xref: /titanic_50/usr/src/uts/common/fs/zfs/vdev_raidz.c (revision d387ac4c164917d885cd84bd1b62647d989033ac)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright (c) 2012 by Delphix. All rights reserved.
25  */
26 
27 #include <sys/zfs_context.h>
28 #include <sys/spa.h>
29 #include <sys/vdev_impl.h>
30 #include <sys/zio.h>
31 #include <sys/zio_checksum.h>
32 #include <sys/fs/zfs.h>
33 #include <sys/fm/fs/zfs.h>
34 
35 /*
36  * Virtual device vector for RAID-Z.
37  *
38  * This vdev supports single, double, and triple parity. For single parity,
39  * we use a simple XOR of all the data columns. For double or triple parity,
40  * we use a special case of Reed-Solomon coding. This extends the
41  * technique described in "The mathematics of RAID-6" by H. Peter Anvin by
42  * drawing on the system described in "A Tutorial on Reed-Solomon Coding for
43  * Fault-Tolerance in RAID-like Systems" by James S. Plank on which the
44  * former is also based. The latter is designed to provide higher performance
45  * for writes.
46  *
47  * Note that the Plank paper claimed to support arbitrary N+M, but was then
48  * amended six years later identifying a critical flaw that invalidates its
49  * claims. Nevertheless, the technique can be adapted to work for up to
50  * triple parity. For additional parity, the amendment "Note: Correction to
51  * the 1997 Tutorial on Reed-Solomon Coding" by James S. Plank and Ying Ding
52  * is viable, but the additional complexity means that write performance will
53  * suffer.
54  *
55  * All of the methods above operate on a Galois field, defined over the
56  * integers mod 2^N. In our case we choose N=8 for GF(8) so that all elements
57  * can be expressed with a single byte. Briefly, the operations on the
58  * field are defined as follows:
59  *
60  *   o addition (+) is represented by a bitwise XOR
61  *   o subtraction (-) is therefore identical to addition: A + B = A - B
62  *   o multiplication of A by 2 is defined by the following bitwise expression:
63  *	(A * 2)_7 = A_6
64  *	(A * 2)_6 = A_5
65  *	(A * 2)_5 = A_4
66  *	(A * 2)_4 = A_3 + A_7
67  *	(A * 2)_3 = A_2 + A_7
68  *	(A * 2)_2 = A_1 + A_7
69  *	(A * 2)_1 = A_0
70  *	(A * 2)_0 = A_7
71  *
72  * In C, multiplying by 2 is therefore ((a << 1) ^ ((a & 0x80) ? 0x1d : 0)).
73  * As an aside, this multiplication is derived from the error correcting
74  * primitive polynomial x^8 + x^4 + x^3 + x^2 + 1.
75  *
76  * Observe that any number in the field (except for 0) can be expressed as a
77  * power of 2 -- a generator for the field. We store a table of the powers of
78  * 2 and logs base 2 for quick look ups, and exploit the fact that A * B can
79  * be rewritten as 2^(log_2(A) + log_2(B)) (where '+' is normal addition rather
80  * than field addition). The inverse of a field element A (A^-1) is therefore
81  * A ^ (255 - 1) = A^254.
82  *
83  * The up-to-three parity columns, P, Q, R over several data columns,
84  * D_0, ... D_n-1, can be expressed by field operations:
85  *
86  *	P = D_0 + D_1 + ... + D_n-2 + D_n-1
87  *	Q = 2^n-1 * D_0 + 2^n-2 * D_1 + ... + 2^1 * D_n-2 + 2^0 * D_n-1
88  *	  = ((...((D_0) * 2 + D_1) * 2 + ...) * 2 + D_n-2) * 2 + D_n-1
89  *	R = 4^n-1 * D_0 + 4^n-2 * D_1 + ... + 4^1 * D_n-2 + 4^0 * D_n-1
90  *	  = ((...((D_0) * 4 + D_1) * 4 + ...) * 4 + D_n-2) * 4 + D_n-1
91  *
92  * We chose 1, 2, and 4 as our generators because 1 corresponds to the trival
93  * XOR operation, and 2 and 4 can be computed quickly and generate linearly-
94  * independent coefficients. (There are no additional coefficients that have
95  * this property which is why the uncorrected Plank method breaks down.)
96  *
97  * See the reconstruction code below for how P, Q and R can used individually
98  * or in concert to recover missing data columns.
