| blob | f1d8989742e817ffe8574433136d93c5beb79f00 |
1 /*
2 * Copyright (c) 2013-2018 The DragonFly Project. All rights reserved.
3 *
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@dragonflybsd.org>
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34 /*
35 * The cluster module collects multiple chains representing the same
36 * information from different nodes into a single entity. It allows direct
37 * access to media data as long as it is not blockref array data (which
38 * will obviously have to be different at each node).
39 *
40 * This module also handles I/O dispatch, status rollup, and various
41 * mastership arrangements including quorum operations. It effectively
42 * presents one topology to the vnops layer.
43 *
44 * Many of the API calls mimic chain API calls but operate on clusters
45 * instead of chains. Please see hammer2_chain.c for more complete code
46 * documentation of the API functions.
47 *
48 * WARNING! This module is *extremely* complex. It must issue asynchronous
49 * locks and I/O, do quorum and/or master-slave processing, and
50 * it must operate properly even if some nodes are broken (which
51 * can also mean indefinite locks).
52 *
53 * CLUSTER OPERATIONS
54 *
55 * Cluster operations can be broken down into three pieces:
56 *
57 * (1) Chain locking and data retrieval.
58 *
59 * - Most complex functions, quorum management on transaction ids.
60 *
61 * - Locking and data accesses must be internally asynchronous.
62 *
63 * - Validate and manage cache coherency primitives (cache state
64 * is stored in chain topologies but must be validated by these
65 * functions).
66 *
67 * (2) Lookups and Scans
68 * hammer2_cluster_lookup()
69 * hammer2_cluster_next()
70 *
71 * - Depend on locking & data retrieval functions, but still complex.
72 *
73 * - Must do quorum management on transaction ids.
74 *
75 * - Lookup and Iteration ops Must be internally asynchronous.
76 *
77 * (3) Modifying Operations
78 * hammer2_cluster_create()
79 *
80 * - Can usually punt on failures, operation continues unless quorum
81 * is lost. If quorum is lost, must wait for resynchronization
82 * (depending on the management mode).
83 *
84 * - Must disconnect node on failures (also not flush), remount, and
85 * resynchronize.
86 *
87 * - Network links (via kdmsg) are relatively easy to issue as the
88 * complex underworkings of hammer2_chain.c don't have to messed
89 * with (the protocol is at a higher level than block-level).
90 *
91 * - Multiple local disk nodes (i.e. block devices) are another matter.
92 * Chain operations have to be dispatched to per-node threads (xN)
93 * because we can't asynchronize potentially very complex chain
94 * operations in hammer2_chain.c (it would be a huge mess).
95 *
96 * (these threads are also used to terminate incoming kdmsg ops from
97 * other machines).
98 *
99 * - Single-node filesystems do not use threads and will simply call
100 * hammer2_chain.c functions directly. This short-cut is handled
101 * at the base of each cluster function.
102 */
103 #include <sys/cdefs.h>
104 #include <sys/param.h>
105 #include <sys/systm.h>
106 #include <sys/types.h>
110 /*
111 * Returns the bref type of the cluster's foucs.
112 *
113 * If the cluster is errored, returns HAMMER2_BREF_TYPE_EMPTY (0).
114 * The cluster must be locked.
115 */
116 uint8_t
118 {
122 }
124 }
126 /*
127 * Returns the bref of the cluster's focus, sans any data-offset information
128 * (since offset information is per-node and wouldn't be useful).
129 *
130 * Callers use this function to access modify_tid, mirror_tid, type,
131 * key, and keybits.
132 *
133 * If the cluster is errored, returns an empty bref.
134 * The cluster must be locked.
135 */
136 void
138 {
145 }
146 }
148 /*
149 * Create a degenerate cluster with one ref from a single locked chain.
150 * The returned cluster will be focused on the chain and inherit its
151 * error state.
152 *
153 * The chain's lock and reference are transfered to the new cluster, so
154 * the caller should not try to unlock the chain separately.
155 *
156 * We fake the flags.
157 */
158 void
160 {
175 HAMMER2_CLUSTER_WRHARD |
176 HAMMER2_CLUSTER_RDHARD |
177 HAMMER2_CLUSTER_MSYNCED |
178 HAMMER2_CLUSTER_SSYNCED;
179 }
181 /*
182 * Add a reference to a cluster and its underlying chains.
183 *
184 * We must also ref the underlying chains in order to allow ref/unlock
185 * sequences to later re-lock.
186 */
187 void
189 {
191 }
193 /*
194 * Drop the caller's reference to the cluster. When the ref count drops to
195 * zero this function frees the cluster and drops all underlying chains.
196 *
197 * In-progress read I/Os are typically detached from the cluster once the
198 * first one returns (the remaining stay attached to the DIOs but are then
199 * ignored and drop naturally).
200 */
201 void
203 {
217 }
218 }
222 /* cluster is invalid */
223 }
224 }
226 /*
227 * Lock a cluster. Cluster must already be referenced. Focus is maintained.
228 *
229 * WARNING! This function expects the caller to handle resolution of the
230 * cluster. We never re-resolve the cluster in this function,
231 * because it might be used to temporarily unlock/relock a cparent
232 * in an iteration or recursrion, and the cparents elements do not
233 * necessarily match.
234 */
235 void
237 {
241 /* cannot be on inode-embedded cluster template, must be on copy */
246 cluster);
247 }
250 /*
251 * Lock chains and resolve state.
