| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
(we ignore it).
- Remove code used for handling spoil events, as spoiling is not possible
anymore, because we keep consumers open for writing all the time.
MFC after: 4 days
|
|
|
|
|
|
| |
all the time. Remove unused code then.
MFC after: 4 days
|
| |
|
| |
|
|
|
|
|
| |
set a thread's priority via sched_prio() when that is the desired action.
The schedulers will start managing td_base_pri internally shortly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After this change, when component is disconnected because of an I/O error,
it will not be connected and synchronized automatically, it will be logged
as broken and skipped. Autosynchronization can occur, when component is
disconnected (on orphan event) and connected again - there were no I/O
error, so there is no need to not connected the component, but when there were
writes while it wasn't connected, it will be synchronized.
This fix cases, when component is disconnected because of I/O error and can be
connected again and again.
- Bump version number.
- Implement backward compatibility mechanism. After this change when metadata in
old version is detected, it is automatically upgraded to the new (current)
version.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After this change, when component is disconnected because of an I/O error,
it will not be connected and synchronized automatically, it will be logged
as broken and skipped. Autosynchronization can occur, when component is
disconnected (on orphan event) and connected again - there were no I/O
error, so there is no need to not connected the component, but when there were
writes while it wasn't connected, it will be synchronized.
This fix cases, when component is disconnected because of I/O error and can be
connected again and again.
- Bump version number.
- Add version change history.
- Implement backward compatibility mechanism. After this change when metadata in
old version is detected, it is automatically upgraded to the new (current)
version.
|
|
|
|
|
|
| |
that device cannot be destroyed immediately, under debug=1.
Suggested by: simon
|
|
|
|
| |
For more details check src/sys/geom/mirror/g_mirror.c rev.1.47,1.48,1.49,1.50.
|
|
|
|
|
|
| |
while doing g_(read|write)_data() (e.g. BSD). This can cause a deadlock
in MIRROR class. Not sure if this is safe to drop the topology lock in BSD
class, so change the code in MIRROR class to avoid this deadlock.
|
|
|
|
| |
No objection from: phk
|
| |
|
|
|
|
|
|
| |
mark it as such.
- Before closing consumer check if it is open. It can be closed here
when g_mirror_connect_disk() fails on g_access().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Keeping consumers open when device is closed is very hard. We need to
open consumers sometimes to update metadata, etc.
Many hacks was introduced in the past to made it possible. You cannot
be sure that you can open consumer for writing always, even if you think
it should be allowed. If one of the mirror components is for example da0
and you try to open it, you can get EPERM when da0s1 is opened for reading
(because BSD class opens consumers (da0) with an extra 'e' bit set).
Waiting for the events queue to be empty may do the trick, but it makes
code much uglier (as you cannot always call g_waitidle()), it doesn't
solve all edge cases and it can introduce deadlocks if there are events
in the queue that wait for gmirror.
I removed those hacks. Now all consumers are open r1w1e1 always, even if
device is closed. Maybe it is less clean from GEOM perspective, but simpify
code a lot and make it much more reliable.
The only issue was retaste event which is sent when we close consumers
opened for writing. I ignore retaste event by not detaching consumer
immediately (so retaste event is not send to my class) and sending event
right after it to detach and destroy consumer.
|
| |
|
|
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
Reject certain ioctls if write permission is not indicated.
Bump geom API version.
Reported by: Ruben de Groot <mail25@bzerk.org>
|
|
|
|
|
| |
when this mode is used.
- Manual page update.
|
|
|
|
|
|
|
|
|
| |
anywhere in the DAG. This includes configurations that are not
allowed by the EFI specification.
o Reject a GPT partition table if it's not preceeded by a PMBR.
There's no need to preserve the MBR partitioning anymore as GPT
is mature and with the first bullet extending the applicability
of GPT, it's better to be a bit more strict.
|
|
|
|
|
|
|
|
| |
because we know it then and we need it when inserting a component which
wasn't destroyed while device was running.