99  */
100 
101 typedef struct raidz_col {
102 	uint64_t rc_devidx;		/* child device index for I/O */
103 	uint64_t rc_offset;		/* device offset */
104 	uint64_t rc_size;		/* I/O size */
105 	void *rc_data;			/* I/O data */
106 	void *rc_gdata;			/* used to store the "good" version */
107 	int rc_error;			/* I/O error for this device */
108 	uint8_t rc_tried;		/* Did we attempt this I/O column? */
109 	uint8_t rc_skipped;		/* Did we skip this I/O column? */
110 } raidz_col_t;
111 
112 typedef struct raidz_map {
113 	uint64_t rm_cols;		/* Regular column count */
114 	uint64_t rm_scols;		/* Count including skipped columns */
115 	uint64_t rm_bigcols;		/* Number of oversized columns */
116 	uint64_t rm_asize;		/* Actual total I/O size */
117 	uint64_t rm_missingdata;	/* Count of missing data devices */
118 	uint64_t rm_missingparity;	/* Count of missing parity devices */
119 	uint64_t rm_firstdatacol;	/* First data column/parity count */
120 	uint64_t rm_nskip;		/* Skipped sectors for padding */
121 	uint64_t rm_skipstart;	/* Column index of padding start */
122 	void *rm_datacopy;		/* rm_asize-buffer of copied data */
123 	uintptr_t rm_reports;		/* # of referencing checksum reports */
124 	uint8_t	rm_freed;		/* map no longer has referencing ZIO */
125 	uint8_t	rm_ecksuminjected;	/* checksum error was injected */
126 	raidz_col_t rm_col[1];		/* Flexible array of I/O columns */
127 } raidz_map_t;
128 
129 #define	VDEV_RAIDZ_P		0
130 #define	VDEV_RAIDZ_Q		1
131 #define	VDEV_RAIDZ_R		2
132 
133 #define	VDEV_RAIDZ_MUL_2(x)	(((x) << 1) ^ (((x) & 0x80) ? 0x1d : 0))
134 #define	VDEV_RAIDZ_MUL_4(x)	(VDEV_RAIDZ_MUL_2(VDEV_RAIDZ_MUL_2(x)))
135 
136 /*
137  * We provide a mechanism to perform the field multiplication operation on a
138  * 64-bit value all at once rather than a byte at a time. This works by
139  * creating a mask from the top bit in each byte and using that to
140  * conditionally apply the XOR of 0x1d.
141  */
142 #define	VDEV_RAIDZ_64MUL_2(x, mask) \
143 { \
144 	(mask) = (x) & 0x8080808080808080ULL; \
145 	(mask) = ((mask) << 1) - ((mask) >> 7); \
146 	(x) = (((x) << 1) & 0xfefefefefefefefeULL) ^ \
147 	    ((mask) & 0x1d1d1d1d1d1d1d1d); \
148 }
149 
150 #define	VDEV_RAIDZ_64MUL_4(x, mask) \
151 { \
152 	VDEV_RAIDZ_64MUL_2((x), mask); \
153 	VDEV_RAIDZ_64MUL_2((x), mask); \
154 }
155 
156 /*
157  * Force reconstruction to use the general purpose method.
158  */
159 int vdev_raidz_default_to_general;
160 
161 /*
162  * These two tables represent powers and logs of 2 in the Galois field defined
163  * above. These values were computed by repeatedly multiplying by 2 as above.
