xref: /illumos-gate/usr/src/cmd/fm/modules/common/zfs-retire/zfs_retire.c (revision b1d7ec75953cd517f5b7c3d9cb427ff8ec5d7d07)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 /*
26  * The ZFS retire agent is responsible for managing hot spares across all pools.
27  * When we see a device fault or a device removal, we try to open the associated
28  * pool and look for any hot spares.  We iterate over any available hot spares
29  * and attempt a 'zpool replace' for each one.
30  *
31  * For vdevs diagnosed as faulty, the agent is also responsible for proactively
32  * marking the vdev FAULTY (for I/O errors) or DEGRADED (for checksum errors).
33  */
34 
35 #include <fm/fmd_api.h>
36 #include <sys/fs/zfs.h>
37 #include <sys/fm/protocol.h>
38 #include <sys/fm/fs/zfs.h>
39 #include <libzfs.h>
40 #include <fm/libtopo.h>
41 #include <string.h>
42 
43 typedef struct zfs_retire_repaired {
44 	struct zfs_retire_repaired	*zrr_next;
45 	uint64_t			zrr_pool;
46 	uint64_t			zrr_vdev;
47 } zfs_retire_repaired_t;
48 
49 typedef struct zfs_retire_data {
50 	libzfs_handle_t			*zrd_hdl;
51 	zfs_retire_repaired_t		*zrd_repaired;
52 } zfs_retire_data_t;
53 
54 static void
55 zfs_retire_clear_data(fmd_hdl_t *hdl, zfs_retire_data_t *zdp)
56 {
57 	zfs_retire_repaired_t *zrp;
58 
59 	while ((zrp = zdp->zrd_repaired) != NULL) {
60 		zdp->zrd_repaired = zrp->zrr_next;
61 		fmd_hdl_free(hdl, zrp, sizeof (zfs_retire_repaired_t));
62 	}
63 }
64 
65 /*
66  * Find a pool with a matching GUID.
67  */
68 typedef struct find_cbdata {
69 	uint64_t	cb_guid;
70 	const char	*cb_fru;
71 	zpool_handle_t	*cb_zhp;
72 	nvlist_t	*cb_vdev;
73 } find_cbdata_t;
74 
75 static int
76 find_pool(zpool_handle_t *zhp, void *data)
77 {
78 	find_cbdata_t *cbp = data;
79 
80 	if (cbp->cb_guid ==
81 	    zpool_get_prop_int(zhp, ZPOOL_PROP_GUID, NULL)) {
82 		cbp->cb_zhp = zhp;
83 		return (1);
84 	}
85 
86 	zpool_close(zhp);
87 	return (0);
88 }
89 
90 /*
91  * Find a vdev within a tree with a matching GUID.
92  */
93 static nvlist_t *
94 find_vdev(libzfs_handle_t *zhdl, nvlist_t *nv, const char *search_fru,
95     uint64_t search_guid)
96 {
97 	uint64_t guid;
98 	nvlist_t **child;
99 	uint_t c, children;
100 	nvlist_t *ret;
101 	char *fru;
102 
103 	if (search_fru != NULL) {
104 		if (nvlist_lookup_string(nv, ZPOOL_CONFIG_FRU, &fru) == 0 &&
105 		    libzfs_fru_compare(zhdl, fru, search_fru))
106 			return (nv);
107 	} else {
108 		if (nvlist_lookup_uint64(nv, ZPOOL_CONFIG_GUID, &guid) == 0 &&
109 		    guid == search_guid)
110 			return (nv);
111 	}
112 
113 	if (nvlist_lookup_nvlist_array(nv, ZPOOL_CONFIG_CHILDREN,
114 	    &child, &children) != 0)
115 		return (NULL);
116 
117 	for (c = 0; c < children; c++) {
118 		if ((ret = find_vdev(zhdl, child[c], search_fru,
119 		    search_guid)) != NULL)
120 			return (ret);
121 	}
122 
123 	if (nvlist_lookup_nvlist_array(nv, ZPOOL_CONFIG_L2CACHE,
124 	    &child, &children) != 0)
125 		return (NULL);
126 
127 	for (c = 0; c < children; c++) {
128 		if ((ret = find_vdev(zhdl, child[c], search_fru,
129 		    search_guid)) != NULL)
130 			return (ret);
131 	}
132 
133 	return (NULL);
134 }
135 
136 /*
137  * Given a (pool, vdev) GUID pair, find the matching pool and vdev.
