23c23
< * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
---
> * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
27,28d26
< #pragma ident "%Z%%M% %I% %E% SMI"
<
42a41
> #include <sys/arc.h>
61d59
< &vdev_file_ops,
62a61
> &vdev_file_ops,
67,68c66,67
< /* maximum scrub/resilver I/O queue */
< int zfs_scrub_limit = 70;
---
> /* maximum scrub/resilver I/O queue per leaf vdev */
> int zfs_scrub_limit = 10;
69a69,72
> TUNABLE_INT("vfs.zfs.scrub_limit", &zfs_scrub_limit);
> SYSCTL_INT(_vfs_zfs, OID_AUTO, scrub_limit, CTLFLAG_RDTUN, &zfs_scrub_limit, 0,
> "Maximum scrub/resilver I/O queue");
>
146c149,152
< if (vdev < rvd->vdev_children)
---
> ASSERT(spa_config_held(spa, SCL_ALL, RW_READER) != 0);
>
> if (vdev < rvd->vdev_children) {
> ASSERT(rvd->vdev_child[vdev] != NULL);
147a154
> }
176c183
< ASSERT(spa_config_held(cvd->vdev_spa, RW_WRITER));
---
> ASSERT(spa_config_held(cvd->vdev_spa, SCL_ALL, RW_WRITER) == SCL_ALL);
259c266
< ASSERT(spa_config_held(pvd->vdev_spa, RW_WRITER));
---
> ASSERT(spa_config_held(pvd->vdev_spa, SCL_ALL, RW_WRITER) == SCL_ALL);
321a329
> mutex_init(&vd->vdev_probe_lock, NULL, MUTEX_DEFAULT, NULL);
328a337,338
> vdev_queue_init(vd);
> vdev_cache_init(vd);
334,366d343
< * Free a vdev_t that has been removed from service.
< */
< static void
< vdev_free_common(vdev_t *vd)
< {
< spa_t *spa = vd->vdev_spa;
<
< if (vd->vdev_path)
< spa_strfree(vd->vdev_path);
< if (vd->vdev_devid)
< spa_strfree(vd->vdev_devid);
<
< if (vd->vdev_isspare)
< spa_spare_remove(vd);
<
< txg_list_destroy(&vd->vdev_ms_list);
< txg_list_destroy(&vd->vdev_dtl_list);
< mutex_enter(&vd->vdev_dtl_lock);
< space_map_unload(&vd->vdev_dtl_map);
< space_map_destroy(&vd->vdev_dtl_map);
< space_map_vacate(&vd->vdev_dtl_scrub, NULL, NULL);
< space_map_destroy(&vd->vdev_dtl_scrub);
< mutex_exit(&vd->vdev_dtl_lock);
< mutex_destroy(&vd->vdev_dtl_lock);
< mutex_destroy(&vd->vdev_stat_lock);
<
< if (vd == spa->spa_root_vdev)
< spa->spa_root_vdev = NULL;
<
< kmem_free(vd, sizeof (vdev_t));
< }
<
< /*
377c354
< uint64_t guid = 0;
---
> uint64_t guid = 0, islog, nparity;
380c357
< ASSERT(spa_config_held(spa, RW_WRITER));
---
> ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
403a381,383
> } else if (alloctype == VDEV_ALLOC_L2CACHE) {
> if (nvlist_lookup_uint64(nv, ZPOOL_CONFIG_GUID, &guid) != 0)
> return (EINVAL);
412c392,398
< vd = vdev_alloc_common(spa, id, guid, ops);
---
> /*
> * Determine whether we're a log vdev.
> */
> islog = 0;
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_IS_LOG, &islog);
> if (islog && spa_version(spa) < SPA_VERSION_SLOGS)
> return (ENOTSUP);
414,418d399
< if (nvlist_lookup_string(nv, ZPOOL_CONFIG_PATH, &vd->vdev_path) == 0)
< vd->vdev_path = spa_strdup(vd->vdev_path);
< if (nvlist_lookup_string(nv, ZPOOL_CONFIG_DEVID, &vd->vdev_devid) == 0)
< vd->vdev_devid = spa_strdup(vd->vdev_devid);
<
420c401
< * Set the nparity propery for RAID-Z vdevs.
---
> * Set the nparity property for RAID-Z vdevs.
421a403
> nparity = -1ULL;
424c406
< &vd->vdev_nparity) == 0) {
---
> &nparity) == 0) {
428c410
< if (vd->vdev_nparity > 2)
---
> if (nparity == 0 || nparity > 2)
433,434c415,416
< if (vd->vdev_nparity == 2 &&
< spa_version(spa) < ZFS_VERSION_RAID6)
---
> if (nparity == 2 &&
> spa_version(spa) < SPA_VERSION_RAID6)
436d417
<
442c423
< if (spa_version(spa) >= ZFS_VERSION_RAID6)
---
> if (spa_version(spa) >= SPA_VERSION_RAID6)
444d424
<
448c428
< vd->vdev_nparity = 1;
---
> nparity = 1;
451c431
< vd->vdev_nparity = 0;
---
> nparity = 0;
452a433
> ASSERT(nparity != -1ULL);
453a435,447
> vd = vdev_alloc_common(spa, id, guid, ops);
>
> vd->vdev_islog = islog;
> vd->vdev_nparity = nparity;
>
> if (nvlist_lookup_string(nv, ZPOOL_CONFIG_PATH, &vd->vdev_path) == 0)
> vd->vdev_path = spa_strdup(vd->vdev_path);
> if (nvlist_lookup_string(nv, ZPOOL_CONFIG_DEVID, &vd->vdev_devid) == 0)
> vd->vdev_devid = spa_strdup(vd->vdev_devid);
> if (nvlist_lookup_string(nv, ZPOOL_CONFIG_PHYS_PATH,
> &vd->vdev_physpath) == 0)
> vd->vdev_physpath = spa_strdup(vd->vdev_physpath);
>
466,467c460,462
< (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_NOT_PRESENT,
< &vd->vdev_not_present);
---
> if (!spa->spa_import_faulted)
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_NOT_PRESENT,
> &vd->vdev_not_present);
487c482
< * If we're a leaf vdev, try to load the DTL object and offline state.
---
> * If we're a leaf vdev, try to load the DTL object and other state.
489,491c484,491
< if (vd->vdev_ops->vdev_op_leaf && alloctype == VDEV_ALLOC_LOAD) {
< (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_DTL,
< &vd->vdev_dtl.smo_object);
---
> if (vd->vdev_ops->vdev_op_leaf &&
> (alloctype == VDEV_ALLOC_LOAD || alloctype == VDEV_ALLOC_L2CACHE)) {
> if (alloctype == VDEV_ALLOC_LOAD) {
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_DTL,
> &vd->vdev_dtl.smo_object);
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_UNSPARE,
> &vd->vdev_unspare);
> }
493a494,507
>
> /*
> * When importing a pool, we want to ignore the persistent fault
> * state, as the diagnosis made on another system may not be
> * valid in the current context.
> */
> if (spa->spa_load_state == SPA_LOAD_OPEN) {
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_FAULTED,
> &vd->vdev_faulted);
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_DEGRADED,
> &vd->vdev_degraded);
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_REMOVED,
> &vd->vdev_removed);
> }
509a524
> spa_t *spa = vd->vdev_spa;
517c532
< ASSERT(!list_link_active(&vd->vdev_dirty_node));
---
> ASSERT(!list_link_active(&vd->vdev_config_dirty_node));
545c560,593
< vdev_free_common(vd);
---
> /*
> * Clean up vdev structure.
> */
> vdev_queue_fini(vd);
> vdev_cache_fini(vd);
>
> if (vd->vdev_path)
> spa_strfree(vd->vdev_path);
> if (vd->vdev_devid)
> spa_strfree(vd->vdev_devid);
> if (vd->vdev_physpath)
> spa_strfree(vd->vdev_physpath);
>
> if (vd->vdev_isspare)
> spa_spare_remove(vd);
> if (vd->vdev_isl2cache)
> spa_l2cache_remove(vd);
>
> txg_list_destroy(&vd->vdev_ms_list);
> txg_list_destroy(&vd->vdev_dtl_list);
> mutex_enter(&vd->vdev_dtl_lock);
> space_map_unload(&vd->vdev_dtl_map);
> space_map_destroy(&vd->vdev_dtl_map);
> space_map_vacate(&vd->vdev_dtl_scrub, NULL, NULL);
> space_map_destroy(&vd->vdev_dtl_scrub);
> mutex_exit(&vd->vdev_dtl_lock);
> mutex_destroy(&vd->vdev_dtl_lock);
> mutex_destroy(&vd->vdev_stat_lock);
> mutex_destroy(&vd->vdev_probe_lock);
>
> if (vd == spa->spa_root_vdev)
> spa->spa_root_vdev = NULL;
>
> kmem_free(vd, sizeof (vdev_t));
595c643
< if (list_link_active(&svd->vdev_dirty_node)) {
---
> if (list_link_active(&svd->vdev_config_dirty_node)) {
600,601c648,651
< tvd->vdev_reopen_wanted = svd->vdev_reopen_wanted;
< svd->vdev_reopen_wanted = 0;
---
> if (list_link_active(&svd->vdev_state_dirty_node)) {
> vdev_state_clean(svd);
> vdev_state_dirty(tvd);
> }
604a655,657
>
> tvd->vdev_islog = svd->vdev_islog;
> svd->vdev_islog = 0;
631c684
< ASSERT(spa_config_held(spa, RW_WRITER));
---
> ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
660c713
< ASSERT(spa_config_held(cvd->vdev_spa, RW_WRITER));
---
> ASSERT(spa_config_held(cvd->vdev_spa, SCL_ALL, RW_WRITER) == SCL_ALL);
670,671d722
< cvd->vdev_id = mvd->vdev_id;
< vdev_add_child(pvd, cvd);
673,677c724,727
< * If we created a new toplevel vdev, then we need to change the child's
< * vdev GUID to match the old toplevel vdev. Otherwise, we could have
< * detached an offline device, and when we go to import the pool we'll
< * think we have two toplevel vdevs, instead of a different version of
< * the same toplevel vdev.
---
> * If cvd will replace mvd as a top-level vdev, preserve mvd's guid.
> * Otherwise, we could have detached an offline device, and when we
> * go to import the pool we'll think we have two top-level vdevs,
> * instead of a different version of the same top-level vdev.
679,685c729,732
< if (cvd->vdev_top == cvd) {
< pvd->vdev_guid_sum -= cvd->vdev_guid;
< cvd->vdev_guid_sum -= cvd->vdev_guid;
< cvd->vdev_guid = mvd->vdev_guid;
< cvd->vdev_guid_sum += mvd->vdev_guid;
< pvd->vdev_guid_sum += cvd->vdev_guid;
< }
---
> if (mvd->vdev_top == mvd)
> cvd->vdev_guid = cvd->vdev_guid_sum = mvd->vdev_guid;
> cvd->vdev_id = mvd->vdev_id;
> vdev_add_child(pvd, cvd);
700c747
< metaslab_class_t *mc = spa_metaslab_class_select(spa);
---
> metaslab_class_t *mc;
710,711d756
< dprintf("%s oldc %llu newc %llu\n", vdev_description(vd), oldc, newc);
<
713a759,763
> if (vd->vdev_islog)
> mc = spa->spa_log_class;
> else
> mc = spa->spa_normal_class;
>
740,741c790,791
< ASSERT3U(db->db_size, ==, sizeof (smo));
< bcopy(db->db_data, &smo, db->db_size);
---
> ASSERT3U(db->db_size, >=, sizeof (smo));
> bcopy(db->db_data, &smo, sizeof (smo));
767a818,868
> typedef struct vdev_probe_stats {
> boolean_t vps_readable;
> boolean_t vps_writeable;
> int vps_flags;
> zio_t *vps_root;
> vdev_t *vps_vd;
> } vdev_probe_stats_t;
>
> static void
> vdev_probe_done(zio_t *zio)
> {
> vdev_probe_stats_t *vps = zio->io_private;
> vdev_t *vd = vps->vps_vd;
>
> if (zio->io_type == ZIO_TYPE_READ) {
> ASSERT(zio->io_vd == vd);
> if (zio->io_error == 0)
> vps->vps_readable = 1;
> if (zio->io_error == 0 && (spa_mode & FWRITE)) {
> zio_nowait(zio_write_phys(vps->vps_root, vd,
> zio->io_offset, zio->io_size, zio->io_data,
> ZIO_CHECKSUM_OFF, vdev_probe_done, vps,
> ZIO_PRIORITY_SYNC_WRITE, vps->vps_flags, B_TRUE));
> } else {
> zio_buf_free(zio->io_data, zio->io_size);
> }
> } else if (zio->io_type == ZIO_TYPE_WRITE) {
> ASSERT(zio->io_vd == vd);
> if (zio->io_error == 0)
> vps->vps_writeable = 1;
> zio_buf_free(zio->io_data, zio->io_size);
> } else if (zio->io_type == ZIO_TYPE_NULL) {
> ASSERT(zio->io_vd == NULL);
> ASSERT(zio == vps->vps_root);
>
> vd->vdev_cant_read |= !vps->vps_readable;
> vd->vdev_cant_write |= !vps->vps_writeable;
>
> if (vdev_readable(vd) &&
> (vdev_writeable(vd) || !(spa_mode & FWRITE))) {
> zio->io_error = 0;
> } else {
> ASSERT(zio->io_error != 0);
> zfs_ereport_post(FM_EREPORT_ZFS_PROBE_FAILURE,
> zio->io_spa, vd, NULL, 0, 0);
> zio->io_error = ENXIO;
> }
> kmem_free(vps, sizeof (*vps));
> }
> }
>
768a870,924
> * Determine whether this device is accessible by reading and writing
> * to several known locations: the pad regions of each vdev label
> * but the first (which we leave alone in case it contains a VTOC).