164  */
165 static const uint8_t vdev_raidz_pow2[256] = {
166 	0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
167 	0x1d, 0x3a, 0x74, 0xe8, 0xcd, 0x87, 0x13, 0x26,
168 	0x4c, 0x98, 0x2d, 0x5a, 0xb4, 0x75, 0xea, 0xc9,
169 	0x8f, 0x03, 0x06, 0x0c, 0x18, 0x30, 0x60, 0xc0,
170 	0x9d, 0x27, 0x4e, 0x9c, 0x25, 0x4a, 0x94, 0x35,
171 	0x6a, 0xd4, 0xb5, 0x77, 0xee, 0xc1, 0x9f, 0x23,
172 	0x46, 0x8c, 0x05, 0x0a, 0x14, 0x28, 0x50, 0xa0,
173 	0x5d, 0xba, 0x69, 0xd2, 0xb9, 0x6f, 0xde, 0xa1,
174 	0x5f, 0xbe, 0x61, 0xc2, 0x99, 0x2f, 0x5e, 0xbc,
175 	0x65, 0xca, 0x89, 0x0f, 0x1e, 0x3c, 0x78, 0xf0,
176 	0xfd, 0xe7, 0xd3, 0xbb, 0x6b, 0xd6, 0xb1, 0x7f,
177 	0xfe, 0xe1, 0xdf, 0xa3, 0x5b, 0xb6, 0x71, 0xe2,
178 	0xd9, 0xaf, 0x43, 0x86, 0x11, 0x22, 0x44, 0x88,
179 	0x0d, 0x1a, 0x34, 0x68, 0xd0, 0xbd, 0x67, 0xce,
180 	0x81, 0x1f, 0x3e, 0x7c, 0xf8, 0xed, 0xc7, 0x93,
181 	0x3b, 0x76, 0xec, 0xc5, 0x97, 0x33, 0x66, 0xcc,
182 	0x85, 0x17, 0x2e, 0x5c, 0xb8, 0x6d, 0xda, 0xa9,
183 	0x4f, 0x9e, 0x21, 0x42, 0x84, 0x15, 0x2a, 0x54,
184 	0xa8, 0x4d, 0x9a, 0x29, 0x52, 0xa4, 0x55, 0xaa,
185 	0x49, 0x92, 0x39, 0x72, 0xe4, 0xd5, 0xb7, 0x73,
186 	0xe6, 0xd1, 0xbf, 0x63, 0xc6, 0x91, 0x3f, 0x7e,
187 	0xfc, 0xe5, 0xd7, 0xb3, 0x7b, 0xf6, 0xf1, 0xff,
188 	0xe3, 0xdb, 0xab, 0x4b, 0x96, 0x31, 0x62, 0xc4,
189 	0x95, 0x37, 0x6e, 0xdc, 0xa5, 0x57, 0xae, 0x41,
190 	0x82, 0x19, 0x32, 0x64, 0xc8, 0x8d, 0x07, 0x0e,
191 	0x1c, 0x38, 0x70, 0xe0, 0xdd, 0xa7, 0x53, 0xa6,
192 	0x51, 0xa2, 0x59, 0xb2, 0x79, 0xf2, 0xf9, 0xef,
193 	0xc3, 0x9b, 0x2b, 0x56, 0xac, 0x45, 0x8a, 0x09,
194 	0x12, 0x24, 0x48, 0x90, 0x3d, 0x7a, 0xf4, 0xf5,
195 	0xf7, 0xf3, 0xfb, 0xeb, 0xcb, 0x8b, 0x0b, 0x16,
196 	0x2c, 0x58, 0xb0, 0x7d, 0xfa, 0xe9, 0xcf, 0x83,
197 	0x1b, 0x36, 0x6c, 0xd8, 0xad, 0x47, 0x8e, 0x01
198 };
199 static const uint8_t vdev_raidz_log2[256] = {
200 	0x00, 0x00, 0x01, 0x19, 0x02, 0x32, 0x1a, 0xc6,
201 	0x03, 0xdf, 0x33, 0xee, 0x1b, 0x68, 0xc7, 0x4b,
202 	0x04, 0x64, 0xe0, 0x0e, 0x34, 0x8d, 0xef, 0x81,
203 	0x1c, 0xc1, 0x69, 0xf8, 0xc8, 0x08, 0x4c, 0x71,
204 	0x05, 0x8a, 0x65, 0x2f, 0xe1, 0x24, 0x0f, 0x21,
205 	0x35, 0x93, 0x8e, 0xda, 0xf0, 0x12, 0x82, 0x45,
206 	0x1d, 0xb5, 0xc2, 0x7d, 0x6a, 0x27, 0xf9, 0xb9,
207 	0xc9, 0x9a, 0x09, 0x78, 0x4d, 0xe4, 0x72, 0xa6,
208 	0x06, 0xbf, 0x8b, 0x62, 0x66, 0xdd, 0x30, 0xfd,
209 	0xe2, 0x98, 0x25, 0xb3, 0x10, 0x91, 0x22, 0x88,
210 	0x36, 0xd0, 0x94, 0xce, 0x8f, 0x96, 0xdb, 0xbd,
211 	0xf1, 0xd2, 0x13, 0x5c, 0x83, 0x38, 0x46, 0x40,
212 	0x1e, 0x42, 0xb6, 0xa3, 0xc3, 0x48, 0x7e, 0x6e,
213 	0x6b, 0x3a, 0x28, 0x54, 0xfa, 0x85, 0xba, 0x3d,
214 	0xca, 0x5e, 0x9b, 0x9f, 0x0a, 0x15, 0x79, 0x2b,
215 	0x4e, 0xd4, 0xe5, 0xac, 0x73, 0xf3, 0xa7, 0x57,
216 	0x07, 0x70, 0xc0, 0xf7, 0x8c, 0x80, 0x63, 0x0d,
217 	0x67, 0x4a, 0xde, 0xed, 0x31, 0xc5, 0xfe, 0x18,
218 	0xe3, 0xa5, 0x99, 0x77, 0x26, 0xb8, 0xb4, 0x7c,
219 	0x11, 0x44, 0x92, 0xd9, 0x23, 0x20, 0x89, 0x2e,
220 	0x37, 0x3f, 0xd1, 0x5b, 0x95, 0xbc, 0xcf, 0xcd,
221 	0x90, 0x87, 0x97, 0xb2, 0xdc, 0xfc, 0xbe, 0x61,