138  */
139 static zpool_handle_t *
140 find_by_guid(libzfs_handle_t *zhdl, uint64_t pool_guid, uint64_t vdev_guid,
141     nvlist_t **vdevp)
142 {
143 	find_cbdata_t cb;
144 	zpool_handle_t *zhp;
145 	nvlist_t *config, *nvroot;
146 
147 	/*
148 	 * Find the corresponding pool and make sure the vdev still exists.
149 	 */
150 	cb.cb_guid = pool_guid;
151 	if (zpool_iter(zhdl, find_pool, &cb) != 1)
152 		return (NULL);
153 
154 	zhp = cb.cb_zhp;
155 	config = zpool_get_config(zhp, NULL);
156 	if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE,
157 	    &nvroot) != 0) {
158 		zpool_close(zhp);
159 		return (NULL);
160 	}
161 
162 	if (vdev_guid != 0) {
163 		if ((*vdevp = find_vdev(zhdl, nvroot, NULL,
164 		    vdev_guid)) == NULL) {
165 			zpool_close(zhp);
166 			return (NULL);
167 		}
168 	}
169 
170 	return (zhp);
171 }
172 
173 static int
174 search_pool(zpool_handle_t *zhp, void *data)
175 {
176 	find_cbdata_t *cbp = data;
177 	nvlist_t *config;
178 	nvlist_t *nvroot;
179 
180 	config = zpool_get_config(zhp, NULL);
181 	if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE,
182 	    &nvroot) != 0) {
183 		zpool_close(zhp);
184 		return (0);
185 	}
186 
187 	if ((cbp->cb_vdev = find_vdev(zpool_get_handle(zhp), nvroot,
188 	    cbp->cb_fru, 0)) != NULL) {
189 		cbp->cb_zhp = zhp;
190 		return (1);
191 	}
192 
193 	zpool_close(zhp);
194 	return (0);
195 }
196 
197 /*
198  * Given a FRU FMRI, find the matching pool and vdev.
199  */
200 static zpool_handle_t *
201 find_by_fru(libzfs_handle_t *zhdl, const char *fru, nvlist_t **vdevp)
202 {
203 	find_cbdata_t cb;
204 
205 	cb.cb_fru = fru;
206 	cb.cb_zhp = NULL;
207 	if (zpool_iter(zhdl, search_pool, &cb) != 1)
208 		return (NULL);
209 
210 	*vdevp = cb.cb_vdev;
211 	return (cb.cb_zhp);
212 }
213 
214 /*
215  * Given a vdev, attempt to replace it with every known spare until one
216  * succeeds.
217  */
218 static void
219 replace_with_spare(fmd_hdl_t *hdl, zpool_handle_t *zhp, nvlist_t *vdev)
220 {
221 	nvlist_t *config, *nvroot, *replacement;
222 	nvlist_t **spares;
223 	uint_t s, nspares;
224 	char *dev_name;
225 
226 	config = zpool_get_config(zhp, NULL);
227 	if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE,
228 	    &nvroot) != 0)
229 		return;
230 
231 	/*
232 	 * Find out if there are any hot spares available in the pool.