> */
> zio_t *
> vdev_probe(vdev_t *vd, zio_t *pio)
> {
> spa_t *spa = vd->vdev_spa;
> vdev_probe_stats_t *vps;
> zio_t *zio;
>
> vps = kmem_zalloc(sizeof (*vps), KM_SLEEP);
>
> vps->vps_flags = ZIO_FLAG_CANFAIL | ZIO_FLAG_PROBE |
> ZIO_FLAG_DONT_CACHE | ZIO_FLAG_DONT_AGGREGATE | ZIO_FLAG_DONT_RETRY;
>
> if (spa_config_held(spa, SCL_ZIO, RW_WRITER)) {
> /*
> * vdev_cant_read and vdev_cant_write can only transition
> * from TRUE to FALSE when we have the SCL_ZIO lock as writer;
> * otherwise they can only transition from FALSE to TRUE.
> * This ensures that any zio looking at these values can
> * assume that failures persist for the life of the I/O.
> * That's important because when a device has intermittent
> * connectivity problems, we want to ensure that they're
> * ascribed to the device (ENXIO) and not the zio (EIO).
> *
> * Since we hold SCL_ZIO as writer here, clear both values
> * so the probe can reevaluate from first principles.
> */
> vps->vps_flags |= ZIO_FLAG_CONFIG_WRITER;
> vd->vdev_cant_read = B_FALSE;
> vd->vdev_cant_write = B_FALSE;
> }
>
> ASSERT(vd->vdev_ops->vdev_op_leaf);
>
> zio = zio_null(pio, spa, vdev_probe_done, vps, vps->vps_flags);
>
> vps->vps_root = zio;
> vps->vps_vd = vd;
>
> for (int l = 1; l < VDEV_LABELS; l++) {
> zio_nowait(zio_read_phys(zio, vd,
> vdev_label_offset(vd->vdev_psize, l,
> offsetof(vdev_label_t, vl_pad)),
> VDEV_SKIP_SIZE, zio_buf_alloc(VDEV_SKIP_SIZE),
> ZIO_CHECKSUM_OFF, vdev_probe_done, vps,
> ZIO_PRIORITY_SYNC_READ, vps->vps_flags, B_TRUE));
> }
>
> return (zio);
> }
>
> /*
784,788d939
< if (vd->vdev_fault_mode == VDEV_FAULT_COUNT)
< vd->vdev_fault_arg >>= 1;
< else
< vd->vdev_fault_mode = VDEV_FAULT_NONE;
<
791,797c942
< if (vd->vdev_ops->vdev_op_leaf) {
< vdev_cache_init(vd);
< vdev_queue_init(vd);
< vd->vdev_cache_active = B_TRUE;
< }
<
< if (vd->vdev_offline) {
---
> if (!vd->vdev_removed && vd->vdev_faulted) {
798a944,948
> vdev_set_state(vd, B_TRUE, VDEV_STATE_FAULTED,
> VDEV_AUX_ERR_EXCEEDED);
> return (ENXIO);
> } else if (vd->vdev_offline) {
> ASSERT(vd->vdev_children == 0);
808,810d957
< dprintf("%s = %d, osize %llu, state = %d\n",
< vdev_description(vd), error, osize, vd->vdev_state);
<
811a959,962
> if (vd->vdev_removed &&
> vd->vdev_stat.vs_aux != VDEV_AUX_OPEN_FAILED)
> vd->vdev_removed = B_FALSE;
>
817c968
< vd->vdev_state = VDEV_STATE_HEALTHY;
---
> vd->vdev_removed = B_FALSE;
818a970,977
> if (vd->vdev_degraded) {
> ASSERT(vd->vdev_children == 0);
> vdev_set_state(vd, B_TRUE, VDEV_STATE_DEGRADED,
> VDEV_AUX_ERR_EXCEEDED);
> } else {
> vd->vdev_state = VDEV_STATE_HEALTHY;
> }
>
885a1045,1055
> * Ensure we can issue some IO before declaring the
> * vdev open for business.
> */
> if (vd->vdev_ops->vdev_op_leaf &&
> (error = zio_wait(vdev_probe(vd, NULL))) != 0) {
> vdev_set_state(vd, B_TRUE, VDEV_STATE_CANT_OPEN,
> VDEV_AUX_IO_FAILURE);
> return (error);
> }
>
> /*
898,905c1068,1071
< * This allows the ZFS DE to close cases appropriately. If a device
< * goes away and later returns, we want to close the associated case.
< * But it's not enough to simply post this only when a device goes from
< * CANT_OPEN -> HEALTHY. If we reboot the system and the device is
< * back, we also need to close the case (otherwise we will try to replay
< * it). So we have to post this notifier every time. Since this only
< * occurs during pool open or error recovery, this should not be an
< * issue.
---
> * If a leaf vdev has a DTL, and seems healthy, then kick off a
> * resilver. But don't do this if we are doing a reopen for a
> * scrub, since this would just restart the scrub we are already
> * doing.
907c1073,1078
< zfs_post_ok(vd->vdev_spa, vd);
---
> if (vd->vdev_children == 0 && !vd->vdev_spa->spa_scrub_reopen) {
> mutex_enter(&vd->vdev_dtl_lock);
> if (vd->vdev_dtl_map.sm_space != 0 && vdev_writeable(vd))
> spa_async_request(vd->vdev_spa, SPA_ASYNC_RESILVER);
> mutex_exit(&vd->vdev_dtl_lock);
> }
915,916c1086
< * inadvertently do repair I/Os to the wrong device, and so that vdev_reopen()
< * won't succeed if the device has been changed underneath.
---
> * inadvertently do repair I/Os to the wrong device.
929c1099
< uint64_t guid;
---
> uint64_t guid, top_guid;
941c1111
< if (vd->vdev_ops->vdev_op_leaf && !vdev_is_dead(vd)) {
---
> if (vd->vdev_ops->vdev_op_leaf && vdev_readable(vd)) {
956a1127,1134
> /*
> * If this vdev just became a top-level vdev because its
> * sibling was detached, it will have adopted the parent's
> * vdev guid -- but the label may or may not be on disk yet.
> * Fortunately, either version of the label will have the
> * same top guid, so if we're a top-level vdev, we can
> * safely compare to that instead.
> */
958c1136,1140
< &guid) != 0 || guid != vd->vdev_guid) {
---
> &guid) != 0 ||
> nvlist_lookup_uint64(label, ZPOOL_CONFIG_TOP_GUID,
> &top_guid) != 0 ||
> (vd->vdev_guid != guid &&
> (vd->vdev_guid != top_guid || vd != vd->vdev_top))) {
977a1160,1167
>
> /*
> * If we were able to open and validate a vdev that was
> * previously marked permanently unavailable, clear that state
> * now.
> */
> if (vd->vdev_not_present)
> vd->vdev_not_present = 0;
980,986d1169
< /*
< * If we were able to open and validate a vdev that was previously
< * marked permanently unavailable, clear that state now.
< */
< if (vd->vdev_not_present)
< vd->vdev_not_present = 0;
<
998,1002c1181
< if (vd->vdev_cache_active) {
< vdev_cache_fini(vd);
< vdev_queue_fini(vd);
< vd->vdev_cache_active = B_FALSE;
< }
---
> vdev_cache_purge(vd);
1023c1202
< ASSERT(spa_config_held(spa, RW_WRITER));
---
> ASSERT(spa_config_held(spa, SCL_STATE_ALL, RW_WRITER) == SCL_STATE_ALL);
1032,1040d1210
< *
< * The downside to this is that if the user is simply experimenting by
< * overwriting an entire disk, we'll fault the device rather than
< * demonstrate self-healing capabilities. On the other hand, with
< * proper FMA integration, the series of errors we'd see from the device
< * would result in a faulted device anyway. Given that this doesn't
< * model any real-world corruption, it's better to catch this here and
< * correctly identify that the device has either changed beneath us, or
< * is corrupted beyond recognition.
1042c1212,1223
< (void) vdev_validate(vd);
---
> if (vd->vdev_aux) {
> (void) vdev_validate_aux(vd);
> if (vdev_readable(vd) && vdev_writeable(vd) &&
> !l2arc_vdev_present(vd)) {
> uint64_t size = vdev_get_rsize(vd);
> l2arc_add_vdev(spa, vd,
> VDEV_LABEL_START_SIZE,
> size - VDEV_LABEL_START_SIZE);
> }
> } else {
> (void) vdev_validate(vd);
> }
1045c1226
< * Reassess root vdev's health.
---
> * Reassess parent vdev's health.
1047c1228
< vdev_propagate_state(spa->spa_root_vdev);
---
> vdev_propagate_state(vd);
1153c1334
< ASSERT(spa_config_held(spa, RW_WRITER));
---
> ASSERT(spa_config_held(spa, SCL_CONFIG, RW_READER));
1157,1162c1338,1347
< /*
< * We're successfully scrubbed everything up to scrub_txg.
< * Therefore, excise all old DTLs up to that point, then
< * fold in the DTLs for everything we couldn't scrub.
< */
< if (scrub_txg != 0) {
---
> if (scrub_txg != 0 &&
> (spa->spa_scrub_started || spa->spa_scrub_errors == 0)) {
> /* XXX should check scrub_done? */
> /*
> * We completed a scrub up to scrub_txg. If we
> * did it without rebooting, then the scrub dtl
> * will be valid, so excise the old region and
> * fold in the scrub dtl. Otherwise, leave the
> * dtl as-is if there was an error.
> */
1168a1354
>
1215,1216c1401,1402
< ASSERT3U(db->db_size, ==, sizeof (*smo));
< bcopy(db->db_data, smo, db->db_size);
---
> ASSERT3U(db->db_size, >=, sizeof (*smo));
> bcopy(db->db_data, smo, sizeof (*smo));
1238,1240d1423
< dprintf("%s in txg %llu pass %d\n",
< vdev_description(vd), (u_longlong_t)txg, spa_sync_pass(spa));
<
1250,1251d1432
< dprintf("detach %s committed in txg %llu\n",
< vdev_description(vd), txg);
1286,1287c1467,1468
< ASSERT3U(db->db_size, ==, sizeof (*smo));
< bcopy(smo, db->db_data, db->db_size);
---
> ASSERT3U(db->db_size, >=, sizeof (*smo));
> bcopy(smo, db->db_data, sizeof (*smo));
1292a1474,1516
> /*
> * Determine if resilver is needed, and if so the txg range.
> */
> boolean_t
> vdev_resilver_needed(vdev_t *vd, uint64_t *minp, uint64_t *maxp)
> {
> boolean_t needed = B_FALSE;
> uint64_t thismin = UINT64_MAX;
> uint64_t thismax = 0;
>
> if (vd->vdev_children == 0) {
> mutex_enter(&vd->vdev_dtl_lock);
> if (vd->vdev_dtl_map.sm_space != 0 && vdev_writeable(vd)) {
> space_seg_t *ss;
>
> ss = avl_first(&vd->vdev_dtl_map.sm_root);
> thismin = ss->ss_start - 1;
> ss = avl_last(&vd->vdev_dtl_map.sm_root);
> thismax = ss->ss_end;
> needed = B_TRUE;
> }
> mutex_exit(&vd->vdev_dtl_lock);
> } else {
> int c;
> for (c = 0; c < vd->vdev_children; c++) {
> vdev_t *cvd = vd->vdev_child[c];
> uint64_t cmin, cmax;
>
> if (vdev_resilver_needed(cvd, &cmin, &cmax)) {
> thismin = MIN(thismin, cmin);
> thismax = MAX(thismax, cmax);
> needed = B_TRUE;
> }
> }
> }
>
> if (needed && minp) {
> *minp = thismin;
> *maxp = thismax;
> }
> return (needed);
> }
>
1322,1326c1546,1550
< * This special case of vdev_spare() is used for hot spares. It's sole purpose
< * it to set the vdev state for the associated vdev. To do this, we make sure
< * that we can open the underlying device, then try to read the label, and make
< * sure that the label is sane and that it hasn't been repurposed to another
< * pool.
---
> * The special vdev case is used for hot spares and l2cache devices. Its
> * sole purpose it to set the vdev state for the associated vdev. To do this,
> * we make sure that we can open the underlying device, then try to read the
> * label, and make sure that the label is sane and that it hasn't been
> * repurposed to another pool.
1329c1553
< vdev_validate_spare(vdev_t *vd)
---
> vdev_validate_aux(vdev_t *vd)
1334a1559,1561
> if (!vdev_readable(vd))
> return (0);
>
1342c1569
< version > ZFS_VERSION ||
---
> version > SPA_VERSION ||
1352,1353d1578
< spa_spare_add(vd);
<
1367,1368d1591
< dprintf("%s txg %llu\n", vdev_description(vd), txg);
<
1381,1383d1603
< dprintf("%s txg %llu pass %d\n",
< vdev_description(vd), (u_longlong_t)txg, spa_sync_pass(spa));
<
1411,1412c1631,1636
< void
< vdev_io_start(zio_t *zio)
---
> /*
> * Mark the given vdev faulted. A faulted vdev behaves as if the device could
> * not be opened, and no I/O is attempted.
> */
> int
> vdev_fault(spa_t *spa, uint64_t guid)
1414,1415c1638
< zio->io_vd->vdev_ops->vdev_op_io_start(zio);
< }
---
> vdev_t *vd;
1417,1420c1640,1676
< void
< vdev_io_done(zio_t *zio)
< {
< zio->io_vd->vdev_ops->vdev_op_io_done(zio);
---
> spa_vdev_state_enter(spa);
>
> if ((vd = spa_lookup_by_guid(spa, guid, B_TRUE)) == NULL)
> return (spa_vdev_state_exit(spa, NULL, ENODEV));
>
> if (!vd->vdev_ops->vdev_op_leaf)
> return (spa_vdev_state_exit(spa, NULL, ENOTSUP));
>
> /*
> * Faulted state takes precedence over degraded.
> */
> vd->vdev_faulted = 1ULL;
> vd->vdev_degraded = 0ULL;
> vdev_set_state(vd, B_FALSE, VDEV_STATE_FAULTED, VDEV_AUX_ERR_EXCEEDED);
>
> /*
> * If marking the vdev as faulted cause the top-level vdev to become
> * unavailable, then back off and simply mark the vdev as degraded
> * instead.