222 	0xf2, 0x56, 0xd3, 0xab, 0x14, 0x2a, 0x5d, 0x9e,
223 	0x84, 0x3c, 0x39, 0x53, 0x47, 0x6d, 0x41, 0xa2,
224 	0x1f, 0x2d, 0x43, 0xd8, 0xb7, 0x7b, 0xa4, 0x76,
225 	0xc4, 0x17, 0x49, 0xec, 0x7f, 0x0c, 0x6f, 0xf6,
226 	0x6c, 0xa1, 0x3b, 0x52, 0x29, 0x9d, 0x55, 0xaa,
227 	0xfb, 0x60, 0x86, 0xb1, 0xbb, 0xcc, 0x3e, 0x5a,
228 	0xcb, 0x59, 0x5f, 0xb0, 0x9c, 0xa9, 0xa0, 0x51,
229 	0x0b, 0xf5, 0x16, 0xeb, 0x7a, 0x75, 0x2c, 0xd7,
230 	0x4f, 0xae, 0xd5, 0xe9, 0xe6, 0xe7, 0xad, 0xe8,
231 	0x74, 0xd6, 0xf4, 0xea, 0xa8, 0x50, 0x58, 0xaf,
232 };
233 
234 static void vdev_raidz_generate_parity(raidz_map_t *rm);
235 
236 /*
237  * Multiply a given number by 2 raised to the given power.
238  */
239 static uint8_t
240 vdev_raidz_exp2(uint_t a, int exp)
241 {
242 	if (a == 0)
243 		return (0);
244 
245 	ASSERT(exp >= 0);
246 	ASSERT(vdev_raidz_log2[a] > 0 || a == 1);
247 
248 	exp += vdev_raidz_log2[a];
249 	if (exp > 255)
250 		exp -= 255;
251 
252 	return (vdev_raidz_pow2[exp]);
253 }
254 
255 static void
256 vdev_raidz_map_free(raidz_map_t *rm)
257 {
258 	int c;
259 	size_t size;
260 
261 	for (c = 0; c < rm->rm_firstdatacol; c++) {
262 		zio_buf_free(rm->rm_col[c].rc_data, rm->rm_col[c].rc_size);
263 
264 		if (rm->rm_col[c].rc_gdata != NULL)
265 			zio_buf_free(rm->rm_col[c].rc_gdata,
266 			    rm->rm_col[c].rc_size);
267 	}
268 
269 	size = 0;
270 	for (c = rm->rm_firstdatacol; c < rm->rm_cols; c++)
271 		size += rm->rm_col[c].rc_size;
272 
273 	if (rm->rm_datacopy != NULL)
274 		zio_buf_free(rm->rm_datacopy, size);
275 
276 	kmem_free(rm, offsetof(raidz_map_t, rm_col[rm->rm_scols]));
277 }
278 
279 static void
280 vdev_raidz_map_free_vsd(zio_t *zio)
281 {
282 	raidz_map_t *rm = zio->io_vsd;
283 
284 	ASSERT3U(rm->rm_freed, ==, 0);
285 	rm->rm_freed = 1;
286 
287 	if (rm->rm_reports == 0)
288 		vdev_raidz_map_free(rm);
289 }
290 
291 /*ARGSUSED*/
292 static void
293 vdev_raidz_cksum_free(void *arg, size_t ignored)
294 {
295 	raidz_map_t *rm = arg;
296 
297 	ASSERT3U(rm->rm_reports, >, 0);
298 
299 	if (--rm->rm_reports == 0 && rm->rm_freed != 0)
300 		vdev_raidz_map_free(rm);
301 }
302 
303 static void
304 vdev_raidz_cksum_finish(zio_cksum_report_t *zcr, const void *good_data)
305 {
306 	raidz_map_t *rm = zcr->zcr_cbdata;
307 	size_t c = zcr->zcr_cbinfo;
308 	size_t x;
309 
310 	const char *good = NULL;
311 	const char *bad = rm->rm_col[c].rc_data;
312 
313 	if (good_data == NULL) {
314 		zfs_ereport_finish_checksum(zcr, NULL, NULL, B_FALSE);
315 		return;
316 	}
317 
318 	if (c < rm->rm_firstdatacol) {
319 		/*
320 		 * The first time through, calculate the parity blocks for
321 		 * the good data (this relies on the fact that the good
322 		 * data never changes for a given logical ZIO)
323 		 */
324 		if (rm->rm_col[0].rc_gdata == NULL) {
325 			char *bad_parity[VDEV_RAIDZ_MAXPARITY];
326 			char *buf;
327 
328 			/*
329 			 * Set up the rm_col[]s to generate the parity for
330 			 * good_data, first saving the parity bufs and
331 			 * replacing them with buffers to hold the result.