233 	 */
234 	if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_SPARES,
235 	    &spares, &nspares) != 0)
236 		return;
237 
238 	replacement = fmd_nvl_alloc(hdl, FMD_SLEEP);
239 
240 	(void) nvlist_add_string(replacement, ZPOOL_CONFIG_TYPE,
241 	    VDEV_TYPE_ROOT);
242 
243 	dev_name = zpool_vdev_name(NULL, zhp, vdev, B_FALSE);
244 
245 	/*
246 	 * Try to replace each spare, ending when we successfully
247 	 * replace it.
248 	 */
249 	for (s = 0; s < nspares; s++) {
250 		char *spare_name;
251 
252 		if (nvlist_lookup_string(spares[s], ZPOOL_CONFIG_PATH,
253 		    &spare_name) != 0)
254 			continue;
255 
256 		(void) nvlist_add_nvlist_array(replacement,
257 		    ZPOOL_CONFIG_CHILDREN, &spares[s], 1);
258 
259 		if (zpool_vdev_attach(zhp, dev_name, spare_name,
260 		    replacement, B_TRUE) == 0)
261 			break;
262 	}
263 
264 	free(dev_name);
265 	nvlist_free(replacement);
266 }
267 
268 /*
269  * Repair this vdev if we had diagnosed a 'fault.fs.zfs.device' and
270  * ASRU is now usable.  ZFS has found the device to be present and
271  * functioning.
272  */
273 /*ARGSUSED*/
274 void
275 zfs_vdev_repair(fmd_hdl_t *hdl, nvlist_t *nvl)
276 {
277 	zfs_retire_data_t *zdp = fmd_hdl_getspecific(hdl);
278 	zfs_retire_repaired_t *zrp;
279 	uint64_t pool_guid, vdev_guid;
280 	nvlist_t *asru;
281 
282 	if (nvlist_lookup_uint64(nvl, FM_EREPORT_PAYLOAD_ZFS_POOL_GUID,
283 	    &pool_guid) != 0 || nvlist_lookup_uint64(nvl,
284 	    FM_EREPORT_PAYLOAD_ZFS_VDEV_GUID, &vdev_guid) != 0)
285 		return;
286 
287 	/*
288 	 * Before checking the state of the ASRU, go through and see if we've
289 	 * already made an attempt to repair this ASRU.  This list is cleared
290 	 * whenever we receive any kind of list event, and is designed to
291 	 * prevent us from generating a feedback loop when we attempt repairs
292 	 * against a faulted pool.  The problem is that checking the unusable
293 	 * state of the ASRU can involve opening the pool, which can post
294 	 * statechange events but otherwise leave the pool in the faulted
295 	 * state.  This list allows us to detect when a statechange event is
296 	 * due to our own request.
297 	 */
298 	for (zrp = zdp->zrd_repaired; zrp != NULL; zrp = zrp->zrr_next) {
299 		if (zrp->zrr_pool == pool_guid &&
300 		    zrp->zrr_vdev == vdev_guid)
301 			return;
302 	}
303 
304 	asru = fmd_nvl_alloc(hdl, FMD_SLEEP);
305 
306 	(void) nvlist_add_uint8(asru, FM_VERSION, ZFS_SCHEME_VERSION0);
307 	(void) nvlist_add_string(asru, FM_FMRI_SCHEME, FM_FMRI_SCHEME_ZFS);
308 	(void) nvlist_add_uint64(asru, FM_FMRI_ZFS_POOL, pool_guid);
309 	(void) nvlist_add_uint64(asru, FM_FMRI_ZFS_VDEV, vdev_guid);
310 
311 	/*
312 	 * We explicitly check for the unusable state here to make sure we
313 	 * aren't responding to a transient state change.  As part of opening a
314 	 * vdev, it's possible to see the 'statechange' event, only to be
315 	 * followed by a vdev failure later.  If we don't check the current
316 	 * state of the vdev (or pool) before marking it repaired, then we risk
317 	 * generating spurious repair events followed immediately by the same
318 	 * diagnosis.
319 	 *
320 	 * This assumes that the ZFS scheme code associated unusable (i.e.