> */
> if (vdev_is_dead(vd->vdev_top) && vd->vdev_aux == NULL) {
> vd->vdev_degraded = 1ULL;
> vd->vdev_faulted = 0ULL;
>
> /*
> * If we reopen the device and it's not dead, only then do we
> * mark it degraded.
> */
> vdev_reopen(vd);
>
> if (vdev_readable(vd)) {
> vdev_set_state(vd, B_FALSE, VDEV_STATE_DEGRADED,
> VDEV_AUX_ERR_EXCEEDED);
> }
> }
>
> return (spa_vdev_state_exit(spa, vd, 0));
1423,1424c1679,1685
< const char *
< vdev_description(vdev_t *vd)
---
> /*
> * Mark the given vdev degraded. A degraded vdev is purely an indication to the
> * user that something is wrong. The vdev continues to operate as normal as far
> * as I/O is concerned.
> */
> int
> vdev_degrade(spa_t *spa, uint64_t guid)
1426,1427c1687
< if (vd == NULL || vd->vdev_ops == NULL)
< return ("<unknown>");
---
> vdev_t *vd;
1429,1430c1689
< if (vd->vdev_path != NULL)
< return (vd->vdev_path);
---
> spa_vdev_state_enter(spa);
1432,1433c1691,1692
< if (vd->vdev_parent == NULL)
< return (spa_name(vd->vdev_spa));
---
> if ((vd = spa_lookup_by_guid(spa, guid, B_TRUE)) == NULL)
> return (spa_vdev_state_exit(spa, NULL, ENODEV));
1435c1694,1708
< return (vd->vdev_ops->vdev_op_type);
---
> if (!vd->vdev_ops->vdev_op_leaf)
> return (spa_vdev_state_exit(spa, NULL, ENOTSUP));
>
> /*
> * If the vdev is already faulted, then don't do anything.
> */
> if (vd->vdev_faulted || vd->vdev_degraded)
> return (spa_vdev_state_exit(spa, NULL, 0));
>
> vd->vdev_degraded = 1ULL;
> if (!vdev_is_dead(vd))
> vdev_set_state(vd, B_FALSE, VDEV_STATE_DEGRADED,
> VDEV_AUX_ERR_EXCEEDED);
>
> return (spa_vdev_state_exit(spa, vd, 0));
1437a1711,1716
> /*
> * Online the given vdev. If 'unspare' is set, it implies two things. First,
> * any attached spare device should be detached when the device finishes
> * resilvering. Second, the online should be treated like a 'test' online case,
> * so no FMA events are generated if the device fails to open.
> */
1439c1718
< vdev_online(spa_t *spa, uint64_t guid)
---
> vdev_online(spa_t *spa, uint64_t guid, uint64_t flags, vdev_state_t *newstate)
1441,1442c1720
< vdev_t *rvd, *vd;
< uint64_t txg;
---
> vdev_t *vd;
1444c1722
< txg = spa_vdev_enter(spa);
---
> spa_vdev_state_enter(spa);
1446c1724,1725
< rvd = spa->spa_root_vdev;
---
> if ((vd = spa_lookup_by_guid(spa, guid, B_TRUE)) == NULL)
> return (spa_vdev_state_exit(spa, NULL, ENODEV));
1448,1450d1726
< if ((vd = vdev_lookup_by_guid(rvd, guid)) == NULL)
< return (spa_vdev_exit(spa, NULL, txg, ENODEV));
<
1452c1728
< return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
---
> return (spa_vdev_state_exit(spa, NULL, ENOTSUP));
1454,1455d1729
< dprintf("ONLINE: %s\n", vdev_description(vd));
<
1457a1732,1733
> vd->vdev_checkremove = !!(flags & ZFS_ONLINE_CHECKREMOVE);
> vd->vdev_forcefault = !!(flags & ZFS_ONLINE_FORCEFAULT);
1458a1735
> vd->vdev_checkremove = vd->vdev_forcefault = B_FALSE;
1460c1737,1743
< vdev_config_dirty(vd->vdev_top);
---
> if (newstate)
> *newstate = vd->vdev_state;
> if ((flags & ZFS_ONLINE_UNSPARE) &&
> !vdev_is_dead(vd) && vd->vdev_parent &&
> vd->vdev_parent->vdev_ops == &vdev_spare_ops &&
> vd->vdev_parent->vdev_child[0] == vd)
> vd->vdev_unspare = B_TRUE;
1462c1745
< (void) spa_vdev_exit(spa, NULL, txg, 0);
---
> (void) spa_vdev_state_exit(spa, vd, 0);
1464c1747
< VERIFY(spa_scrub(spa, POOL_SCRUB_RESILVER, B_TRUE) == 0);
---
> VERIFY3U(spa_scrub(spa, POOL_SCRUB_RESILVER), ==, 0);
1470c1753
< vdev_offline(spa_t *spa, uint64_t guid, int istmp)
---
> vdev_offline(spa_t *spa, uint64_t guid, uint64_t flags)
1472,1473c1755
< vdev_t *rvd, *vd;
< uint64_t txg;
---
> vdev_t *vd;
1475c1757
< txg = spa_vdev_enter(spa);
---
> spa_vdev_state_enter(spa);
1477c1759,1760
< rvd = spa->spa_root_vdev;
---
> if ((vd = spa_lookup_by_guid(spa, guid, B_TRUE)) == NULL)
> return (spa_vdev_state_exit(spa, NULL, ENODEV));
1479,1481d1761
< if ((vd = vdev_lookup_by_guid(rvd, guid)) == NULL)
< return (spa_vdev_exit(spa, NULL, txg, ENODEV));
<
1483c1763
< return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
---
> return (spa_vdev_state_exit(spa, NULL, ENOTSUP));
1485,1486d1764
< dprintf("OFFLINE: %s\n", vdev_description(vd));
<
1499c1777
< return (spa_vdev_exit(spa, NULL, txg, EBUSY));
---
> return (spa_vdev_state_exit(spa, NULL, EBUSY));
1508c1786
< if (vdev_is_dead(vd->vdev_top)) {
---
> if (vdev_is_dead(vd->vdev_top) && vd->vdev_aux == NULL) {
1511c1789
< return (spa_vdev_exit(spa, NULL, txg, EBUSY));
---
> return (spa_vdev_state_exit(spa, NULL, EBUSY));
1515c1793
< vd->vdev_tmpoffline = istmp;
---
> vd->vdev_tmpoffline = !!(flags & ZFS_OFFLINE_TEMPORARY);
1517,1519c1795
< vdev_config_dirty(vd->vdev_top);
<
< return (spa_vdev_exit(spa, NULL, txg, 0));
---
> return (spa_vdev_state_exit(spa, vd, 0));
1530c1806
< int c;
---
> vdev_t *rvd = spa->spa_root_vdev;
1531a1808,1809
> ASSERT(spa_config_held(spa, SCL_STATE_ALL, RW_WRITER) == SCL_STATE_ALL);
>
1533c1811
< vd = spa->spa_root_vdev;
---
> vd = rvd;
1539c1817
< for (c = 0; c < vd->vdev_children; c++)
---
> for (int c = 0; c < vd->vdev_children; c++)
1540a1819,1842
>
> /*
> * If we're in the FAULTED state or have experienced failed I/O, then
> * clear the persistent state and attempt to reopen the device. We
> * also mark the vdev config dirty, so that the new faulted state is
> * written out to disk.
> */
> if (vd->vdev_faulted || vd->vdev_degraded ||
> !vdev_readable(vd) || !vdev_writeable(vd)) {
>
> vd->vdev_faulted = vd->vdev_degraded = 0;
> vd->vdev_cant_read = B_FALSE;
> vd->vdev_cant_write = B_FALSE;
>
> vdev_reopen(vd);
>
> if (vd != rvd)
> vdev_state_dirty(vd->vdev_top);
>
> if (vd->vdev_aux == NULL && !vdev_is_dead(vd))
> spa_async_request(spa, SPA_ASYNC_RESILVER);
>
> spa_event_notify(spa, vd, ESC_ZFS_VDEV_CLEAR);
> }
1543c1845
< int
---
> boolean_t
1546c1848
< return (vd->vdev_state <= VDEV_STATE_CANT_OPEN);
---
> return (vd->vdev_state < VDEV_STATE_DEGRADED);
1549,1550c1851,1852
< int
< vdev_error_inject(vdev_t *vd, zio_t *zio)
---
> boolean_t
> vdev_readable(vdev_t *vd)
1552c1854,1855
< int error = 0;
---
> return (!vdev_is_dead(vd) && !vd->vdev_cant_read);
> }
1554,1555c1857,1861
< if (vd->vdev_fault_mode == VDEV_FAULT_NONE)
< return (0);
---
> boolean_t
> vdev_writeable(vdev_t *vd)
> {
> return (!vdev_is_dead(vd) && !vd->vdev_cant_write);
> }
1557,1558c1863,1866
< if (((1ULL << zio->io_type) & vd->vdev_fault_mask) == 0)
< return (0);
---
> boolean_t
> vdev_accessible(vdev_t *vd, zio_t *zio)
> {
> ASSERT(zio->io_vd == vd);
1560,1564c1868,1869
< switch (vd->vdev_fault_mode) {
< case VDEV_FAULT_RANDOM:
< if (spa_get_random(vd->vdev_fault_arg) == 0)
< error = EIO;
< break;
---
> if (vdev_is_dead(vd) || vd->vdev_remove_wanted)
> return (B_FALSE);
1566,1571c1871,1872
< case VDEV_FAULT_COUNT:
< if ((int64_t)--vd->vdev_fault_arg <= 0)
< vd->vdev_fault_mode = VDEV_FAULT_NONE;
< error = EIO;
< break;
< }
---
> if (zio->io_type == ZIO_TYPE_READ)
> return (!vd->vdev_cant_read);
1573,1577c1874,1875
< if (error != 0) {
< dprintf("returning %d for type %d on %s state %d offset %llx\n",
< error, zio->io_type, vdev_description(vd),
< vd->vdev_state, zio->io_offset);
< }
---
> if (zio->io_type == ZIO_TYPE_WRITE)
> return (!vd->vdev_cant_write);
1579c1877
< return (error);
---
> return (B_TRUE);
1589d1886
< int c, t;
1592a1890
> vs->vs_scrub_errors = vd->vdev_spa->spa_scrub_errors;
1603c1901
< for (c = 0; c < rvd->vdev_children; c++) {
---
> for (int c = 0; c < rvd->vdev_children; c++) {
1608c1906
< for (t = 0; t < ZIO_TYPES; t++) {
---
> for (int t = 0; t < ZIO_TYPES; t++) {
1612,1614d1909
< vs->vs_read_errors += cvs->vs_read_errors;
< vs->vs_write_errors += cvs->vs_write_errors;
< vs->vs_checksum_errors += cvs->vs_checksum_errors;
1616d1910
< vs->vs_scrub_errors += cvs->vs_scrub_errors;
1623c1917
< vdev_stat_update(zio_t *zio)
---
> vdev_clear_stats(vdev_t *vd)
1625c1919,1930
< vdev_t *vd = zio->io_vd;
---
> mutex_enter(&vd->vdev_stat_lock);
> vd->vdev_stat.vs_space = 0;
> vd->vdev_stat.vs_dspace = 0;
> vd->vdev_stat.vs_alloc = 0;
> mutex_exit(&vd->vdev_stat_lock);
> }
>
> void
> vdev_stat_update(zio_t *zio, uint64_t psize)
> {
> vdev_t *rvd = zio->io_spa->spa_root_vdev;
> vdev_t *vd = zio->io_vd ? zio->io_vd : rvd;
1631a1937,1942
> /*
> * If this i/o is a gang leader, it didn't do any actual work.
> */
> if (zio->io_gang_tree)
> return;
>
1632a1944,1961
> /*
> * If this is a root i/o, don't count it -- we've already
> * counted the top-level vdevs, and vdev_get_stats() will
> * aggregate them when asked. This reduces contention on
> * the root vdev_stat_lock and implicitly handles blocks
> * that compress away to holes, for which there is no i/o.
> * (Holes never create vdev children, so all the counters
> * remain zero, which is what we want.)
> *
> * Note: this only applies to successful i/o (io_error == 0)
> * because unlike i/o counts, errors are not additive.
> * When reading a ditto block, for example, failure of
> * one top-level vdev does not imply a root-level error.
> */
> if (vd == rvd)
> return;
>
> ASSERT(vd == zio->io_vd);
1636c1965
< vs->vs_bytes[type] += zio->io_size;
---
> vs->vs_bytes[type] += psize;
1639,1640c1968,1969
< if ((flags & ZIO_FLAG_IO_REPAIR) &&
< zio->io_delegate_list == NULL) {
---
> if (flags & ZIO_FLAG_IO_REPAIR) {
> ASSERT(zio->io_delegate_list == NULL);
1643c1972
< vs->vs_scrub_repaired += zio->io_size;
---
> vs->vs_scrub_repaired += psize;
1645c1974
< vs->vs_self_healed += zio->io_size;
---
> vs->vs_self_healed += psize;
1654,1664c1983,1988
< if (!vdev_is_dead(vd)) {
< mutex_enter(&vd->vdev_stat_lock);
< if (type == ZIO_TYPE_READ) {
< if (zio->io_error == ECKSUM)
< vs->vs_checksum_errors++;
< else
< vs->vs_read_errors++;
< }
< if (type == ZIO_TYPE_WRITE)
< vs->vs_write_errors++;
< mutex_exit(&vd->vdev_stat_lock);
---
> mutex_enter(&vd->vdev_stat_lock);
> if (type == ZIO_TYPE_READ) {
> if (zio->io_error == ECKSUM)
> vs->vs_checksum_errors++;
> else
> vs->vs_read_errors++;
1665a1990,1992
> if (type == ZIO_TYPE_WRITE)
> vs->vs_write_errors++;
> mutex_exit(&vd->vdev_stat_lock);
1667,1669c1994
< if (type == ZIO_TYPE_WRITE) {
< if (txg == 0 || vd->vdev_children != 0)
< return;
---
> if (type == ZIO_TYPE_WRITE && txg != 0 && vd->vdev_children == 0) {
1708d2032
< vs->vs_scrub_errors = 0;
1720c2044,2045
< vdev_space_update(vdev_t *vd, int64_t space_delta, int64_t alloc_delta)
---
> vdev_space_update(vdev_t *vd, int64_t space_delta, int64_t alloc_delta,
> boolean_t update_root)
1722d2046
< ASSERT(vd == vd->vdev_top);
1723a2048,2049
> spa_t *spa = vd->vdev_spa;
> vdev_t *rvd = spa->spa_root_vdev;
1725,1739c2051
< do {
< if (vd->vdev_ms_count) {
< /*
< * If this is a top-level vdev, apply the
< * inverse of its psize-to-asize (ie. RAID-Z)
< * space-expansion factor. We must calculate
< * this here and not at the root vdev because
< * the root vdev's psize-to-asize is simply the
< * max of its childrens', thus not accurate
< * enough for us.