332 			 */
333 			for (x = 0; x < rm->rm_firstdatacol; x++) {
334 				bad_parity[x] = rm->rm_col[x].rc_data;
335 				rm->rm_col[x].rc_data = rm->rm_col[x].rc_gdata =
336 				    zio_buf_alloc(rm->rm_col[x].rc_size);
337 			}
338 
339 			/* fill in the data columns from good_data */
340 			buf = (char *)good_data;
341 			for (; x < rm->rm_cols; x++) {
342 				rm->rm_col[x].rc_data = buf;
343 				buf += rm->rm_col[x].rc_size;
344 			}
345 
346 			/*
347 			 * Construct the parity from the good data.
348 			 */
349 			vdev_raidz_generate_parity(rm);
350 
351 			/* restore everything back to its original state */
352 			for (x = 0; x < rm->rm_firstdatacol; x++)
353 				rm->rm_col[x].rc_data = bad_parity[x];
354 
355 			buf = rm->rm_datacopy;
356 			for (x = rm->rm_firstdatacol; x < rm->rm_cols; x++) {
357 				rm->rm_col[x].rc_data = buf;
358 				buf += rm->rm_col[x].rc_size;
359 			}
360 		}
361 
362 		ASSERT3P(rm->rm_col[c].rc_gdata, !=, NULL);
363 		good = rm->rm_col[c].rc_gdata;
364 	} else {
365 		/* adjust good_data to point at the start of our column */
366 		good = good_data;
367 
368 		for (x = rm->rm_firstdatacol; x < c; x++)
369 			good += rm->rm_col[x].rc_size;
370 	}
371 
372 	/* we drop the ereport if it ends up that the data was good */
373 	zfs_ereport_finish_checksum(zcr, good, bad, B_TRUE);
374 }
375 
376 /*
377  * Invoked indirectly by zfs_ereport_start_checksum(), called
378  * below when our read operation fails completely.  The main point
379  * is to keep a copy of everything we read from disk, so that at
380  * vdev_raidz_cksum_finish() time we can compare it with the good data.
381  */
382 static void
383 vdev_raidz_cksum_report(zio_t *zio, zio_cksum_report_t *zcr, void *arg)
384 {
385 	size_t c = (size_t)(uintptr_t)arg;
386 	caddr_t buf;
387 
388 	raidz_map_t *rm = zio->io_vsd;
389 	size_t size;
390 
391 	/* set up the report and bump the refcount  */
392 	zcr->zcr_cbdata = rm;
393 	zcr->zcr_cbinfo = c;
394 	zcr->zcr_finish = vdev_raidz_cksum_finish;
395 	zcr->zcr_free = vdev_raidz_cksum_free;
396 
397 	rm->rm_reports++;
398 	ASSERT3U(rm->rm_reports, >, 0);
399 
400 	if (rm->rm_datacopy != NULL)
401 		return;
402 
403 	/*
404 	 * It's the first time we're called for this raidz_map_t, so we need
405 	 * to copy the data aside; there's no guarantee that our zio's buffer
406 	 * won't be re-used for something else.
407 	 *
408 	 * Our parity data is already in separate buffers, so there's no need
409 	 * to copy them.