252 */
258 }
259 }
261 void
263 {
272 }
273 }
275 void
277 {
286 }
287 }
289 /*
290 * This is used by the XOPS subsystem to calculate the state of
291 * the collection and tell hammer2_xop_collect() what to do with it.
292 * The collection can be in various states of desynchronization, the
293 * caller specifically wants to resolve the passed-in key.
294 *
295 * Return values (HAMMER2_ERROR_*):
296 *
297 * 0 - Quorum agreement, key is valid
298 *
299 * ENOENT - Quorum agreement, end of scan
300 *
301 * ESRCH - Quorum agreement, key is INVALID (caller should
302 * skip key).
303 *
304 * EIO - Quorum agreement but all elements had errors.
305 *
306 * EDEADLK - No quorum agreement possible for key, a repair
307 * may be needed. Caller has to decide what to do,
308 * possibly iterating the key or generating an EIO.
309 *
310 * EINPROGRESS - No quorum agreement yet, but agreement is still
311 * possible if caller waits for more responses. Caller
312 * should not iterate key.
313 *
314 * CHECK - CRC check error
315 *
316 * NOTE! If the pmp is in HMNT2_LOCAL mode, the cluster check always succeeds.
317 *
318 * XXX needs to handle SOFT_MASTER and SOFT_SLAVE
319 */
320 int
322 {
326 hammer2_tid_t quorum_tid;
327 hammer2_tid_t last_best_quorum_tid;
345 /*
346 * Calculate quorum
347 */
353 /*
354 * Pass 1
355 *
356 * NOTE: A NULL chain is not necessarily an error, it could be
357 * e.g. a lookup failure or the end of an iteration.
358 * Process normally.
359 */
368 /* error will be overridden by valid focus */
369 /* XXX */
370 }
372 /*
373 * Must count total masters and slaves whether the
374 * chain is errored or not.
375 */
384 }
386 }
402 /*
403 * Degenerate cluster representing the super-root
404 * topology on a single device. Fake stuff so
405 * cluster ops work as expected.
406 */
416 }
417 }
419 /*
420 * Pass 2
421 *
422 * Resolve nmasters - master nodes fully match
423 *
424 * Resolve umasters - master nodes operation still
425 * in progress
426 *
427 * Resolve nmasters_keymatch - master nodes match the passed-in
428 * key and may or may not match
429 * the quorum-agreed tid.
430 *
431 * The quorum-agreed TID is the highest matching TID.
432 */
446 /* XXX SOFT smpresent handling */
453 }
458 /*
459 * Skip elements still in progress. umasters keeps
460 * track of masters that might still be in-progress.
461 */
466 }
468 /*
469 * Key match?
470 */
477 }
484 last_best_quorum_tid &&
486 /*
487 * Select new TID as master if better
488 * than any found so far in this loop,
489 * as long as it does not reach the
490 * best tid found in the previous loop.
491 */
494 }
496 /*
497 * TID matches current collection.
498 *
499 * (error handled in next pass)
500 */
505 }
506 }
507 }
508 }
512 }
514 /*
515 kprintf("nmasters %d/%d nmaster_keymatch=%d umasters=%d\n",
516 nmasters, nquorum, nmasters_keymatch, umasters);
517 */
519 /*
520 * Early return if we do not have enough masters.
521 */
528 }
530 /*
531 * Validated end of scan.
532 */
537 }
539 /*
540 * If we have a NULL focus at this point the agreeing quorum all
541 * had chain errors.
542 */
546 /*
547 * Pass 3
548 *
549 * We have quorum agreement, validate elements, not end of scan.
550 */
561 }
563 /*
564 * Quorum Match
565 *
566 * XXX for now, cumulative error.
567 */
579 /*
580 * We must have enough up-to-date masters to reach
581 * a quorum and the slave modify_tid must match the
582 * quorum's modify_tid.
583 *
584 * Do not select an errored slave.
585 */
591 /*
592 * Directly mounted soft master always wins. There
593 * should be only one.
594 */
599 /*
600 * Directly mounted soft slave always wins. There
601 * should be only one.
602 *
603 * XXX
604 */
608 /*
609 * spmp (degenerate case)
610 */
618 }
619 }
621 /*
622 * Focus now set, adjust ddflag. Skip this pass if the focus
623 * is bad or if we are at the PFS root (the bref won't match at
624 * the PFS root, obviously).
625 *
626 * focus is probably not locked and it isn't safe to test its
627 * content (e.g. focus->data, focus->dio, other content). We
628 * do not synchronize the dio to the cpu here. In fact, in numerous
629 * situations the frontend doesn't even need to access its dio/data,
630 * so synchronizing it here would be wasteful.
631 */
639 }
643 /*
644 * Pass 4
645 *
646 * Validate the elements that were not marked invalid. They should
647 * match.
648 */
671 "bref test: idx=%d type=%02x/%02x "
672 "key=%016jx/%d-%016jx/%d "
674 i,
682 /* flag issue and force resync? */
683 }
684 }
685 skip4:
692 /*
693 * Set SSYNCED or MSYNCED for slaves and masters respectively if
694 * all available nodes (even if 0 are available) are fully
695 * synchronized. This is used by the synchronization thread to
696 * determine if there is work it could potentially accomplish.
697 */
703 /*
704 * Determine if the cluster was successfully locked for the
705 * requested operation and generate an error code. The cluster
706 * will not be locked (or ref'd) if an error is returned.
707 */
712 }
714 /*
715 * Unlock a cluster. Refcount and focus is maintained.
716 */
717 void
719 {
725 cluster);
726 }
735 }
736 }