblock.ub_txg; 733 label = spa_config_generate(spa, vd, txg, B_FALSE); 734 735 /* 736 * Add our creation time. This allows us to detect multiple 737 * vdev uses as described above, and automatically expires if we 738 * fail. 739 */ 740 VERIFY(nvlist_add_uint64(label, ZPOOL_CONFIG_CREATE_TXG, 741 crtxg) == 0); 742 } 743 744 buf = vp->vp_nvlist; 745 buflen = sizeof (vp->vp_nvlist); 746 747 error = nvlist_pack(label, &buf, &buflen, NV_ENCODE_XDR, KM_SLEEP); 748 if (error != 0) { 749 nvlist_free(label); 750 zio_buf_free(vp, sizeof (vdev_phys_t)); 751 /* EFAULT means nvlist_pack ran out of room */ 752 return (error == EFAULT ? ENAMETOOLONG : EINVAL); 753 } 754 755 /* 756 * Initialize uberblock template. 757 */ 758 ub = zio_buf_alloc(VDEV_UBERBLOCK_RING); 759 bzero(ub, VDEV_UBERBLOCK_RING); 760 *ub = spa->spa_uberblock; 761 ub->ub_txg = 0; 762 763 /* Initialize the 2nd padding area. */ 764 pad2 = zio_buf_alloc(VDEV_PAD_SIZE); 765 bzero(pad2, VDEV_PAD_SIZE); 766 767 /* 768 * Write everything in parallel. 769 */ 770 retry: 771 zio = zio_root(spa, NULL, NULL, flags); 772 773 for (int l = 0; l < VDEV_LABELS; l++) { 774 775 vdev_label_write(zio, vd, l, vp, 776 offsetof(vdev_label_t, vl_vdev_phys), 777 sizeof (vdev_phys_t), NULL, NULL, flags); 778 779 /* 780 * Skip the 1st padding area. 781 * Zero out the 2nd padding area where it might have 782 * left over data from previous filesystem format. 783 */ 784 vdev_label_write(zio, vd, l, pad2, 785 offsetof(vdev_label_t, vl_pad2), 786 VDEV_PAD_SIZE, NULL, NULL, flags); 787 788 vdev_label_write(zio, vd, l, ub, 789 offsetof(vdev_label_t, vl_uberblock), 790 VDEV_UBERBLOCK_RING, NULL, NULL, flags); 791 } 792 793 error = zio_wait(zio); 794 795 if (error != 0 && !(flags & ZIO_FLAG_TRYHARD)) { 796 flags |= ZIO_FLAG_TRYHARD; 797 goto retry; 798 } 799 800 nvlist_free(label); 801 zio_buf_free(pad2, VDEV_PAD_SIZE); 802 zio_buf_free(ub, VDEV_UBERBLOCK_RING); 803 zio_buf_free(vp, sizeof (vdev_phys_t)); 804 805 /* 806 * If this vdev hasn't been previously identified as a spare, then we 807 * mark it as such only if a) we are labeling it as a spare, or b) it 808 * exists as a spare elsewhere in the system. Do the same for 809 * level 2 ARC devices. 810 */ 811 if (error == 0 && !vd->vdev_isspare && 812 (reason == VDEV_LABEL_SPARE || 813 spa_spare_exists(vd->vdev_guid, NULL, NULL))) 814 spa_spare_add(vd); 815 816 if (error == 0 && !vd->vdev_isl2cache && 817 (reason == VDEV_LABEL_L2CACHE || 818 spa_l2cache_exists(vd->vdev_guid, NULL))) 819 spa_l2cache_add(vd); 820 821 return (error); 822 } 823 824 /* 825 * ========================================================================== 826 * uberblock load/sync 827 * ========================================================================== 828 */ 829 830 /* 831 * Consider the following situation: txg is safely synced to disk. We've 832 * written the first uberblock for txg + 1, and then we lose power. When we 833 * come back up, we fail to see the uberblock for txg + 1 because, say, 834 * it was on a mirrored device and the replica to which we wrote txg + 1 835 * is now offline. If we then make some changes and sync txg + 1, and then 836 * the missing replica comes back, then for a new seconds we'll have two 837 * conflicting uberblocks on disk with the same txg. The solution is simple: 838 * among uberblocks with equal txg, choose the one with the latest timestamp. 