410 	 */
411 
412 	size = 0;
413 	for (c = rm->rm_firstdatacol; c < rm->rm_cols; c++)
414 		size += rm->rm_col[c].rc_size;
415 
416 	buf = rm->rm_datacopy = zio_buf_alloc(size);
417 
418 	for (c = rm->rm_firstdatacol; c < rm->rm_cols; c++) {
419 		raidz_col_t *col = &rm->rm_col[c];
420 
421 		bcopy(col->rc_data, buf, col->rc_size);
422 		col->rc_data = buf;
423 
424 		buf += col->rc_size;
425 	}
426 	ASSERT3P(buf - (caddr_t)rm->rm_datacopy, ==, size);
427 }
428 
429 static const zio_vsd_ops_t vdev_raidz_vsd_ops = {
430 	vdev_raidz_map_free_vsd,
431 	vdev_raidz_cksum_report
432 };
433 
434 static raidz_map_t *
435 vdev_raidz_map_alloc(zio_t *zio, uint64_t unit_shift, uint64_t dcols,
436     uint64_t nparity)
437 {
438 	raidz_map_t *rm;
439 	uint64_t b = zio->io_offset >> unit_shift;
440 	uint64_t s = zio->io_size >> unit_shift;
441 	uint64_t f = b % dcols;
442 	uint64_t o = (b / dcols) << unit_shift;
443 	uint64_t q, r, c, bc, col, acols, scols, coff, devidx, asize, tot;
444 
445 	q = s / (dcols - nparity);
446 	r = s - q * (dcols - nparity);
447 	bc = (r == 0 ? 0 : r + nparity);
448 	tot = s + nparity * (q + (r == 0 ? 0 : 1));
449 
450 	if (q == 0) {
451 		acols = bc;
452 		scols = MIN(dcols, roundup(bc, nparity + 1));
453 	} else {
454 		acols = dcols;
455 		scols = dcols;
456 	}
457 
458 	ASSERT3U(acols, <=, scols);
459 
460 	rm = kmem_alloc(offsetof(raidz_map_t, rm_col[scols]), KM_SLEEP);
461 
462 	rm->rm_cols = acols;
463 	rm->rm_scols = scols;
464 	rm->rm_bigcols = bc;
465 	rm->rm_skipstart = bc;
466 	rm->rm_missingdata = 0;
467 	rm->rm_missingparity = 0;
468 	rm->rm_firstdatacol = nparity;
469 	rm->rm_datacopy = NULL;
470 	rm->rm_reports = 0;
471 	rm->rm_freed = 0;
472 	rm->rm_ecksuminjected = 0;
473 
474 	asize = 0;
475 
476 	for (c = 0; c < scols; c++) {
477 		col = f + c;
478 		coff = o;
479 		if (col >= dcols) {
480 			col -= dcols;
481 			coff += 1ULL << unit_shift;
482 		}
483 		rm->rm_col[c].rc_devidx = col;
484 		rm->rm_col[c].rc_offset = coff;
485 		rm->rm_col[c].rc_data = NULL;
486 		rm->rm_col[c].rc_gdata = NULL;
487 		rm->rm_col[c].rc_error = 0;
488 		rm->rm_col[c].rc_tried = 0;
489 		rm->rm_col[c].rc_skipped = 0;
490 
491 		if (c >= acols)
492 			rm->rm_col[c].rc_size = 0;
493 		else if (c < bc)
494 			rm->rm_col[c].rc_size = (q + 1) << unit_shift;
495 		else
496 			rm->rm_col[c].rc_size = q << unit_shift;
497 
498 		asize += rm->rm_col[c].rc_size;
499 	}
500 
501 	ASSERT3U(asize, ==, tot << unit_shift);
502 	rm->rm_asize = roundup(asize, (nparity + 1) << unit_shift);
503 	rm->rm_nskip = roundup(tot, nparity + 1) - tot;
504 	ASSERT3U(rm->rm_asize - asize, ==, rm->rm_nskip << unit_shift);
505 	ASSERT3U(rm->rm_nskip, <=, nparity);
506 
507 	for (c = 0; c < rm->rm_firstdatacol; c++)
508 		rm->rm_col[c].rc_data = zio_buf_alloc(rm->rm_col[c].rc_size);
509 
510 	rm->rm_col[c].rc_data = zio->io_data;
511 
512 	for (c = c + 1; c < acols; c++)
513 		rm->rm_col[c].rc_data = (char *)rm->rm_col[c - 1].rc_data +
514 		    rm->rm_col[c - 1].rc_size;
515 
516 	/*
517 	 * If all data stored spans all columns, there's a danger that parity
518 	 * will always be on the same device and, since parity isn't read
519 	 * during normal operation, that that device's I/O bandwidth won't be
520 	 * used effectively. We therefore switch the parity every 1MB.
521 	 *
522 	 * ... at least that was, ostensibly, the theory. As a practical
523 	 * matter unless we juggle the parity between all devices evenly, we
524 	 * won't see any benefit. Further, occasional writes that aren't a
525 	 * multiple of the LCM of the number of children and the minimum
526 	 * stripe width are sufficient to avoid pessimal behavior.