< */
< ASSERT((dspace_delta & (SPA_MINBLOCKSIZE-1)) == 0);
< dspace_delta = (dspace_delta >> SPA_MINBLOCKSHIFT) *
< vd->vdev_deflate_ratio;
< }
---
> ASSERT(vd == vd->vdev_top);
1741,1746c2053,2085
< mutex_enter(&vd->vdev_stat_lock);
< vd->vdev_stat.vs_space += space_delta;
< vd->vdev_stat.vs_alloc += alloc_delta;
< vd->vdev_stat.vs_dspace += dspace_delta;
< mutex_exit(&vd->vdev_stat_lock);
< } while ((vd = vd->vdev_parent) != NULL);
---
> /*
> * Apply the inverse of the psize-to-asize (ie. RAID-Z) space-expansion
> * factor. We must calculate this here and not at the root vdev
> * because the root vdev's psize-to-asize is simply the max of its
> * childrens', thus not accurate enough for us.
> */
> ASSERT((dspace_delta & (SPA_MINBLOCKSIZE-1)) == 0);
> dspace_delta = (dspace_delta >> SPA_MINBLOCKSHIFT) *
> vd->vdev_deflate_ratio;
>
> mutex_enter(&vd->vdev_stat_lock);
> vd->vdev_stat.vs_space += space_delta;
> vd->vdev_stat.vs_alloc += alloc_delta;
> vd->vdev_stat.vs_dspace += dspace_delta;
> mutex_exit(&vd->vdev_stat_lock);
>
> if (update_root) {
> ASSERT(rvd == vd->vdev_parent);
> ASSERT(vd->vdev_ms_count != 0);
>
> /*
> * Don't count non-normal (e.g. intent log) space as part of
> * the pool's capacity.
> */
> if (vd->vdev_mg->mg_class != spa->spa_normal_class)
> return;
>
> mutex_enter(&rvd->vdev_stat_lock);
> rvd->vdev_stat.vs_space += space_delta;
> rvd->vdev_stat.vs_alloc += alloc_delta;
> rvd->vdev_stat.vs_dspace += dspace_delta;
> mutex_exit(&rvd->vdev_stat_lock);
> }
1762,1764c2101,2142
< * The dirty list is protected by the config lock. The caller must
< * either hold the config lock as writer, or must be the sync thread
< * (which holds the lock as reader). There's only one sync thread,
---
> * If this is an aux vdev (as with l2cache devices), then we update the
> * vdev config manually and set the sync flag.
> */
> if (vd->vdev_aux != NULL) {
> spa_aux_vdev_t *sav = vd->vdev_aux;
> nvlist_t **aux;
> uint_t naux;
>
> for (c = 0; c < sav->sav_count; c++) {
> if (sav->sav_vdevs[c] == vd)
> break;
> }
>
> if (c == sav->sav_count) {
> /*
> * We're being removed. There's nothing more to do.
> */
> ASSERT(sav->sav_sync == B_TRUE);
> return;
> }
>
> sav->sav_sync = B_TRUE;
>
> VERIFY(nvlist_lookup_nvlist_array(sav->sav_config,
> ZPOOL_CONFIG_L2CACHE, &aux, &naux) == 0);
>
> ASSERT(c < naux);
>
> /*
> * Setting the nvlist in the middle if the array is a little
> * sketchy, but it will work.
> */
> nvlist_free(aux[c]);
> aux[c] = vdev_config_generate(spa, vd, B_TRUE, B_FALSE, B_TRUE);
>
> return;
> }
>
> /*
> * The dirty list is protected by the SCL_CONFIG lock. The caller
> * must either hold SCL_CONFIG as writer, or must be the sync thread
> * (which holds SCL_CONFIG as reader). There's only one sync thread,
1767,1768c2145,2147
< ASSERT(spa_config_held(spa, RW_WRITER) ||
< dsl_pool_sync_context(spa_get_dsl(spa)));
---
> ASSERT(spa_config_held(spa, SCL_CONFIG, RW_WRITER) ||
> (dsl_pool_sync_context(spa_get_dsl(spa)) &&
> spa_config_held(spa, SCL_CONFIG, RW_READER)));
1776,1777c2155,2156
< if (!list_link_active(&vd->vdev_dirty_node))
< list_insert_head(&spa->spa_dirty_list, vd);
---
> if (!list_link_active(&vd->vdev_config_dirty_node))
> list_insert_head(&spa->spa_config_dirty_list, vd);
1786,1787c2165,2167
< ASSERT(spa_config_held(spa, RW_WRITER) ||
< dsl_pool_sync_context(spa_get_dsl(spa)));
---
> ASSERT(spa_config_held(spa, SCL_CONFIG, RW_WRITER) ||
> (dsl_pool_sync_context(spa_get_dsl(spa)) &&
> spa_config_held(spa, SCL_CONFIG, RW_READER)));
1789,1790c2169,2170
< ASSERT(list_link_active(&vd->vdev_dirty_node));
< list_remove(&spa->spa_dirty_list, vd);
---
> ASSERT(list_link_active(&vd->vdev_config_dirty_node));
> list_remove(&spa->spa_config_dirty_list, vd);
1792a2173,2178
> /*
> * Mark a top-level vdev's state as dirty, so that the next pass of
> * spa_sync() can convert this into vdev_config_dirty(). We distinguish
> * the state changes from larger config changes because they require
> * much less locking, and are often needed for administrative actions.
> */
1793a2180,2216
> vdev_state_dirty(vdev_t *vd)
> {
> spa_t *spa = vd->vdev_spa;
>
> ASSERT(vd == vd->vdev_top);
>
> /*
> * The state list is protected by the SCL_STATE lock. The caller
> * must either hold SCL_STATE as writer, or must be the sync thread
> * (which holds SCL_STATE as reader). There's only one sync thread,
> * so this is sufficient to ensure mutual exclusion.
> */
> ASSERT(spa_config_held(spa, SCL_STATE, RW_WRITER) ||
> (dsl_pool_sync_context(spa_get_dsl(spa)) &&
> spa_config_held(spa, SCL_STATE, RW_READER)));
>
> if (!list_link_active(&vd->vdev_state_dirty_node))
> list_insert_head(&spa->spa_state_dirty_list, vd);
> }
>
> void
> vdev_state_clean(vdev_t *vd)
> {
> spa_t *spa = vd->vdev_spa;
>
> ASSERT(spa_config_held(spa, SCL_STATE, RW_WRITER) ||
> (dsl_pool_sync_context(spa_get_dsl(spa)) &&
> spa_config_held(spa, SCL_STATE, RW_READER)));
>
> ASSERT(list_link_active(&vd->vdev_state_dirty_node));
> list_remove(&spa->spa_state_dirty_list, vd);
> }
>
> /*
> * Propagate vdev state up from children to parent.
> */
> void
1802,1807c2225,2227
< for (c = 0; c < vd->vdev_children; c++) {
< child = vd->vdev_child[c];
< if (child->vdev_state <= VDEV_STATE_CANT_OPEN)
< faulted++;
< else if (child->vdev_state == VDEV_STATE_DEGRADED)
< degraded++;
---
> if (vd->vdev_children > 0) {
> for (c = 0; c < vd->vdev_children; c++) {
> child = vd->vdev_child[c];
1809,1811c2229,2242
< if (child->vdev_stat.vs_aux == VDEV_AUX_CORRUPT_DATA)
< corrupted++;
< }
---
> if (!vdev_readable(child) ||
> (!vdev_writeable(child) && (spa_mode & FWRITE))) {
> /*
> * Root special: if there is a top-level log
> * device, treat the root vdev as if it were
> * degraded.
> */
> if (child->vdev_islog && vd == rvd)
> degraded++;
> else
> faulted++;
> } else if (child->vdev_state <= VDEV_STATE_DEGRADED) {
> degraded++;
> }
1813c2244,2246
< vd->vdev_ops->vdev_op_state_change(vd, faulted, degraded);
---
> if (child->vdev_stat.vs_aux == VDEV_AUX_CORRUPT_DATA)
> corrupted++;
> }
1815,1823c2248,2263
< /*
< * Root special: if there is a toplevel vdev that cannot be
< * opened due to corrupted metadata, then propagate the root
< * vdev's aux state as 'corrupt' rather than 'insufficient
< * replicas'.
< */
< if (corrupted && vd == rvd && rvd->vdev_state == VDEV_STATE_CANT_OPEN)
< vdev_set_state(rvd, B_FALSE, VDEV_STATE_CANT_OPEN,
< VDEV_AUX_CORRUPT_DATA);
---
> vd->vdev_ops->vdev_op_state_change(vd, faulted, degraded);
>
> /*
> * Root special: if there is a top-level vdev that cannot be
> * opened due to corrupted metadata, then propagate the root
> * vdev's aux state as 'corrupt' rather than 'insufficient
> * replicas'.
> */
> if (corrupted && vd == rvd &&
> rvd->vdev_state == VDEV_STATE_CANT_OPEN)
> vdev_set_state(rvd, B_FALSE, VDEV_STATE_CANT_OPEN,
> VDEV_AUX_CORRUPT_DATA);
> }
>
> if (vd->vdev_parent)
> vdev_propagate_state(vd->vdev_parent);
1837a2278
> spa_t *spa = vd->vdev_spa;
1860c2301,2303
< if (state == VDEV_STATE_CANT_OPEN) {
---
> if (vd->vdev_removed &&
> state == VDEV_STATE_CANT_OPEN &&
> (aux == VDEV_AUX_OPEN_FAILED || vd->vdev_checkremove)) {
1861a2305,2323
> * If the previous state is set to VDEV_STATE_REMOVED, then this
> * device was previously marked removed and someone attempted to
> * reopen it. If this failed due to a nonexistent device, then
> * keep the device in the REMOVED state. We also let this be if
> * it is one of our special test online cases, which is only
> * attempting to online the device and shouldn't generate an FMA
> * fault.
> */
> vd->vdev_state = VDEV_STATE_REMOVED;
> vd->vdev_stat.vs_aux = VDEV_AUX_NONE;
> } else if (state == VDEV_STATE_REMOVED) {
> /*
> * Indicate to the ZFS DE that this device has been removed, and
> * any recent errors should be ignored.
> */
> zfs_post_remove(spa, vd);
> vd->vdev_removed = B_TRUE;
> } else if (state == VDEV_STATE_CANT_OPEN) {
> /*
1867c2329,2330
< if (vd->vdev_spa->spa_load_state == SPA_LOAD_IMPORT &&
---
> if (spa->spa_load_state == SPA_LOAD_IMPORT &&
> !spa->spa_import_faulted &&
1876a2340,2347
> *
> * If the 'checkremove' flag is set, then this is an attempt to
> * online the device in response to an insertion event. If we
> * hit this case, then we have detected an insertion event for a
> * faulted or offline device that wasn't in the removed state.
> * In this scenario, we don't post an ereport because we are
> * about to replace the device, or attempt an online with
> * vdev_forcefault, which will generate the fault for us.
1878,1879c2349,2351
< if (vd->vdev_prevstate != state && !vd->vdev_not_present &&
< vd != vd->vdev_spa->spa_root_vdev) {
---
> if ((vd->vdev_prevstate != state || vd->vdev_forcefault) &&
> !vd->vdev_not_present && !vd->vdev_checkremove &&
> vd != spa->spa_root_vdev) {
1900a2373,2375
> case VDEV_AUX_IO_FAILURE:
> class = FM_EREPORT_ZFS_IO_FAILURE;
> break;
1905,1906c2380
< zfs_ereport_post(class, vd->vdev_spa,
< vd, NULL, save_state, 0);
---
> zfs_ereport_post(class, spa, vd, NULL, save_state, 0);
1907a2382,2386
>
> /* Erase any notion of persistent removed state */
> vd->vdev_removed = B_FALSE;
> } else {
> vd->vdev_removed = B_FALSE;
1910,1911c2389,2391
< if (isopen)
< return;
---
> if (!isopen)
> vdev_propagate_state(vd);
> }
1913,1914c2393,2422
< if (vd->vdev_parent != NULL)
< vdev_propagate_state(vd->vdev_parent);
---
> /*
> * Check the vdev configuration to ensure that it's capable of supporting
> * a root pool. Currently, we do not support RAID-Z or partial configuration.
> * In addition, only a single top-level vdev is allowed and none of the leaves
> * can be wholedisks.