839 */ 840 static int 841 vdev_uberblock_compare(uberblock_t *ub1, uberblock_t *ub2) 842 { 843 if (ub1->ub_txg < ub2->ub_txg) 844 return (-1); 845 if (ub1->ub_txg > ub2->ub_txg) 846 return (1); 847 848 if (ub1->ub_timestamp < ub2->ub_timestamp) 849 return (-1); 850 if (ub1->ub_timestamp > ub2->ub_timestamp) 851 return (1); 852 853 return (0); 854 } 855 856 static void 857 vdev_uberblock_load_done(zio_t *zio) 858 { 859 spa_t *spa = zio->io_spa; 860 zio_t *rio = zio->io_private; 861 uberblock_t *ub = zio->io_data; 862 uberblock_t *ubbest = rio->io_private; 863 864 ASSERT3U(zio->io_size, ==, VDEV_UBERBLOCK_SIZE(zio->io_vd)); 865 866 if (zio->io_error == 0 && uberblock_verify(ub) == 0) { 867 mutex_enter(&rio->io_lock); 868 if (ub->ub_txg <= spa->spa_load_max_txg && 869 vdev_uberblock_compare(ub, ubbest) > 0) 870 *ubbest = *ub; 871 mutex_exit(&rio->io_lock); 872 } 873 874 zio_buf_free(zio->io_data, zio->io_size); 875 } 876 877 void 878 vdev_uberblock_load(zio_t *zio, vdev_t *vd, uberblock_t *ubbest) 879 { 880 spa_t *spa = vd->vdev_spa; 881 vdev_t *rvd = spa->spa_root_vdev; 882 int flags = ZIO_FLAG_CONFIG_WRITER | ZIO_FLAG_CANFAIL | 883 ZIO_FLAG_SPECULATIVE | ZIO_FLAG_TRYHARD; 884 885 if (vd == rvd) { 886 ASSERT(zio == NULL); 887 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER); 888 zio = zio_root(spa, NULL, ubbest, flags); 889 bzero(ubbest, sizeof (uberblock_t)); 890 } 891 892 ASSERT(zio != NULL); 893 894 for (int c = 0; c < vd->vdev_children; c++) 895 vdev_uberblock_load(zio, vd->vdev_child[c], ubbest); 896 897 if (vd->vdev_ops->vdev_op_leaf && vdev_readable(vd)) { 898 for (int l = 0; l < VDEV_LABELS; l++) { 899 for (int n = 0; n < VDEV_UBERBLOCK_COUNT(vd); n++) { 900 vdev_label_read(zio, vd, l, 901 zio_buf_alloc(VDEV_UBERBLOCK_SIZE(vd)), 902 VDEV_UBERBLOCK_OFFSET(vd, n), 903 VDEV_UBERBLOCK_SIZE(vd), 904 vdev_uberblock_load_done, zio, flags); 905 } 906 } 907 } 908 909 if (vd == rvd) { 910 (void) zio_wait(zio); 911 spa_config_exit(spa, SCL_ALL, FTAG); 912 } 913 } 914 915 /* 916 * On success, increment root zio's count of good writes. 917 * We only get credit for writes to known-visible vdevs; see spa_vdev_add(). 918 */ 919 static void 920 vdev_uberblock_sync_done(zio_t *zio) 921 { 922 uint64_t *good_writes = zio->io_private; 923 924 if (zio->io_error == 0 && zio->io_vd->vdev_top->vdev_ms_array != 0) 925 atomic_add_64(good_writes, 1); 926 } 927 928 /* 929 * Write the uberblock to all labels of all leaves of the specified vdev. 930 */ 931 static void 932 vdev_uberblock_sync(zio_t *zio, uberblock_t *ub, vdev_t *vd, int flags) 933 { 934 uberblock_t *ubbuf; 935 int n; 936 