527 	 * Unfortunately, this decision created an implicit on-disk format
528 	 * requirement that we need to support for all eternity, but only
529 	 * for single-parity RAID-Z.
530 	 *
531 	 * If we intend to skip a sector in the zeroth column for padding
532 	 * we must make sure to note this swap. We will never intend to
533 	 * skip the first column since at least one data and one parity
534 	 * column must appear in each row.
535 	 */
536 	ASSERT(rm->rm_cols >= 2);
537 	ASSERT(rm->rm_col[0].rc_size == rm->rm_col[1].rc_size);
538 
539 	if (rm->rm_firstdatacol == 1 && (zio->io_offset & (1ULL << 20))) {
540 		devidx = rm->rm_col[0].rc_devidx;
541 		o = rm->rm_col[0].rc_offset;
542 		rm->rm_col[0].rc_devidx = rm->rm_col[1].rc_devidx;
543 		rm->rm_col[0].rc_offset = rm->rm_col[1].rc_offset;
544 		rm->rm_col[1].rc_devidx = devidx;
545 		rm->rm_col[1].rc_offset = o;
546 
547 		if (rm->rm_skipstart == 0)
548 			rm->rm_skipstart = 1;
549 	}
550 
551 	zio->io_vsd = rm;
552 	zio->io_vsd_ops = &vdev_raidz_vsd_ops;
553 	return (rm);
554 }
555 
556 static void
557 vdev_raidz_generate_parity_p(raidz_map_t *rm)
558 {
559 	uint64_t *p, *src, pcount, ccount, i;
560 	int c;
561 
562 	pcount = rm->rm_col[VDEV_RAIDZ_P].rc_size / sizeof (src[0]);
563 
564 	for (c = rm->rm_firstdatacol; c < rm->rm_cols; c++) {
565 		src = rm->rm_col[c].rc_data;
566 		p = rm->rm_col[VDEV_RAIDZ_P].rc_data;
567 		ccount = rm->rm_col[c].rc_size / sizeof (src[0]);
568 
569 		if (c == rm->rm_firstdatacol) {
570 			ASSERT(ccount == pcount);
571 			for (i = 0; i < ccount; i++, src++, p++) {
572 				*p = *src;
573 			}
574 		} else {
575 			ASSERT(ccount <= pcount);
576 			for (i = 0; i < ccount; i++, src++, p++) {
577 				*p ^= *src;
578 			}
579 		}
580 	}
581 }
582 
583 static void
584 vdev_raidz_generate_parity_pq(raidz_map_t *rm)
585 {
586 	uint64_t *p, *q, *src, pcnt, ccnt, mask, i;
587 	int c;
588 
589 	pcnt = rm->rm_col[VDEV_RAIDZ_P].rc_size / sizeof (src[0]);
590 	ASSERT(rm->rm_col[VDEV_RAIDZ_P].rc_size ==
591 	    rm->rm_col[VDEV_RAIDZ_Q].rc_size);
592 
593 	for (c = rm->rm_firstdatacol; c < rm->rm_cols; c++) {
594 		src = rm->rm_col[c].rc_data;
595 		p = rm->rm_col[VDEV_RAIDZ_P].rc_data;
596 		q = rm->rm_col[VDEV_RAIDZ_Q].rc_data;
597 
598 		ccnt = rm->rm_col[c].rc_size / sizeof (src[0]);
599 
600 		if (c == rm->rm_firstdatacol) {
601 			ASSERT(ccnt == pcnt || ccnt == 0);
602 			for (i = 0; i < ccnt; i++, src++, p++, q++) {
603 				*p = *src;
604 				*q = *src;
605 			}
606 			for (; i < pcnt; i++, src++, p++, q++) {
607 				*p = 0;
608 				*q = 0;
609 			}
610 		} else {
611 			ASSERT(ccnt <= pcnt);
612 
613 			/*
614 			 * Apply the algorithm described above by multiplying
615 			 * the previous result and adding in the new value.
616 			 */
617 			for (i = 0; i < ccnt; i++, src++, p++, q++) {
618 				*p ^= *src;
619 
620 				VDEV_RAIDZ_64MUL_2(*q, mask);
621 				*q ^= *src;
622 			}
623 
624 			/*
625 			 * Treat short columns as though they are full of 0s.
626 			 * Note that there's therefore nothing needed for P.