> */
> boolean_t
> vdev_is_bootable(vdev_t *vd)
> {
> int c;
>
> if (!vd->vdev_ops->vdev_op_leaf) {
> char *vdev_type = vd->vdev_ops->vdev_op_type;
>
> if (strcmp(vdev_type, VDEV_TYPE_ROOT) == 0 &&
> vd->vdev_children > 1) {
> return (B_FALSE);
> } else if (strcmp(vdev_type, VDEV_TYPE_RAIDZ) == 0 ||
> strcmp(vdev_type, VDEV_TYPE_MISSING) == 0) {
> return (B_FALSE);
> }
> } else if (vd->vdev_wholedisk == 1) {
> return (B_FALSE);
> }
>
> for (c = 0; c < vd->vdev_children; c++) {
> if (!vdev_is_bootable(vd->vdev_child[c]))
> return (B_FALSE);
> }
> return (B_TRUE);
< * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
---
> * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
27,28d26
< #pragma ident "%Z%%M% %I% %E% SMI"
<
42a41
> #include <sys/arc.h>
61d59
< &vdev_file_ops,
62a61
> &vdev_file_ops,
67,68c66,67
< /* maximum scrub/resilver I/O queue */
< int zfs_scrub_limit = 70;
---
> /* maximum scrub/resilver I/O queue per leaf vdev */
> int zfs_scrub_limit = 10;
69a69,72
> TUNABLE_INT("vfs.zfs.scrub_limit", &zfs_scrub_limit);
> SYSCTL_INT(_vfs_zfs, OID_AUTO, scrub_limit, CTLFLAG_RDTUN, &zfs_scrub_limit, 0,
> "Maximum scrub/resilver I/O queue");
>
146c149,152
< if (vdev < rvd->vdev_children)
---
> ASSERT(spa_config_held(spa, SCL_ALL, RW_READER) != 0);
>
> if (vdev < rvd->vdev_children) {
> ASSERT(rvd->vdev_child[vdev] != NULL);
147a154
> }
176c183
< ASSERT(spa_config_held(cvd->vdev_spa, RW_WRITER));
---
> ASSERT(spa_config_held(cvd->vdev_spa, SCL_ALL, RW_WRITER) == SCL_ALL);
259c266
< ASSERT(spa_config_held(pvd->vdev_spa, RW_WRITER));
---
> ASSERT(spa_config_held(pvd->vdev_spa, SCL_ALL, RW_WRITER) == SCL_ALL);
321a329
> mutex_init(&vd->vdev_probe_lock, NULL, MUTEX_DEFAULT, NULL);
328a337,338
> vdev_queue_init(vd);
> vdev_cache_init(vd);
334,366d343
< * Free a vdev_t that has been removed from service.
< */
< static void
< vdev_free_common(vdev_t *vd)
< {
< spa_t *spa = vd->vdev_spa;
<
< if (vd->vdev_path)
< spa_strfree(vd->vdev_path);
< if (vd->vdev_devid)
< spa_strfree(vd->vdev_devid);
<
< if (vd->vdev_isspare)
< spa_spare_remove(vd);
<
< txg_list_destroy(&vd->vdev_ms_list);
< txg_list_destroy(&vd->vdev_dtl_list);
< mutex_enter(&vd->vdev_dtl_lock);
< space_map_unload(&vd->vdev_dtl_map);
< space_map_destroy(&vd->vdev_dtl_map);
< space_map_vacate(&vd->vdev_dtl_scrub, NULL, NULL);
< space_map_destroy(&vd->vdev_dtl_scrub);
< mutex_exit(&vd->vdev_dtl_lock);
< mutex_destroy(&vd->vdev_dtl_lock);
< mutex_destroy(&vd->vdev_stat_lock);
<
< if (vd == spa->spa_root_vdev)
< spa->spa_root_vdev = NULL;
<
< kmem_free(vd, sizeof (vdev_t));
< }
<
< /*
377c354
< uint64_t guid = 0;
---
> uint64_t guid = 0, islog, nparity;
380c357
< ASSERT(spa_config_held(spa, RW_WRITER));
---
> ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
403a381,383
> } else if (alloctype == VDEV_ALLOC_L2CACHE) {
> if (nvlist_lookup_uint64(nv, ZPOOL_CONFIG_GUID, &guid) != 0)
> return (EINVAL);
412c392,398
< vd = vdev_alloc_common(spa, id, guid, ops);
---
> /*
> * Determine whether we're a log vdev.
> */
> islog = 0;
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_IS_LOG, &islog);
> if (islog && spa_version(spa) < SPA_VERSION_SLOGS)
> return (ENOTSUP);
414,418d399
< if (nvlist_lookup_string(nv, ZPOOL_CONFIG_PATH, &vd->vdev_path) == 0)
< vd->vdev_path = spa_strdup(vd->vdev_path);
< if (nvlist_lookup_string(nv, ZPOOL_CONFIG_DEVID, &vd->vdev_devid) == 0)
< vd->vdev_devid = spa_strdup(vd->vdev_devid);
<
420c401
< * Set the nparity propery for RAID-Z vdevs.
---
> * Set the nparity property for RAID-Z vdevs.
421a403
> nparity = -1ULL;
424c406
< &vd->vdev_nparity) == 0) {
---
> &nparity) == 0) {
428c410
< if (vd->vdev_nparity > 2)
---
> if (nparity == 0 || nparity > 2)
433,434c415,416
< if (vd->vdev_nparity == 2 &&
< spa_version(spa) < ZFS_VERSION_RAID6)
---
> if (nparity == 2 &&
> spa_version(spa) < SPA_VERSION_RAID6)
436d417
<
442c423
< if (spa_version(spa) >= ZFS_VERSION_RAID6)
---
> if (spa_version(spa) >= SPA_VERSION_RAID6)
444d424
<
448c428
< vd->vdev_nparity = 1;
---
> nparity = 1;
451c431
< vd->vdev_nparity = 0;
---
> nparity = 0;
452a433
> ASSERT(nparity != -1ULL);
453a435,447
> vd = vdev_alloc_common(spa, id, guid, ops);
>
> vd->vdev_islog = islog;
> vd->vdev_nparity = nparity;
>
> if (nvlist_lookup_string(nv, ZPOOL_CONFIG_PATH, &vd->vdev_path) == 0)
> vd->vdev_path = spa_strdup(vd->vdev_path);
> if (nvlist_lookup_string(nv, ZPOOL_CONFIG_DEVID, &vd->vdev_devid) == 0)
> vd->vdev_devid = spa_strdup(vd->vdev_devid);
> if (nvlist_lookup_string(nv, ZPOOL_CONFIG_PHYS_PATH,
> &vd->vdev_physpath) == 0)
> vd->vdev_physpath = spa_strdup(vd->vdev_physpath);
>
466,467c460,462
< (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_NOT_PRESENT,
< &vd->vdev_not_present);
---
> if (!spa->spa_import_faulted)
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_NOT_PRESENT,
> &vd->vdev_not_present);
487c482
< * If we're a leaf vdev, try to load the DTL object and offline state.
---
> * If we're a leaf vdev, try to load the DTL object and other state.
489,491c484,491
< if (vd->vdev_ops->vdev_op_leaf && alloctype == VDEV_ALLOC_LOAD) {
< (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_DTL,
< &vd->vdev_dtl.smo_object);
---
> if (vd->vdev_ops->vdev_op_leaf &&
> (alloctype == VDEV_ALLOC_LOAD || alloctype == VDEV_ALLOC_L2CACHE)) {
> if (alloctype == VDEV_ALLOC_LOAD) {
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_DTL,
> &vd->vdev_dtl.smo_object);
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_UNSPARE,
> &vd->vdev_unspare);
> }
493a494,507
>
> /*
> * When importing a pool, we want to ignore the persistent fault
> * state, as the diagnosis made on another system may not be
> * valid in the current context.
> */
> if (spa->spa_load_state == SPA_LOAD_OPEN) {
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_FAULTED,
> &vd->vdev_faulted);
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_DEGRADED,
> &vd->vdev_degraded);
> (void) nvlist_lookup_uint64(nv, ZPOOL_CONFIG_REMOVED,
> &vd->vdev_removed);
> }
509a524
> spa_t *spa = vd->vdev_spa;
517c532
< ASSERT(!list_link_active(&vd->vdev_dirty_node));
---
> ASSERT(!list_link_active(&vd->vdev_config_dirty_node));
545c560,593
< vdev_free_common(vd);
---
> /*
> * Clean up vdev structure.
> */
> vdev_queue_fini(vd);
> vdev_cache_fini(vd);
>
> if (vd->vdev_path)
> spa_strfree(vd->vdev_path);
> if (vd->vdev_devid)
> spa_strfree(vd->vdev_devid);
> if (vd->vdev_physpath)
> spa_strfree(vd->vdev_physpath);
>
> if (vd->vdev_isspare)
> spa_spare_remove(vd);
> if (vd->vdev_isl2cache)
> spa_l2cache_remove(vd);
>
> txg_list_destroy(&vd->vdev_ms_list);
> txg_list_destroy(&vd->vdev_dtl_list);
> mutex_enter(&vd->vdev_dtl_lock);
> space_map_unload(&vd->vdev_dtl_map);
> space_map_destroy(&vd->vdev_dtl_map);
> space_map_vacate(&vd->vdev_dtl_scrub, NULL, NULL);
> space_map_destroy(&vd->vdev_dtl_scrub);
> mutex_exit(&vd->vdev_dtl_lock);
> mutex_destroy(&vd->vdev_dtl_lock);
> mutex_destroy(&vd->vdev_stat_lock);
> mutex_destroy(&vd->vdev_probe_lock);
>
> if (vd == spa->spa_root_vdev)
> spa->spa_root_vdev = NULL;
>
> kmem_free(vd, sizeof (vdev_t));
595c643
< if (list_link_active(&svd->vdev_dirty_node)) {
---
> if (list_link_active(&svd->vdev_config_dirty_node)) {
600,601c648,651
< tvd->vdev_reopen_wanted = svd->vdev_reopen_wanted;
< svd->vdev_reopen_wanted = 0;
---
> if (list_link_active(&svd->vdev_state_dirty_node)) {
> vdev_state_clean(svd);
> vdev_state_dirty(tvd);
> }
604a655,657
>
> tvd->vdev_islog = svd->vdev_islog;
> svd->vdev_islog = 0;
631c684
< ASSERT(spa_config_held(spa, RW_WRITER));
---
> ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
660c713
< ASSERT(spa_config_held(cvd->vdev_spa, RW_WRITER));
---
> ASSERT(spa_config_held(cvd->vdev_spa, SCL_ALL, RW_WRITER) == SCL_ALL);
670,671d722
< cvd->vdev_id = mvd->vdev_id;
< vdev_add_child(pvd, cvd);
673,677c724,727
< * If we created a new toplevel vdev, then we need to change the child's
< * vdev GUID to match the old toplevel vdev. Otherwise, we could have
< * detached an offline device, and when we go to import the pool we'll
< * think we have two toplevel vdevs, instead of a different version of
< * the same toplevel vdev.
---
> * If cvd will replace mvd as a top-level vdev, preserve mvd's guid.
> * Otherwise, we could have detached an offline device, and when we
> * go to import the pool we'll think we have two top-level vdevs,
> * instead of a different version of the same top-level vdev.
679,685c729,732
< if (cvd->vdev_top == cvd) {
< pvd->vdev_guid_sum -= cvd->vdev_guid;
< cvd->vdev_guid_sum -= cvd->vdev_guid;
< cvd->vdev_guid = mvd->vdev_guid;
< cvd->vdev_guid_sum += mvd->vdev_guid;
< pvd->vdev_guid_sum += cvd->vdev_guid;
< }
---
> if (mvd->vdev_top == mvd)
> cvd->vdev_guid = cvd->vdev_guid_sum = mvd->vdev_guid;
> cvd->vdev_id = mvd->vdev_id;
> vdev_add_child(pvd, cvd);
700c747
< metaslab_class_t *mc = spa_metaslab_class_select(spa);
---
> metaslab_class_t *mc;
710,711d756
< dprintf("%s oldc %llu newc %llu\n", vdev_description(vd), oldc, newc);
<
713a759,763
> if (vd->vdev_islog)
> mc = spa->spa_log_class;
> else
> mc = spa->spa_normal_class;
>
740,741c790,791
< ASSERT3U(db->db_size, ==, sizeof (smo));
< bcopy(db->db_data, &smo, db->db_size);
---
> ASSERT3U(db->db_size, >=, sizeof (smo));
> bcopy(db->db_data, &smo, sizeof (smo));
767a818,868
> typedef struct vdev_probe_stats {
> boolean_t vps_readable;
> boolean_t vps_writeable;
> int vps_flags;
> zio_t *vps_root;
> vdev_t *vps_vd;
> } vdev_probe_stats_t;
>
> static void
> vdev_probe_done(zio_t *zio)
> {
> vdev_probe_stats_t *vps = zio->io_private;
> vdev_t *vd = vps->vps_vd;
>
> if (zio->io_type == ZIO_TYPE_READ) {
> ASSERT(zio->io_vd == vd);
> if (zio->io_error == 0)
> vps->vps_readable = 1;
> if (zio->io_error == 0 && (spa_mode & FWRITE)) {
> zio_nowait(zio_write_phys(vps->vps_root, vd,
> zio->io_offset, zio->io_size, zio->io_data,
> ZIO_CHECKSUM_OFF, vdev_probe_done, vps,
> ZIO_PRIORITY_SYNC_WRITE, vps->vps_flags, B_TRUE));
> } else {
> zio_buf_free(zio->io_data, zio->io_size);
> }
> } else if (zio->io_type == ZIO_TYPE_WRITE) {
> ASSERT(zio->io_vd == vd);
> if (zio->io_error == 0)
> vps->vps_writeable = 1;
> zio_buf_free(zio->io_data, zio->io_size);
> } else if (zio->io_type == ZIO_TYPE_NULL) {
> ASSERT(zio->io_vd == NULL);
> ASSERT(zio == vps->vps_root);
>
> vd->vdev_cant_read |= !vps->vps_readable;
> vd->vdev_cant_write |= !vps->vps_writeable;
>
> if (vdev_readable(vd) &&
> (vdev_writeable(vd) || !(spa_mode & FWRITE))) {
> zio->io_error = 0;
> } else {
> ASSERT(zio->io_error != 0);
> zfs_ereport_post(FM_EREPORT_ZFS_PROBE_FAILURE,
> zio->io_spa, vd, NULL, 0, 0);
> zio->io_error = ENXIO;
> }
> kmem_free(vps, sizeof (*vps));
> }
> }
>
768a870,924
> * Determine whether this device is accessible by reading and writing
> * to several known locations: the pad regions of each vdev label
> * but the first (which we leave alone in case it contains a VTOC).