937 for (int c = 0; c < vd->vdev_children; c++) 938 vdev_uberblock_sync(zio, ub, vd->vdev_child[c], flags); 939 940 if (!vd->vdev_ops->vdev_op_leaf) 941 return; 942 943 if (!vdev_writeable(vd)) 944 return; 945 946 n = ub->ub_txg & (VDEV_UBERBLOCK_COUNT(vd) - 1); 947 948 ubbuf = zio_buf_alloc(VDEV_UBERBLOCK_SIZE(vd)); 949 bzero(ubbuf, VDEV_UBERBLOCK_SIZE(vd)); 950 *ubbuf = *ub; 951 952 for (int l = 0; l < VDEV_LABELS; l++) 953 vdev_label_write(zio, vd, l, ubbuf, 954 VDEV_UBERBLOCK_OFFSET(vd, n), VDEV_UBERBLOCK_SIZE(vd), 955 vdev_uberblock_sync_done, zio->io_private, 956 flags | ZIO_FLAG_DONT_PROPAGATE); 957 958 zio_buf_free(ubbuf, VDEV_UBERBLOCK_SIZE(vd)); 959 } 960 961 int 962 vdev_uberblock_sync_list(vdev_t **svd, int svdcount, uberblock_t *ub, int flags) 963 { 964 spa_t *spa = svd[0]->vdev_spa; 965 zio_t *zio; 966 uint64_t good_writes = 0; 967 968 zio = zio_root(spa, NULL, &good_writes, flags); 969 970 for (int v = 0; v < svdcount; v++) 971 vdev_uberblock_sync(zio, ub, svd[v], flags); 972 973 (void) zio_wait(zio); 974 975 /* 976 * Flush the uberblocks to disk. This ensures that the odd labels 977 * are no longer needed (because the new uberblocks and the even 978 * labels are safely on disk), so it is safe to overwrite them. 979 */ 980 zio = zio_root(spa, NULL, NULL, flags); 981 982 for (int v = 0; v < svdcount; v++) 983 zio_flush(zio, svd[v]); 984 985 (void) zio_wait(zio); 986 987 return (good_writes >= 1 ? 0 : EIO); 988 } 989 990 /* 991 * On success, increment the count of good writes for our top-level vdev. 992 */ 993 static void 994 vdev_label_sync_done(zio_t *zio) 995 { 996 uint64_t *good_writes = zio->io_private; 997 998 if (zio->io_error == 0) 999 atomic_add_64(good_writes, 1); 1000 } 1001 1002 /* 1003 * If there weren't enough good writes, indicate failure to the parent. 1004 */ 1005 static void 1006 vdev_label_sync_top_done(zio_t *zio) 1007 { 1008 uint64_t *good_writes = zio->io_private; 1009 1010 if (*good_writes == 0) 1011 zio->io_error = EIO; 1012 1013 kmem_free(good_writes, sizeof (uint64_t)); 1014 } 1015 1016 /* 1017 * We ignore errors for log and cache devices, simply free the private data. 1018 */ 1019 static void 1020 vdev_label_sync_ignore_done(zio_t *zio) 1021 { 1022 kmem_free(zio->io_private, sizeof (uint64_t)); 1023 } 1024 1025 /* 1026 * Write all even or odd labels to all leaves of the specified vdev. 1027 */ 1028 static void 1029 vdev_label_sync(zio_t *zio, vdev_t *vd, int l, uint64_t txg, int flags) 1030 { 1031 nvlist_t *label; 1032 vdev_phys_t *vp; 1033 char *buf; 1034 size_t buflen; 1035 1036 for (int c = 0; c < vd->vdev_children; c++) 1037 vdev_label_sync(zio, vd->vdev_child[c], l, txg, flags); 1038 1039 if (!vd->vdev_ops->vdev_op_leaf) 1040 return; 1041 1042 if (!vdev_writeable(vd)) 1043 return; 1044 1045 /* 1046 * Generate a label describing the top-level config to which we belong. 