321 	 * isolated) with its own definition of faulty state.  In the case of a
322 	 * DEGRADED leaf vdev (due to checksum errors), this is not the case.
323 	 * This works, however, because the transient state change is not
324 	 * posted in this case.  This could be made more explicit by not
325 	 * relying on the scheme's unusable callback and instead directly
326 	 * checking the vdev state, where we could correctly account for
327 	 * DEGRADED state.
328 	 */
329 	if (!fmd_nvl_fmri_unusable(hdl, asru) && fmd_nvl_fmri_has_fault(hdl,
330 	    asru, FMD_HAS_FAULT_ASRU, NULL)) {
331 		topo_hdl_t *thp;
332 		char *fmri = NULL;
333 		int err;
334 
335 		thp = fmd_hdl_topo_hold(hdl, TOPO_VERSION);
336 		if (topo_fmri_nvl2str(thp, asru, &fmri, &err) == 0)
337 			(void) fmd_repair_asru(hdl, fmri);
338 		fmd_hdl_topo_rele(hdl, thp);
339 
340 		topo_hdl_strfree(thp, fmri);
341 	}
342 	nvlist_free(asru);
343 	zrp = fmd_hdl_alloc(hdl, sizeof (zfs_retire_repaired_t), FMD_SLEEP);
344 	zrp->zrr_next = zdp->zrd_repaired;
345 	zrp->zrr_pool = pool_guid;
346 	zrp->zrr_vdev = vdev_guid;
347 	zdp->zrd_repaired = zrp;
348 }
349 
350 /*ARGSUSED*/
351 static void
352 zfs_retire_recv(fmd_hdl_t *hdl, fmd_event_t *ep, nvlist_t *nvl,
353     const char *class)
354 {
355 	uint64_t pool_guid, vdev_guid;
356 	zpool_handle_t *zhp;
357 	nvlist_t *resource, *fault, *fru;
358 	nvlist_t **faults;
359 	uint_t f, nfaults;
360 	zfs_retire_data_t *zdp = fmd_hdl_getspecific(hdl);
361 	libzfs_handle_t *zhdl = zdp->zrd_hdl;
362 	boolean_t fault_device, degrade_device;
363 	boolean_t is_repair;
364 	char *scheme, *fmri;
365 	nvlist_t *vdev;
366 	char *uuid;
367 	int repair_done = 0;
368 	boolean_t retire;
369 	boolean_t is_disk;
370 	vdev_aux_t aux;
371 	topo_hdl_t *thp;
372 	int err;
373 
374 	/*
375 	 * If this is a resource notifying us of device removal, then simply
376 	 * check for an available spare and continue.
377 	 */
378 	if (strcmp(class, "resource.fs.zfs.removed") == 0) {
379 		if (nvlist_lookup_uint64(nvl, FM_EREPORT_PAYLOAD_ZFS_POOL_GUID,
380 		    &pool_guid) != 0 ||
381 		    nvlist_lookup_uint64(nvl, FM_EREPORT_PAYLOAD_ZFS_VDEV_GUID,
382 		    &vdev_guid) != 0)
383 			return;
384 
385 		if ((zhp = find_by_guid(zhdl, pool_guid, vdev_guid,
386 		    &vdev)) == NULL)
387 			return;
388 
389 		if (fmd_prop_get_int32(hdl, "spare_on_remove"))
390 			replace_with_spare(hdl, zhp, vdev);
391 		zpool_close(zhp);
392 		return;
393 	}
394 
395 	if (strcmp(class, FM_LIST_RESOLVED_CLASS) == 0)
396 		return;
397 
398 	if (strcmp(class, "resource.fs.zfs.statechange") == 0 ||
399 	    strcmp(class,
400 	    "resource.sysevent.EC_zfs.ESC_ZFS_vdev_remove") == 0) {
401 		zfs_vdev_repair(hdl, nvl);
402 		return;
403 	}
404 
405 	zfs_retire_clear_data(hdl, zdp);
406 
407 	if (strcmp(class, FM_LIST_REPAIRED_CLASS) == 0)
408 		is_repair = B_TRUE;
409 	else
410 		is_repair = B_FALSE;
411 
412 	/*
413 	 * We subscribe to zfs faults as well as all repair events.