> */
> zio_t *
> vdev_probe(vdev_t *vd, zio_t *pio)
> {
> spa_t *spa = vd->vdev_spa;
> vdev_probe_stats_t *vps;
> zio_t *zio;
>
> vps = kmem_zalloc(sizeof (*vps), KM_SLEEP);
>
> vps->vps_flags = ZIO_FLAG_CANFAIL | ZIO_FLAG_PROBE |
> ZIO_FLAG_DONT_CACHE | ZIO_FLAG_DONT_AGGREGATE | ZIO_FLAG_DONT_RETRY;
>
> if (spa_config_held(spa, SCL_ZIO, RW_WRITER)) {
> /*
> * vdev_cant_read and vdev_cant_write can only transition
> * from TRUE to FALSE when we have the SCL_ZIO lock as writer;
> * otherwise they can only transition from FALSE to TRUE.
> * This ensures that any zio looking at these values can
> * assume that failures persist for the life of the I/O.
> * That's important because when a device has intermittent
> * connectivity problems, we want to ensure that they're
> * ascribed to the device (ENXIO) and not the zio (EIO).
> *
> * Since we hold SCL_ZIO as writer here, clear both values
> * so the probe can reevaluate from first principles.
> */
> vps->vps_flags |= ZIO_FLAG_CONFIG_WRITER;
> vd->vdev_cant_read = B_FALSE;
> vd->vdev_cant_write = B_FALSE;
> }
>
> ASSERT(vd->vdev_ops->vdev_op_leaf);
>
> zio = zio_null(pio, spa, vdev_probe_done, vps, vps->vps_flags);
>
> vps->vps_root = zio;
> vps->vps_vd = vd;
>
> for (int l = 1; l < VDEV_LABELS; l++) {
> zio_nowait(zio_read_phys(zio, vd,
> vdev_label_offset(vd->vdev_psize, l,
> offsetof(vdev_label_t, vl_pad)),
> VDEV_SKIP_SIZE, zio_buf_alloc(VDEV_SKIP_SIZE),
> ZIO_CHECKSUM_OFF, vdev_probe_done, vps,
> ZIO_PRIORITY_SYNC_READ, vps->vps_flags, B_TRUE));
> }
>
> return (zio);
> }
>
> /*
784,788d939
< if (vd->vdev_fault_mode == VDEV_FAULT_COUNT)
< vd->vdev_fault_arg >>= 1;
< else
< vd->vdev_fault_mode = VDEV_FAULT_NONE;
<
791,797c942
< if (vd->vdev_ops->vdev_op_leaf) {
< vdev_cache_init(vd);
< vdev_queue_init(vd);
< vd->vdev_cache_active = B_TRUE;
< }
<
< if (vd->vdev_offline) {
---
> if (!vd->vdev_removed && vd->vdev_faulted) {
798a944,948
> vdev_set_state(vd, B_TRUE, VDEV_STATE_FAULTED,
> VDEV_AUX_ERR_EXCEEDED);
> return (ENXIO);
> } else if (vd->vdev_offline) {
> ASSERT(vd->vdev_children == 0);
808,810d957
< dprintf("%s = %d, osize %llu, state = %d\n",
< vdev_description(vd), error, osize, vd->vdev_state);
<
811a959,962
> if (vd->vdev_removed &&
> vd->vdev_stat.vs_aux != VDEV_AUX_OPEN_FAILED)
> vd->vdev_removed = B_FALSE;
>
817c968
< vd->vdev_state = VDEV_STATE_HEALTHY;
---
> vd->vdev_removed = B_FALSE;
818a970,977
> if (vd->vdev_degraded) {
> ASSERT(vd->vdev_children == 0);
> vdev_set_state(vd, B_TRUE, VDEV_STATE_DEGRADED,
> VDEV_AUX_ERR_EXCEEDED);
> } else {
> vd->vdev_state = VDEV_STATE_HEALTHY;
> }
>
885a1045,1055
> * Ensure we can issue some IO before declaring the
> * vdev open for business.
> */
> if (vd->vdev_ops->vdev_op_leaf &&
> (error = zio_wait(vdev_probe(vd, NULL))) != 0) {
> vdev_set_state(vd, B_TRUE, VDEV_STATE_CANT_OPEN,
> VDEV_AUX_IO_FAILURE);
> return (error);
> }
>
> /*
898,905c1068,1071
< * This allows the ZFS DE to close cases appropriately. If a device
< * goes away and later returns, we want to close the associated case.
< * But it's not enough to simply post this only when a device goes from
< * CANT_OPEN -> HEALTHY. If we reboot the system and the device is
< * back, we also need to close the case (otherwise we will try to replay
< * it). So we have to post this notifier every time. Since this only
< * occurs during pool open or error recovery, this should not be an
< * issue.
---
> * If a leaf vdev has a DTL, and seems healthy, then kick off a
> * resilver. But don't do this if we are doing a reopen for a
> * scrub, since this would just restart the scrub we are already
> * doing.
907c1073,1078
< zfs_post_ok(vd->vdev_spa, vd);
---
> if (vd->vdev_children == 0 && !vd->vdev_spa->spa_scrub_reopen) {
> mutex_enter(&vd->vdev_dtl_lock);
> if (vd->vdev_dtl_map.sm_space != 0 && vdev_writeable(vd))
> spa_async_request(vd->vdev_spa, SPA_ASYNC_RESILVER);
> mutex_exit(&vd->vdev_dtl_lock);
> }
915,916c1086
< * inadvertently do repair I/Os to the wrong device, and so that vdev_reopen()
< * won't succeed if the device has been changed underneath.
---
> * inadvertently do repair I/Os to the wrong device.
929c1099
< uint64_t guid;
---
> uint64_t guid, top_guid;
941c1111
< if (vd->vdev_ops->vdev_op_leaf && !vdev_is_dead(vd)) {
---
> if (vd->vdev_ops->vdev_op_leaf && vdev_readable(vd)) {
956a1127,1134
> /*
> * If this vdev just became a top-level vdev because its
> * sibling was detached, it will have adopted the parent's
> * vdev guid -- but the label may or may not be on disk yet.
> * Fortunately, either version of the label will have the
> * same top guid, so if we're a top-level vdev, we can
> * safely compare to that instead.
> */
958c1136,1140
< &guid) != 0 || guid != vd->vdev_guid) {
---
> &guid) != 0 ||
> nvlist_lookup_uint64(label, ZPOOL_CONFIG_TOP_GUID,
> &top_guid) != 0 ||
> (vd->vdev_guid != guid &&
> (vd->vdev_guid != top_guid || vd != vd->vdev_top))) {
977a1160,1167
>
> /*
> * If we were able to open and validate a vdev that was
> * previously marked permanently unavailable, clear that state
> * now.
> */
> if (vd->vdev_not_present)
> vd->vdev_not_present = 0;
980,986d1169
< /*
< * If we were able to open and validate a vdev that was previously
< * marked permanently unavailable, clear that state now.
< */
< if (vd->vdev_not_present)
< vd->vdev_not_present = 0;
<
998,1002c1181
< if (vd->vdev_cache_active) {
< vdev_cache_fini(vd);
< vdev_queue_fini(vd);
< vd->vdev_cache_active = B_FALSE;
< }
---
> vdev_cache_purge(vd);
1023c1202
< ASSERT(spa_config_held(spa, RW_WRITER));
---
> ASSERT(spa_config_held(spa, SCL_STATE_ALL, RW_WRITER) == SCL_STATE_ALL);
1032,1040d1210
< *
< * The downside to this is that if the user is simply experimenting by
< * overwriting an entire disk, we'll fault the device rather than
< * demonstrate self-healing capabilities. On the other hand, with
< * proper FMA integration, the series of errors we'd see from the device
< * would result in a faulted device anyway. Given that this doesn't
< * model any real-world corruption, it's better to catch this here and
< * correctly identify that the device has either changed beneath us, or
< * is corrupted beyond recognition.
1042c1212,1223
< (void) vdev_validate(vd);
---
> if (vd->vdev_aux) {
> (void) vdev_validate_aux(vd);
> if (vdev_readable(vd) && vdev_writeable(vd) &&
> !l2arc_vdev_present(vd)) {
> uint64_t size = vdev_get_rsize(vd);
> l2arc_add_vdev(spa, vd,
> VDEV_LABEL_START_SIZE,
> size - VDEV_LABEL_START_SIZE);
> }
> } else {
> (void) vdev_validate(vd);
> }
1045c1226
< * Reassess root vdev's health.
---
> * Reassess parent vdev's health.
1047c1228
< vdev_propagate_state(spa->spa_root_vdev);
---
> vdev_propagate_state(vd);
1153c1334
< ASSERT(spa_config_held(spa, RW_WRITER));
---
> ASSERT(spa_config_held(spa, SCL_CONFIG, RW_READER));
1157,1162c1338,1347
< /*
< * We're successfully scrubbed everything up to scrub_txg.
< * Therefore, excise all old DTLs up to that point, then
< * fold in the DTLs for everything we couldn't scrub.
< */
< if (scrub_txg != 0) {
---
> if (scrub_txg != 0 &&
> (spa->spa_scrub_started || spa->spa_scrub_errors == 0)) {
> /* XXX should check scrub_done? */
> /*
> * We completed a scrub up to scrub_txg. If we
> * did it without rebooting, then the scrub dtl
> * will be valid, so excise the old region and
> * fold in the scrub dtl. Otherwise, leave the
> * dtl as-is if there was an error.
> */
1168a1354
>
1215,1216c1401,1402
< ASSERT3U(db->db_size, ==, sizeof (*smo));
< bcopy(db->db_data, smo, db->db_size);
---
> ASSERT3U(db->db_size, >=, sizeof (*smo));
> bcopy(db->db_data, smo, sizeof (*smo));
1238,1240d1423
< dprintf("%s in txg %llu pass %d\n",
< vdev_description(vd), (u_longlong_t)txg, spa_sync_pass(spa));
<
1250,1251d1432
< dprintf("detach %s committed in txg %llu\n",
< vdev_description(vd), txg);
1286,1287c1467,1468
< ASSERT3U(db->db_size, ==, sizeof (*smo));
< bcopy(smo, db->db_data, db->db_size);
---
> ASSERT3U(db->db_size, >=, sizeof (*smo));
> bcopy(smo, db->db_data, sizeof (*smo));
1292a1474,1516
> /*
> * Determine if resilver is needed, and if so the txg range.
> */
> boolean_t
> vdev_resilver_needed(vdev_t *vd, uint64_t *minp, uint64_t *maxp)
> {
> boolean_t needed = B_FALSE;
> uint64_t thismin = UINT64_MAX;
> uint64_t thismax = 0;
>
> if (vd->vdev_children == 0) {
> mutex_enter(&vd->vdev_dtl_lock);
> if (vd->vdev_dtl_map.sm_space != 0 && vdev_writeable(vd)) {
> space_seg_t *ss;
>
> ss = avl_first(&vd->vdev_dtl_map.sm_root);
> thismin = ss->ss_start - 1;
> ss = avl_last(&vd->vdev_dtl_map.sm_root);
> thismax = ss->ss_end;
> needed = B_TRUE;
> }
> mutex_exit(&vd->vdev_dtl_lock);
> } else {
> int c;
> for (c = 0; c < vd->vdev_children; c++) {
> vdev_t *cvd = vd->vdev_child[c];
> uint64_t cmin, cmax;
>
> if (vdev_resilver_needed(cvd, &cmin, &cmax)) {
> thismin = MIN(thismin, cmin);
> thismax = MAX(thismax, cmax);
> needed = B_TRUE;
> }
> }
> }
>
> if (needed && minp) {
> *minp = thismin;
> *maxp = thismax;
> }
> return (needed);
> }
>
1322,1326c1546,1550
< * This special case of vdev_spare() is used for hot spares. It's sole purpose
< * it to set the vdev state for the associated vdev. To do this, we make sure
< * that we can open the underlying device, then try to read the label, and make
< * sure that the label is sane and that it hasn't been repurposed to another
< * pool.
---
> * The special vdev case is used for hot spares and l2cache devices. Its
> * sole purpose it to set the vdev state for the associated vdev. To do this,
> * we make sure that we can open the underlying device, then try to read the
> * label, and make sure that the label is sane and that it hasn't been
> * repurposed to another pool.
1329c1553
< vdev_validate_spare(vdev_t *vd)
---
> vdev_validate_aux(vdev_t *vd)
1334a1559,1561
> if (!vdev_readable(vd))
> return (0);
>
1342c1569
< version > ZFS_VERSION ||
---
> version > SPA_VERSION ||
1352,1353d1578
< spa_spare_add(vd);
<
1367,1368d1591
< dprintf("%s txg %llu\n", vdev_description(vd), txg);
<
1381,1383d1603
< dprintf("%s txg %llu pass %d\n",
< vdev_description(vd), (u_longlong_t)txg, spa_sync_pass(spa));
<
1411,1412c1631,1636
< void
< vdev_io_start(zio_t *zio)
---
> /*
> * Mark the given vdev faulted. A faulted vdev behaves as if the device could
> * not be opened, and no I/O is attempted.
> */
> int
> vdev_fault(spa_t *spa, uint64_t guid)
1414,1415c1638
< zio->io_vd->vdev_ops->vdev_op_io_start(zio);
< }
---
> vdev_t *vd;
1417,1420c1640,1676
< void
< vdev_io_done(zio_t *zio)
< {
< zio->io_vd->vdev_ops->vdev_op_io_done(zio);
---
> spa_vdev_state_enter(spa);
>
> if ((vd = spa_lookup_by_guid(spa, guid, B_TRUE)) == NULL)
> return (spa_vdev_state_exit(spa, NULL, ENODEV));
>
> if (!vd->vdev_ops->vdev_op_leaf)
> return (spa_vdev_state_exit(spa, NULL, ENOTSUP));
>
> /*
> * Faulted state takes precedence over degraded.
> */
> vd->vdev_faulted = 1ULL;
> vd->vdev_degraded = 0ULL;
> vdev_set_state(vd, B_FALSE, VDEV_STATE_FAULTED, VDEV_AUX_ERR_EXCEEDED);
>
> /*
> * If marking the vdev as faulted cause the top-level vdev to become
> * unavailable, then back off and simply mark the vdev as degraded
> * instead.