1047 */ 1048 label = spa_config_generate(vd->vdev_spa, vd, txg, B_FALSE); 1049 1050 vp = zio_buf_alloc(sizeof (vdev_phys_t)); 1051 bzero(vp, sizeof (vdev_phys_t)); 1052 1053 buf = vp->vp_nvlist; 1054 buflen = sizeof (vp->vp_nvlist); 1055 1056 if (nvlist_pack(label, &buf, &buflen, NV_ENCODE_XDR, KM_SLEEP) == 0) { 1057 for (; l < VDEV_LABELS; l += 2) { 1058 vdev_label_write(zio, vd, l, vp, 1059 offsetof(vdev_label_t, vl_vdev_phys), 1060 sizeof (vdev_phys_t), 1061 vdev_label_sync_done, zio->io_private, 1062 flags | ZIO_FLAG_DONT_PROPAGATE); 1063 } 1064 } 1065 1066 zio_buf_free(vp, sizeof (vdev_phys_t)); 1067 nvlist_free(label); 1068 } 1069 1070 int 1071 vdev_label_sync_list(spa_t *spa, int l, uint64_t txg, int flags) 1072 { 1073 list_t *dl = &spa->spa_config_dirty_list; 1074 vdev_t *vd; 1075 zio_t *zio; 1076 int error; 1077 1078 /* 1079 * Write the new labels to disk. 1080 */ 1081 zio = zio_root(spa, NULL, NULL, flags); 1082 1083 for (vd = list_head(dl); vd != NULL; vd = list_next(dl, vd)) { 1084 uint64_t *good_writes = kmem_zalloc(sizeof (uint64_t), 1085 KM_SLEEP); 1086 1087 ASSERT(!vd->vdev_ishole); 1088 1089 zio_t *vio = zio_null(zio, spa, NULL, 1090 (vd->vdev_islog || vd->vdev_aux != NULL) ? 1091 vdev_label_sync_ignore_done : vdev_label_sync_top_done, 1092 good_writes, flags); 1093 vdev_label_sync(vio, vd, l, txg, flags); 1094 zio_nowait(vio); 1095 } 1096 1097 error = zio_wait(zio); 1098 1099 /* 1100 * Flush the new labels to disk. 1101 */ 1102 zio = zio_root(spa, NULL, NULL, flags); 1103 1104 for (vd = list_head(dl); vd != NULL; vd = list_next(dl, vd)) 1105 zio_flush(zio, vd); 1106 1107 (void) zio_wait(zio); 1108 1109 return (error); 1110 } 1111 1112 /* 1113 * Sync the uberblock and any changes to the vdev configuration. 1114 * 1115 * The order of operations is carefully crafted to ensure that 1116 * if the system panics or loses power at any time, the state on disk 1117 * is still transactionally consistent. The in-line comments below 1118 * describe the failure semantics at each stage. 1119 * 1120 * Moreover, vdev_config_sync() is designed to be idempotent: if it fails 1121 * at any time, you can just call it again, and it will resume its work. 1122 */ 1123 int 1124 vdev_config_sync(vdev_t **svd, int svdcount, uint64_t txg, boolean_t tryhard) 1125 { 1126 spa_t *spa = svd[0]->vdev_spa; 1127 uberblock_t *ub = &spa->spa_uberblock; 1128 vdev_t *vd; 1129 zio_t *zio; 1130 int error; 1131 int flags = ZIO_FLAG_CONFIG_WRITER | ZIO_FLAG_CANFAIL; 1132 1133 /* 1134 * Normally, we don't want to try too hard to write every label and 1135 * uberblock. If there is a flaky disk, we don't want the rest of the 1136 * sync process to block while we retry. But if we can't write a 1137 * single label out, we should retry with ZIO_FLAG_TRYHARD before 1138 * bailing out and declaring the pool faulted. 