414 	 */
415 	if (nvlist_lookup_nvlist_array(nvl, FM_SUSPECT_FAULT_LIST,
416 	    &faults, &nfaults) != 0)
417 		return;
418 
419 	for (f = 0; f < nfaults; f++) {
420 		fault = faults[f];
421 
422 		fault_device = B_FALSE;
423 		degrade_device = B_FALSE;
424 		is_disk = B_FALSE;
425 
426 		if (nvlist_lookup_boolean_value(fault, FM_SUSPECT_RETIRE,
427 		    &retire) == 0 && retire == 0)
428 			continue;
429 
430 		/*
431 		 * While we subscribe to fault.fs.zfs.*, we only take action
432 		 * for faults targeting a specific vdev (open failure or SERD
433 		 * failure).  We also subscribe to fault.io.* events, so that
434 		 * faulty disks will be faulted in the ZFS configuration.
435 		 */
436 		if (fmd_nvl_class_match(hdl, fault, "fault.fs.zfs.vdev.io")) {
437 			fault_device = B_TRUE;
438 		} else if (fmd_nvl_class_match(hdl, fault,
439 		    "fault.fs.zfs.vdev.checksum")) {
440 			degrade_device = B_TRUE;
441 		} else if (fmd_nvl_class_match(hdl, fault,
442 		    "fault.fs.zfs.device")) {
443 			fault_device = B_FALSE;
444 		} else if (fmd_nvl_class_match(hdl, fault, "fault.io.*")) {
445 			is_disk = B_TRUE;
446 			fault_device = B_TRUE;
447 		} else {
448 			continue;
449 		}
450 
451 		if (is_disk) {
452 			/*
453 			 * This is a disk fault.  Lookup the FRU, convert it to
454 			 * an FMRI string, and attempt to find a matching vdev.
455 			 */
456 			if (nvlist_lookup_nvlist(fault, FM_FAULT_FRU,
457 			    &fru) != 0 ||
458 			    nvlist_lookup_string(fru, FM_FMRI_SCHEME,
459 			    &scheme) != 0)
460 				continue;
461 
462 			if (strcmp(scheme, FM_FMRI_SCHEME_HC) != 0)
463 				continue;
464 
465 			thp = fmd_hdl_topo_hold(hdl, TOPO_VERSION);
466 			if (topo_fmri_nvl2str(thp, fru, &fmri, &err) != 0) {
467 				fmd_hdl_topo_rele(hdl, thp);
468 				continue;
469 			}
470 
471 			zhp = find_by_fru(zhdl, fmri, &vdev);
472 			topo_hdl_strfree(thp, fmri);
473 			fmd_hdl_topo_rele(hdl, thp);
474 
475 			if (zhp == NULL)
476 				continue;
477 
478 			(void) nvlist_lookup_uint64(vdev,
479 			    ZPOOL_CONFIG_GUID, &vdev_guid);
480 			aux = VDEV_AUX_EXTERNAL;
481 		} else {
482 			/*
483 			 * This is a ZFS fault.  Lookup the resource, and
484 			 * attempt to find the matching vdev.