Reported by: Michael Handler <handler@grendel.net>
MFC after: 1 week
|
|
|
|
|
|
|
|
|
| |
observations lead me to believe that the convetion for pc98 boot
loaders is to have a jump unstruction, followed by a string, followed
by code. The jump usually doesn't have a nop after it and usually the
string is NUL terminated, but Grub/98 breaks both of these rules.
# I looked for, but failed to find the Minux boot blocks for PC-9801 port.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
512. If I had an audio cdrom in my cd player when I booted my system,
I'd get a panic from geom because you can't read 8192 bytes from an
audio cdrom.
Remove XXX comment about IPL1 and replace it with some information
from my soon to be published web page on the pc98 disk layout. The
IPL1 test was the result of an observation of a disk with FreeBSD's
boot0 program. It was testing part of an area what appears to be
reserved for a boot loader name, which comes after a jump over this
area. I don't yet know if it is required to be any specific jump
instruction, or if the destination has to be location 11. [1]
[1] FreeBSD Press No. 13, page 115, poorly translated by myself. The
picture there shows offset 8 as the destination of the jump, but
FreeBSD's boot0 program has three padding NULs after the IPL1 name and
uses a 16-bit 'jmp' instruction.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
correct open/close behaviour of filesystems:
When an ioctl to modify the MBR arrives, we cannot take for granted that
we have the consumer open.
The symptom is that one cannot run 'boot0cfg -s2 /dev/ad0' in single-user
mode because / is the only open partition in only open r1w0e1.
If it is not, we attempt to increase the write count by one and
decrease it again afterwards.
Presumably most if not all other slices suffer from the same problem.
|
|
|
|
| |
for debugging and emergency purposes.
|
| |
|
|
|
|
| |
- Move DROP_GIANT()/PICKUP_GIANT() to g_gate_ioctl().
|
|
|
|
|
| |
Submitted by: simokawa
MFC after: 1 week
|
|
|
|
| |
code duplication.
|
|
|
|
| |
there later.
|
|
|
|
|
|
|
|
|
|
| |
that the events queue is empty. In other case we're able to hit the race
where for example da0s1 is tasted by some other class, which means that
da0 is open with exclusive bit set, which means that we can't open da0
for writing if it is our component.
Reported by: Attila Nagy <bra@fsn.hu> (and somebody else sometime ago,
but I cannot find who it was)
|
|
|
|
|
|
|
| |
but should be called with the topology lock held and returns with the
topology lock held and empty event queue.
Approved by: phk (sometime ago)
|
|
|
|
|
| |
DIRTY flag can be removed in idle process. Use consumer's acw field
instead to avoid opening consumer twice.
|
|
|
|
|
|
| |
check if provider is open for writing.
This fixes panic when device is open only for writing and we send write
request.
|
| |
|
| |
|
|
|
|
|
|
| |
marking components as clean.
Pointed out by: scottl
|
|
|
|
| |
- Make kern.geom.raid3.timeout variable tunable.
|
|
|
|
|
|
| |
unmounted).
Suggested by: scottl
|
|
|
|
| |
- Remove unused #include.
|
|
|
|
|
|
| |
unmounted.
Suggested by: scottl
|
| |
|
|
|
|
|
|
|
|
| |
seconds of idling, DRITY flags are removed.
- If mirror is in idle state or is not open for writing, sleep without
timeout when waiting for I/O requests.
- Don't use atomic operations, for now sysctls are protected by Giant.
- Update debugs.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix for good (I hope) force-stopping mirrors and some filure cases
(e.g. the last good component dies when synchronization is in progress).
Don't use ->nstart/->nend consumer's fields, as this could be racy,
because those fields are used in g_down/g_up, use ->index consumer's
field instead for tracking number of not finished requests.
Reported by: marcel
- After 5 seconds of idle time (this should be configurable) mark all
dirty providers as clean, so when mirror is not used in 5 seconds
and there will be power failure, no synchronization on boot is needed.
Idea from: sorry, I can't find who suggested this
- When there are no ACTIVE components and no NEW components destroy whole
mirror, not only provider.
- Fix one debug to show information about I/O request, before we change
its command.
|
|
|
|
| |
Spotted by: tegge
|
| |
|
| |
|
| |
|