> */
> if (vdev_is_dead(vd->vdev_top) && vd->vdev_aux == NULL) {
> vd->vdev_degraded = 1ULL;
> vd->vdev_faulted = 0ULL;
>
> /*
> * If we reopen the device and it's not dead, only then do we
> * mark it degraded.
> */
> vdev_reopen(vd);
>
> if (vdev_readable(vd)) {
> vdev_set_state(vd, B_FALSE, VDEV_STATE_DEGRADED,
> VDEV_AUX_ERR_EXCEEDED);
> }
> }
>
> return (spa_vdev_state_exit(spa, vd, 0));
1423,1424c1679,1685
< const char *
< vdev_description(vdev_t *vd)
---
> /*
> * Mark the given vdev degraded. A degraded vdev is purely an indication to the
> * user that something is wrong. The vdev continues to operate as normal as far
> * as I/O is concerned.
> */
> int
> vdev_degrade(spa_t *spa, uint64_t guid)
1426,1427c1687
< if (vd == NULL || vd->vdev_ops == NULL)
< return ("<unknown>");
---
> vdev_t *vd;
1429,1430c1689
< if (vd->vdev_path != NULL)
< return (vd->vdev_path);
---
> spa_vdev_state_enter(spa);
1432,1433c1691,1692
< if (vd->vdev_parent == NULL)
< return (spa_name(vd->vdev_spa));
---
> if ((vd = spa_lookup_by_guid(spa, guid, B_TRUE)) == NULL)
> return (spa_vdev_state_exit(spa, NULL, ENODEV));
1435c1694,1708
< return (vd->vdev_ops->vdev_op_type);
---
> if (!vd->vdev_ops->vdev_op_leaf)
> return (spa_vdev_state_exit(spa, NULL, ENOTSUP));
>
> /*
> * If the vdev is already faulted, then don't do anything.
> */
> if (vd->vdev_faulted || vd->vdev_degraded)
> return (spa_vdev_state_exit(spa, NULL, 0));
>
> vd->vdev_degraded = 1ULL;
> if (!vdev_is_dead(vd))
> vdev_set_state(vd, B_FALSE, VDEV_STATE_DEGRADED,
> VDEV_AUX_ERR_EXCEEDED);
>
> return (spa_vdev_state_exit(spa, vd, 0));
1437a1711,1716
> /*
> * Online the given vdev. If 'unspare' is set, it implies two things. First,
> * any attached spare device should be detached when the device finishes
> * resilvering. Second, the online should be treated like a 'test' online case,
> * so no FMA events are generated if the device fails to open.
> */
1439c1718
< vdev_online(spa_t *spa, uint64_t guid)
---
> vdev_online(spa_t *spa, uint64_t guid, uint64_t flags, vdev_state_t *newstate)
1441,1442c1720
< vdev_t *rvd, *vd;
< uint64_t txg;
---
> vdev_t *vd;
1444c1722
< txg = spa_vdev_enter(spa);
---
> spa_vdev_state_enter(spa);
1446c1724,1725
< rvd = spa->spa_root_vdev;
---
> if ((vd = spa_lookup_by_guid(spa, guid, B_TRUE)) == NULL)
> return (spa_vdev_state_exit(spa, NULL, ENODEV));
1448,1450d1726
< if ((vd = vdev_lookup_by_guid(rvd, guid)) == NULL)
< return (spa_vdev_exit(spa, NULL, txg, ENODEV));
<
1452c1728
< return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
---
> return (spa_vdev_state_exit(spa, NULL, ENOTSUP));
1454,1455d1729
< dprintf("ONLINE: %s\n", vdev_description(vd));
<
1457a1732,1733
> vd->vdev_checkremove = !!(flags & ZFS_ONLINE_CHECKREMOVE);
> vd->vdev_forcefault = !!(flags & ZFS_ONLINE_FORCEFAULT);
1458a1735
> vd->vdev_checkremove = vd->vdev_forcefault = B_FALSE;
1460c1737,1743
< vdev_config_dirty(vd->vdev_top);
---
> if (newstate)
> *newstate = vd->vdev_state;
> if ((flags & ZFS_ONLINE_UNSPARE) &&
> !vdev_is_dead(vd) && vd->vdev_parent &&
> vd->vdev_parent->vdev_ops == &vdev_spare_ops &&
> vd->vdev_parent->vdev_child[0] == vd)
> vd->vdev_unspare = B_TRUE;
1462c1745
< (void) spa_vdev_exit(spa, NULL, txg, 0);
---
> (void) spa_vdev_state_exit(spa, vd, 0);
1464c1747
< VERIFY(spa_scrub(spa, POOL_SCRUB_RESILVER, B_TRUE) == 0);
---
> VERIFY3U(spa_scrub(spa, POOL_SCRUB_RESILVER), ==, 0);
1470c1753
< vdev_offline(spa_t *spa, uint64_t guid, int istmp)
---
> vdev_offline(spa_t *spa, uint64_t guid, uint64_t flags)
1472,1473c1755
< vdev_t *rvd, *vd;
< uint64_t txg;
---
> vdev_t *vd;
1475c1757
< txg = spa_vdev_enter(spa);
---
> spa_vdev_state_enter(spa);
1477c1759,1760
< rvd = spa->spa_root_vdev;
---
> if ((vd = spa_lookup_by_guid(spa, guid, B_TRUE)) == NULL)
> return (spa_vdev_state_exit(spa, NULL, ENODEV));
1479,1481d1761
< if ((vd = vdev_lookup_by_guid(rvd, guid)) == NULL)
< return (spa_vdev_exit(spa, NULL, txg, ENODEV));
<
1483c1763
< return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
---
> return (spa_vdev_state_exit(spa, NULL, ENOTSUP));
1485,1486d1764
< dprintf("OFFLINE: %s\n", vdev_description(vd));
<
1499c1777
< return (spa_vdev_exit(spa, NULL, txg, EBUSY));
---
> return (spa_vdev_state_exit(spa, NULL, EBUSY));
1508c1786
< if (vdev_is_dead(vd->vdev_top)) {
---
> if (vdev_is_dead(vd->vdev_top) && vd->vdev_aux == NULL) {
1511c1789
< return (spa_vdev_exit(spa, NULL, txg, EBUSY));
---
> return (spa_vdev_state_exit(spa, NULL, EBUSY));
1515c1793
< vd->vdev_tmpoffline = istmp;
---
> vd->vdev_tmpoffline = !!(flags & ZFS_OFFLINE_TEMPORARY);
1517,1519c1795
< vdev_config_dirty(vd->vdev_top);
<
< return (spa_vdev_exit(spa, NULL, txg, 0));
---
> return (spa_vdev_state_exit(spa, vd, 0));
1530c1806
< int c;
---
> vdev_t *rvd = spa->spa_root_vdev;
1531a1808,1809
> ASSERT(spa_config_held(spa, SCL_STATE_ALL, RW_WRITER) == SCL_STATE_ALL);
>
1533c1811
< vd = spa->spa_root_vdev;
---
> vd = rvd;
1539c1817
< for (c = 0; c < vd->vdev_children; c++)
---
> for (int c = 0; c < vd->vdev_children; c++)
1540a1819,1842
>
> /*
> * If we're in the FAULTED state or have experienced failed I/O, then
> * clear the persistent state and attempt to reopen the device. We
> * also mark the vdev config dirty, so that the new faulted state is
> * written out to disk.
> */
> if (vd->vdev_faulted || vd->vdev_degraded ||
> !vdev_readable(vd) || !vdev_writeable(vd)) {
>
> vd->vdev_faulted = vd->vdev_degraded = 0;
> vd->vdev_cant_read = B_FALSE;
> vd->vdev_cant_write = B_FALSE;
>
> vdev_reopen(vd);
>
> if (vd != rvd)
> vdev_state_dirty(vd->vdev_top);
>
> if (vd->vdev_aux == NULL && !vdev_is_dead(vd))
> spa_async_request(spa, SPA_ASYNC_RESILVER);
>
> spa_event_notify(spa, vd, ESC_ZFS_VDEV_CLEAR);
> }
1543c1845
< int
---
> boolean_t
1546c1848
< return (vd->vdev_state <= VDEV_STATE_CANT_OPEN);
---
> return (vd->vdev_state < VDEV_STATE_DEGRADED);
1549,1550c1851,1852
< int
< vdev_error_inject(vdev_t *vd, zio_t *zio)
---
> boolean_t
> vdev_readable(vdev_t *vd)
1552c1854,1855
< int error = 0;
---
> return (!vdev_is_dead(vd) && !vd->vdev_cant_read);
> }
1554,1555c1857,1861
< if (vd->vdev_fault_mode == VDEV_FAULT_NONE)
< return (0);
---
> boolean_t
> vdev_writeable(vdev_t *vd)
> {
> return (!vdev_is_dead(vd) && !vd->vdev_cant_write);
> }
1557,1558c1863,1866
< if (((1ULL << zio->io_type) & vd->vdev_fault_mask) == 0)
< return (0);
---
> boolean_t
> vdev_accessible(vdev_t *vd, zio_t *zio)
> {
> ASSERT(zio->io_vd == vd);
1560,1564c1868,1869
< switch (vd->vdev_fault_mode) {
< case VDEV_FAULT_RANDOM:
< if (spa_get_random(vd->vdev_fault_arg) == 0)
< error = EIO;
< break;
---
> if (vdev_is_dead(vd) || vd->vdev_remove_wanted)
> return (B_FALSE);
1566,1571c1871,1872
< case VDEV_FAULT_COUNT:
< if ((int64_t)--vd->vdev_fault_arg <= 0)
< vd->vdev_fault_mode = VDEV_FAULT_NONE;
< error = EIO;
< break;
< }
---
> if (zio->io_type == ZIO_TYPE_READ)
> return (!vd->vdev_cant_read);
1573,1577c1874,1875
< if (error != 0) {
< dprintf("returning %d for type %d on %s state %d offset %llx\n",
< error, zio->io_type, vdev_description(vd),
< vd->vdev_state, zio->io_offset);
< }
---
> if (zio->io_type == ZIO_TYPE_WRITE)
> return (!vd->vdev_cant_write);
1579c1877
< return (error);
---
> return (B_TRUE);
1589d1886
< int c, t;
1592a1890
> vs->vs_scrub_errors = vd->vdev_spa->spa_scrub_errors;
1603c1901
< for (c = 0; c < rvd->vdev_children; c++) {
---
> for (int c = 0; c < rvd->vdev_children; c++) {
1608c1906
< for (t = 0; t < ZIO_TYPES; t++) {
---
> for (int t = 0; t < ZIO_TYPES; t++) {
1612,1614d1909
< vs->vs_read_errors += cvs->vs_read_errors;
< vs->vs_write_errors += cvs->vs_write_errors;
< vs->vs_checksum_errors += cvs->vs_checksum_errors;
1616d1910
< vs->vs_scrub_errors += cvs->vs_scrub_errors;
1623c1917
< vdev_stat_update(zio_t *zio)
---
> vdev_clear_stats(vdev_t *vd)
1625c1919,1930
< vdev_t *vd = zio->io_vd;
---
> mutex_enter(&vd->vdev_stat_lock);
> vd->vdev_stat.vs_space = 0;
> vd->vdev_stat.vs_dspace = 0;
> vd->vdev_stat.vs_alloc = 0;
> mutex_exit(&vd->vdev_stat_lock);
> }
>
> void
> vdev_stat_update(zio_t *zio, uint64_t psize)
> {
> vdev_t *rvd = zio->io_spa->spa_root_vdev;
> vdev_t *vd = zio->io_vd ? zio->io_vd : rvd;
1631a1937,1942
> /*
> * If this i/o is a gang leader, it didn't do any actual work.
> */
> if (zio->io_gang_tree)
> return;
>
1632a1944,1961
> /*
> * If this is a root i/o, don't count it -- we've already
> * counted the top-level vdevs, and vdev_get_stats() will
> * aggregate them when asked. This reduces contention on
> * the root vdev_stat_lock and implicitly handles blocks
> * that compress away to holes, for which there is no i/o.
> * (Holes never create vdev children, so all the counters
> * remain zero, which is what we want.)
> *
> * Note: this only applies to successful i/o (io_error == 0)
> * because unlike i/o counts, errors are not additive.
> * When reading a ditto block, for example, failure of
> * one top-level vdev does not imply a root-level error.
> */
> if (vd == rvd)
> return;
>
> ASSERT(vd == zio->io_vd);
1636c1965
< vs->vs_bytes[type] += zio->io_size;
---
> vs->vs_bytes[type] += psize;
1639,1640c1968,1969
< if ((flags & ZIO_FLAG_IO_REPAIR) &&
< zio->io_delegate_list == NULL) {
---
> if (flags & ZIO_FLAG_IO_REPAIR) {
> ASSERT(zio->io_delegate_list == NULL);
1643c1972
< vs->vs_scrub_repaired += zio->io_size;
---
> vs->vs_scrub_repaired += psize;
1645c1974
< vs->vs_self_healed += zio->io_size;
---
> vs->vs_self_healed += psize;
1654,1664c1983,1988
< if (!vdev_is_dead(vd)) {
< mutex_enter(&vd->vdev_stat_lock);
< if (type == ZIO_TYPE_READ) {
< if (zio->io_error == ECKSUM)
< vs->vs_checksum_errors++;
< else
< vs->vs_read_errors++;
< }
< if (type == ZIO_TYPE_WRITE)
< vs->vs_write_errors++;
< mutex_exit(&vd->vdev_stat_lock);
---
> mutex_enter(&vd->vdev_stat_lock);
> if (type == ZIO_TYPE_READ) {
> if (zio->io_error == ECKSUM)
> vs->vs_checksum_errors++;
> else
> vs->vs_read_errors++;
1665a1990,1992
> if (type == ZIO_TYPE_WRITE)
> vs->vs_write_errors++;
> mutex_exit(&vd->vdev_stat_lock);
1667,1669c1994
< if (type == ZIO_TYPE_WRITE) {
< if (txg == 0 || vd->vdev_children != 0)
< return;
---
> if (type == ZIO_TYPE_WRITE && txg != 0 && vd->vdev_children == 0) {
1708d2032
< vs->vs_scrub_errors = 0;
1720c2044,2045
< vdev_space_update(vdev_t *vd, int64_t space_delta, int64_t alloc_delta)
---
> vdev_space_update(vdev_t *vd, int64_t space_delta, int64_t alloc_delta,
> boolean_t update_root)
1722d2046
< ASSERT(vd == vd->vdev_top);
1723a2048,2049
> spa_t *spa = vd->vdev_spa;
> vdev_t *rvd = spa->spa_root_vdev;
1725,1739c2051
< do {
< if (vd->vdev_ms_count) {
< /*
< * If this is a top-level vdev, apply the
< * inverse of its psize-to-asize (ie. RAID-Z)
< * space-expansion factor. We must calculate
< * this here and not at the root vdev because
< * the root vdev's psize-to-asize is simply the
< * max of its childrens', thus not accurate
< * enough for us.