485 			 */
486 			if (nvlist_lookup_nvlist(fault, FM_FAULT_RESOURCE,
487 			    &resource) != 0 ||
488 			    nvlist_lookup_string(resource, FM_FMRI_SCHEME,
489 			    &scheme) != 0)
490 				continue;
491 
492 			if (strcmp(scheme, FM_FMRI_SCHEME_ZFS) != 0)
493 				continue;
494 
495 			if (nvlist_lookup_uint64(resource, FM_FMRI_ZFS_POOL,
496 			    &pool_guid) != 0)
497 				continue;
498 
499 			if (nvlist_lookup_uint64(resource, FM_FMRI_ZFS_VDEV,
500 			    &vdev_guid) != 0) {
501 				if (is_repair)
502 					vdev_guid = 0;
503 				else
504 					continue;
505 			}
506 
507 			if ((zhp = find_by_guid(zhdl, pool_guid, vdev_guid,
508 			    &vdev)) == NULL)
509 				continue;
510 
511 			aux = VDEV_AUX_ERR_EXCEEDED;
512 		}
513 
514 		if (vdev_guid == 0) {
515 			/*
516 			 * For pool-level repair events, clear the entire pool.
517 			 */
518 			(void) zpool_clear(zhp, NULL, NULL);
519 			zpool_close(zhp);
520 			continue;
521 		}
522 
523 		/*
524 		 * If this is a repair event, then mark the vdev as repaired and
525 		 * continue.
526 		 */
527 		if (is_repair) {
528 			repair_done = 1;
529 			(void) zpool_vdev_clear(zhp, vdev_guid);
530 			zpool_close(zhp);
531 			continue;
532 		}
533 
534 		/*
535 		 * Actively fault the device if needed.
536 		 */
537 		if (fault_device)
538 			(void) zpool_vdev_fault(zhp, vdev_guid, aux);
539 		if (degrade_device)
540 			(void) zpool_vdev_degrade(zhp, vdev_guid, aux);
541 
542 		/*
543 		 * Attempt to substitute a hot spare.
544 		 */
545 		replace_with_spare(hdl, zhp, vdev);
546 		zpool_close(zhp);
547 	}
548 
549 	if (strcmp(class, FM_LIST_REPAIRED_CLASS) == 0 && repair_done &&
550 	    nvlist_lookup_string(nvl, FM_SUSPECT_UUID, &uuid) == 0)
551 		fmd_case_uuresolved(hdl, uuid);
552 }
553 
554 static const fmd_hdl_ops_t fmd_ops = {
555 	zfs_retire_recv,	/* fmdo_recv */
556 	NULL,			/* fmdo_timeout */
557 	NULL,			/* fmdo_close */
558 	NULL,			/* fmdo_stats */
559 	NULL,			/* fmdo_gc */
560 };
561 
562 static const fmd_prop_t fmd_props[] = {
563 	{ "spare_on_remove", FMD_TYPE_BOOL, "true" },
564 	{ NULL, 0, NULL }
565 };
566 
567 static const fmd_hdl_info_t fmd_info = {
568 	"ZFS Retire Agent", "1.0", &fmd_ops, fmd_props
569 };
570 
571 void
572 _fmd_init(fmd_hdl_t *hdl)
573 {
574 	zfs_retire_data_t *zdp;
575 	libzfs_handle_t *zhdl;
576 
577 	if ((zhdl = libzfs_init()) == NULL)
578 		return;
579 
580 	if (fmd_hdl_register(hdl, FMD_API_VERSION, &fmd_info) != 0) {
581 		libzfs_fini(zhdl);
582 		return;
583 	}
584 
585 	zdp = fmd_hdl_zalloc(hdl, sizeof (zfs_retire_data_t), FMD_SLEEP);
586 	zdp->zrd_hdl = zhdl;
587 
588 	fmd_hdl_setspecific(hdl, zdp);
589 }
590 
591 void
592 _fmd_fini(fmd_hdl_t *hdl)
593 {
594 	zfs_retire_data_t *zdp = fmd_hdl_getspecific(hdl);
595 
596 	if (zdp != NULL) {
597 		zfs_retire_clear_data(hdl, zdp);
598 		libzfs_fini(zdp->zrd_hdl);
599 		fmd_hdl_free(hdl, zdp, sizeof (zfs_retire_data_t));
600 	}
601 }
602