1139 */ 1140 if (tryhard) 1141 flags |= ZIO_FLAG_TRYHARD; 1142 1143 ASSERT(ub->ub_txg <= txg); 1144 1145 /* 1146 * If this isn't a resync due to I/O errors, 1147 * and nothing changed in this transaction group, 1148 * and the vdev configuration hasn't changed, 1149 * then there's nothing to do. 1150 */ 1151 if (ub->ub_txg < txg && 1152 uberblock_update(ub, spa->spa_root_vdev, txg) == B_FALSE && 1153 list_is_empty(&spa->spa_config_dirty_list)) 1154 return (0); 1155 1156 if (txg > spa_freeze_txg(spa)) 1157 return (0); 1158 1159 ASSERT(txg <= spa->spa_final_txg); 1160 1161 /* 1162 * Flush the write cache of every disk that's been written to 1163 * in this transaction group. This ensures that all blocks 1164 * written in this txg will be committed to stable storage 1165 * before any uberblock that references them. 1166 */ 1167 zio = zio_root(spa, NULL, NULL, flags); 1168 1169 for (vd = txg_list_head(&spa->spa_vdev_txg_list, TXG_CLEAN(txg)); vd; 1170 vd = txg_list_next(&spa->spa_vdev_txg_list, vd, TXG_CLEAN(txg))) 1171 zio_flush(zio, vd); 1172 1173 (void) zio_wait(zio); 1174 1175 /* 1176 * Sync out the even labels (L0, L2) for every dirty vdev. If the 1177 * system dies in the middle of this process, that's OK: all of the 1178 * even labels that made it to disk will be newer than any uberblock, 1179 * and will therefore be considered invalid. The odd labels (L1, L3), 1180 * which have not yet been touched, will still be valid. We flush 1181 * the new labels to disk to ensure that all even-label updates 1182 * are committed to stable storage before the uberblock update. 1183 */ 1184 if ((error = vdev_label_sync_list(spa, 0, txg, flags)) != 0) 1185 return (error); 1186 1187 /* 1188 * Sync the uberblocks to all vdevs in svd[]. 1189 * If the system dies in the middle of this step, there are two cases 1190 * to consider, and the on-disk state is consistent either way: 1191 * 1192 * (1) If none of the new uberblocks made it to disk, then the 1193 * previous uberblock will be the newest, and the odd labels 1194 * (which had not yet been touched) will be valid with respect 1195 * to that uberblock. 1196 * 1197 * (2) If one or more new uberblocks made it to disk, then they 1198 * will be the newest, and the even labels (which had all 1199 * been successfully committed) will be valid with respect 1200 * to the new uberblocks. 1201 */ 1202 if ((error = vdev_uberblock_sync_list(svd, svdcount, ub, flags)) != 0) 1203 return (error); 1204 1205 /* 1206 * Sync out odd labels for every dirty vdev. If the system dies 1207 * in the middle of this process, the even labels and the new 1208 * uberblocks will suffice to open the pool. The next time 1209 * the pool is opened, the first thing we'll do -- before any 1210 * user data is modified -- is mark every vdev dirty so that 1211 * all labels will be brought up to date. We flush the new labels 1212 * to disk to ensure that all odd-label updates are committed to 1213 * stable storage before the next transaction group begins. 1214 */ 1215 return (vdev_label_sync_list(spa, 1, txg, flags)); 1216 } 1217
Indexes created Thu May 17 00:40:56 UTC 2012
Terms of Use
|
Privacy
|
Trademarks
|
Copyright Policy
|
Site Guidelines
|
Site Map
|
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2012, Oracle Corporation and/or its affiliates.