< */
< ASSERT((dspace_delta & (SPA_MINBLOCKSIZE-1)) == 0);
< dspace_delta = (dspace_delta >> SPA_MINBLOCKSHIFT) *
< vd->vdev_deflate_ratio;
< }
---
> ASSERT(vd == vd->vdev_top);
1741,1746c2053,2085
< mutex_enter(&vd->vdev_stat_lock);
< vd->vdev_stat.vs_space += space_delta;
< vd->vdev_stat.vs_alloc += alloc_delta;
< vd->vdev_stat.vs_dspace += dspace_delta;
< mutex_exit(&vd->vdev_stat_lock);
< } while ((vd = vd->vdev_parent) != NULL);
---
> /*
> * Apply the inverse of the psize-to-asize (ie. RAID-Z) space-expansion
> * factor. We must calculate this here and not at the root vdev
> * because the root vdev's psize-to-asize is simply the max of its
> * childrens', thus not accurate enough for us.
> */
> ASSERT((dspace_delta & (SPA_MINBLOCKSIZE-1)) == 0);
> dspace_delta = (dspace_delta >> SPA_MINBLOCKSHIFT) *
> vd->vdev_deflate_ratio;
>
> mutex_enter(&vd->vdev_stat_lock);
> vd->vdev_stat.vs_space += space_delta;
> vd->vdev_stat.vs_alloc += alloc_delta;
> vd->vdev_stat.vs_dspace += dspace_delta;
> mutex_exit(&vd->vdev_stat_lock);
>
> if (update_root) {
> ASSERT(rvd == vd->vdev_parent);
> ASSERT(vd->vdev_ms_count != 0);
>
> /*
> * Don't count non-normal (e.g. intent log) space as part of
> * the pool's capacity.
> */
> if (vd->vdev_mg->mg_class != spa->spa_normal_class)
> return;
>
> mutex_enter(&rvd->vdev_stat_lock);
> rvd->vdev_stat.vs_space += space_delta;
> rvd->vdev_stat.vs_alloc += alloc_delta;
> rvd->vdev_stat.vs_dspace += dspace_delta;
> mutex_exit(&rvd->vdev_stat_lock);
> }
1762,1764c2101,2142
< * The dirty list is protected by the config lock. The caller must
< * either hold the config lock as writer, or must be the sync thread
< * (which holds the lock as reader). There's only one sync thread,
---
> * If this is an aux vdev (as with l2cache devices), then we update the
> * vdev config manually and set the sync flag.
> */
> if (vd->vdev_aux != NULL) {
> spa_aux_vdev_t *sav = vd->vdev_aux;
> nvlist_t **aux;
> uint_t naux;
>
> for (c = 0; c < sav->sav_count; c++) {
> if (sav->sav_vdevs[c] == vd)
> break;
> }
>
> if (c == sav->sav_count) {
> /*
> * We're being removed. There's nothing more to do.
> */
> ASSERT(sav->sav_sync == B_TRUE);
> return;
> }
>
> sav->sav_sync = B_TRUE;
>
> VERIFY(nvlist_lookup_nvlist_array(sav->sav_config,
> ZPOOL_CONFIG_L2CACHE, &aux, &naux) == 0);
>
> ASSERT(c < naux);
>
> /*
> * Setting the nvlist in the middle if the array is a little
> * sketchy, but it will work.
> */
> nvlist_free(aux[c]);
> aux[c] = vdev_config_generate(spa, vd, B_TRUE, B_FALSE, B_TRUE);
>
> return;
> }
>
> /*
> * The dirty list is protected by the SCL_CONFIG lock. The caller
> * must either hold SCL_CONFIG as writer, or must be the sync thread
> * (which holds SCL_CONFIG as reader). There's only one sync thread,
1767,1768c2145,2147
< ASSERT(spa_config_held(spa, RW_WRITER) ||
< dsl_pool_sync_context(spa_get_dsl(spa)));
---
> ASSERT(spa_config_held(spa, SCL_CONFIG, RW_WRITER) ||
> (dsl_pool_sync_context(spa_get_dsl(spa)) &&
> spa_config_held(spa, SCL_CONFIG, RW_READER)));
1776,1777c2155,2156
< if (!list_link_active(&vd->vdev_dirty_node))
< list_insert_head(&spa->spa_dirty_list, vd);
---
> if (!list_link_active(&vd->vdev_config_dirty_node))
> list_insert_head(&spa->spa_config_dirty_list, vd);
1786,1787c2165,2167
< ASSERT(spa_config_held(spa, RW_WRITER) ||
< dsl_pool_sync_context(spa_get_dsl(spa)));
---
> ASSERT(spa_config_held(spa, SCL_CONFIG, RW_WRITER) ||
> (dsl_pool_sync_context(spa_get_dsl(spa)) &&
> spa_config_held(spa, SCL_CONFIG, RW_READER)));
1789,1790c2169,2170
< ASSERT(list_link_active(&vd->vdev_dirty_node));
< list_remove(&spa->spa_dirty_list, vd);
---
> ASSERT(list_link_active(&vd->vdev_config_dirty_node));
> list_remove(&spa->spa_config_dirty_list, vd);
1792a2173,2178
> /*
> * Mark a top-level vdev's state as dirty, so that the next pass of
> * spa_sync() can convert this into vdev_config_dirty(). We distinguish
> * the state changes from larger config changes because they require
> * much less locking, and are often needed for administrative actions.
> */
1793a2180,2216
> vdev_state_dirty(vdev_t *vd)
> {
> spa_t *spa = vd->vdev_spa;
>
> ASSERT(vd == vd->vdev_top);
>
> /*
> * The state list is protected by the SCL_STATE lock. The caller
> * must either hold SCL_STATE as writer, or must be the sync thread
> * (which holds SCL_STATE as reader). There's only one sync thread,
> * so this is sufficient to ensure mutual exclusion.
> */
> ASSERT(spa_config_held(spa, SCL_STATE, RW_WRITER) ||
> (dsl_pool_sync_context(spa_get_dsl(spa)) &&
> spa_config_held(spa, SCL_STATE, RW_READER)));
>
> if (!list_link_active(&vd->vdev_state_dirty_node))
> list_insert_head(&spa->spa_state_dirty_list, vd);
> }
>
> void
> vdev_state_clean(vdev_t *vd)
> {
> spa_t *spa = vd->vdev_spa;
>
> ASSERT(spa_config_held(spa, SCL_STATE, RW_WRITER) ||
> (dsl_pool_sync_context(spa_get_dsl(spa)) &&
> spa_config_held(spa, SCL_STATE, RW_READER)));
>
> ASSERT(list_link_active(&vd->vdev_state_dirty_node));
> list_remove(&spa->spa_state_dirty_list, vd);
> }
>
> /*
> * Propagate vdev state up from children to parent.
> */
> void
1802,1807c2225,2227
< for (c = 0; c < vd->vdev_children; c++) {
< child = vd->vdev_child[c];
< if (child->vdev_state <= VDEV_STATE_CANT_OPEN)
< faulted++;
< else if (child->vdev_state == VDEV_STATE_DEGRADED)
< degraded++;
---
> if (vd->vdev_children > 0) {
> for (c = 0; c < vd->vdev_children; c++) {
> child = vd->vdev_child[c];
1809,1811c2229,2242
< if (child->vdev_stat.vs_aux == VDEV_AUX_CORRUPT_DATA)
< corrupted++;
< }
---
> if (!vdev_readable(child) ||
> (!vdev_writeable(child) && (spa_mode & FWRITE))) {
> /*
> * Root special: if there is a top-level log
> * device, treat the root vdev as if it were
> * degraded.
> */
> if (child->vdev_islog && vd == rvd)
> degraded++;
> else
> faulted++;
> } else if (child->vdev_state <= VDEV_STATE_DEGRADED) {
> degraded++;
> }
1813c2244,2246
< vd->vdev_ops->vdev_op_state_change(vd, faulted, degraded);
---
> if (child->vdev_stat.vs_aux == VDEV_AUX_CORRUPT_DATA)
> corrupted++;
> }
1815,1823c2248,2263
< /*
< * Root special: if there is a toplevel vdev that cannot be
< * opened due to corrupted metadata, then propagate the root
< * vdev's aux state as 'corrupt' rather than 'insufficient
< * replicas'.
< */
< if (corrupted && vd == rvd && rvd->vdev_state == VDEV_STATE_CANT_OPEN)
< vdev_set_state(rvd, B_FALSE, VDEV_STATE_CANT_OPEN,
< VDEV_AUX_CORRUPT_DATA);
---
> vd->vdev_ops->vdev_op_state_change(vd, faulted, degraded);
>
> /*
> * Root special: if there is a top-level vdev that cannot be
> * opened due to corrupted metadata, then propagate the root
> * vdev's aux state as 'corrupt' rather than 'insufficient
> * replicas'.
> */
> if (corrupted && vd == rvd &&
> rvd->vdev_state == VDEV_STATE_CANT_OPEN)
> vdev_set_state(rvd, B_FALSE, VDEV_STATE_CANT_OPEN,
> VDEV_AUX_CORRUPT_DATA);
> }
>
> if (vd->vdev_parent)
> vdev_propagate_state(vd->vdev_parent);
1837a2278
> spa_t *spa = vd->vdev_spa;
1860c2301,2303
< if (state == VDEV_STATE_CANT_OPEN) {
---
> if (vd->vdev_removed &&
> state == VDEV_STATE_CANT_OPEN &&
> (aux == VDEV_AUX_OPEN_FAILED || vd->vdev_checkremove)) {
1861a2305,2323
> * If the previous state is set to VDEV_STATE_REMOVED, then this
> * device was previously marked removed and someone attempted to
> * reopen it. If this failed due to a nonexistent device, then
> * keep the device in the REMOVED state. We also let this be if
> * it is one of our special test online cases, which is only
> * attempting to online the device and shouldn't generate an FMA
> * fault.
> */
> vd->vdev_state = VDEV_STATE_REMOVED;
> vd->vdev_stat.vs_aux = VDEV_AUX_NONE;
> } else if (state == VDEV_STATE_REMOVED) {
> /*
> * Indicate to the ZFS DE that this device has been removed, and
> * any recent errors should be ignored.
> */
> zfs_post_remove(spa, vd);
> vd->vdev_removed = B_TRUE;
> } else if (state == VDEV_STATE_CANT_OPEN) {
> /*
1867c2329,2330
< if (vd->vdev_spa->spa_load_state == SPA_LOAD_IMPORT &&
---
> if (spa->spa_load_state == SPA_LOAD_IMPORT &&
> !spa->spa_import_faulted &&
1876a2340,2347
> *
> * If the 'checkremove' flag is set, then this is an attempt to
> * online the device in response to an insertion event. If we
> * hit this case, then we have detected an insertion event for a
> * faulted or offline device that wasn't in the removed state.
> * In this scenario, we don't post an ereport because we are
> * about to replace the device, or attempt an online with
> * vdev_forcefault, which will generate the fault for us.
1878,1879c2349,2351
< if (vd->vdev_prevstate != state && !vd->vdev_not_present &&
< vd != vd->vdev_spa->spa_root_vdev) {
---
> if ((vd->vdev_prevstate != state || vd->vdev_forcefault) &&
> !vd->vdev_not_present && !vd->vdev_checkremove &&
> vd != spa->spa_root_vdev) {
1900a2373,2375
> case VDEV_AUX_IO_FAILURE:
> class = FM_EREPORT_ZFS_IO_FAILURE;
> break;
1905,1906c2380
< zfs_ereport_post(class, vd->vdev_spa,
< vd, NULL, save_state, 0);
---
> zfs_ereport_post(class, spa, vd, NULL, save_state, 0);
1907a2382,2386
>
> /* Erase any notion of persistent removed state */
> vd->vdev_removed = B_FALSE;
> } else {
> vd->vdev_removed = B_FALSE;
1910,1911c2389,2391
< if (isopen)
< return;
---
> if (!isopen)
> vdev_propagate_state(vd);
> }
1913,1914c2393,2422
< if (vd->vdev_parent != NULL)
< vdev_propagate_state(vd->vdev_parent);
---
> /*
> * Check the vdev configuration to ensure that it's capable of supporting
> * a root pool. Currently, we do not support RAID-Z or partial configuration.
> * In addition, only a single top-level vdev is allowed and none of the leaves
> * can be wholedisks.
> */
> boolean_t
> vdev_is_bootable(vdev_t *vd)
> {
> int c;
>
> if (!vd->vdev_ops->vdev_op_leaf) {
> char *vdev_type = vd->vdev_ops->vdev_op_type;
>
> if (strcmp(vdev_type, VDEV_TYPE_ROOT) == 0 &&
> vd->vdev_children > 1) {
> return (B_FALSE);
> } else if (strcmp(vdev_type, VDEV_TYPE_RAIDZ) == 0 ||
> strcmp(vdev_type, VDEV_TYPE_MISSING) == 0) {
> return (B_FALSE);
> }
> } else if (vd->vdev_wholedisk == 1) {
> return (B_FALSE);
> }
>
> for (c = 0; c < vd->vdev_children; c++) {
> if (!vdev_is_bootable(vd->vdev_child[c]))
> return (B_FALSE);
> }
> return (B_TRUE);