627 			 */
628 			for (; i < pcnt; i++, q++) {
629 				VDEV_RAIDZ_64MUL_2(*q, mask);
630 			}
631 		}
632 	}
633 }
634 
635 static void
636 vdev_raidz_generate_parity_pqr(raidz_map_t *rm)
637 {
638 	uint64_t *p, *q, *r, *src, pcnt, ccnt, mask, i;
639 	int c;
640 
641 	pcnt = rm->rm_col[VDEV_RAIDZ_P].rc_size / sizeof (src[0]);
642 	ASSERT(rm->rm_col[VDEV_RAIDZ_P].rc_size ==
643 	    rm->rm_col[VDEV_RAIDZ_Q].rc_size);
644 	ASSERT(rm->rm_col[VDEV_RAIDZ_P].rc_size ==
645 	    rm->rm_col[VDEV_RAIDZ_R].rc_size);
646 
647 	for (c = rm->rm_firstdatacol; c < rm->rm_cols; c++) {
648 		src = rm->rm_col[c].rc_data;
649 		p = rm->rm_col[VDEV_RAIDZ_P].rc_data;
650 		q = rm->rm_col[VDEV_RAIDZ_Q].rc_data;
651 		r = rm->rm_col[VDEV_RAIDZ_R].rc_data;
652 
653 		ccnt = rm->rm_col[c].rc_size / sizeof (src[0]);
654 
655 		if (c == rm->rm_firstdatacol) {
656 			ASSERT(ccnt == pcnt || ccnt == 0);
657 			for (i = 0; i < ccnt; i++, src++, p++, q++, r++) {
658 				*p = *src;
659 				*q = *src;
660 				*r = *src;
661 			}
662 			for (; i < pcnt; i++, src++, p++, q++, r++) {
663 				*p = 0;
664 				*q = 0;
665 				*r = 0;
666 			}
667 		} else {
668 			ASSERT(ccnt <= pcnt);
669 
670 			/*
671 			 * Apply the algorithm described above by multiplying
672 			 * the previous result and adding in the new value.
673 			 */
674 			for (i = 0; i < ccnt; i++, src++, p++, q++, r++) {
675 				*p ^= *src;
676 
677 				VDEV_RAIDZ_64MUL_2(*q, mask);
678 				*q ^= *src;
679 
680 				VDEV_RAIDZ_64MUL_4(*r, mask);
681 				*r ^= *src;
682 			}
683 
684 			/*
685 			 * Treat short columns as though they are full of 0s.
686 			 * Note that there's therefore nothing needed for P.
687 			 */
688 			for (; i < pcnt; i++, q++, r++) {
689 				VDEV_RAIDZ_64MUL_2(*q, mask);
690 				VDEV_RAIDZ_64MUL_4(*r, mask);
691 			}
692 		}
693 	}
694 }
695 
696 /*
697  * Generate RAID parity in the first virtual columns according to the number of
698  * parity columns available.
699  */
700 static void
701 vdev_raidz_generate_parity(raidz_map_t *rm)
702 {
703 	switch (rm->rm_firstdatacol) {
704 	case 1:
705 		vdev_raidz_generate_parity_p(rm);
706 		break;
707 	case 2:
708 		vdev_raidz_generate_parity_pq(rm);
709 		break;
710 	case 3:
711 		vdev_raidz_generate_parity_pqr(rm);
712 		break;
713 	default:
714 		cmn_err(CE_PANIC, "invalid RAID-Z configuration");
715 	}
716 }
717 
718 static int
719 vdev_raidz_reconstruct_p(raidz_map_t *rm, int *tgts, int ntgts)
720 {
721 	uint64_t *dst, *src, xcount, ccount, count, i;
722 	int x = tgts[0];
723 	int c;
724 
725 	ASSERT(ntgts == 1);
726 	ASSERT(x >= rm->rm_firstdatacol);
727 	ASSERT(x < rm->rm_cols);
728 
729 	xcount = rm->rm_col[x].rc_size / sizeof (src[0]);
730 	ASSERT(xcount <= rm->rm_col[VDEV_RAIDZ_P].rc_size / sizeof (src[0]));
731 	ASSERT(xcount > 0);
732 
733 	src = rm->rm_col[VDEV_RAIDZ_P].rc_data;
734 	dst = rm->rm_col[x].rc_data;
735 	for (i = 0; i < xcount; i++, dst++, src++) {
736 		*dst = *src;
737 	}
738 
739 	for (c = rm->rm_firstdatacol; c < rm->rm_cols; c++) {
740 		src = rm->rm_col[c].rc_data;
741 		dst = rm->rm_col[x].rc_data;
742 
743 		if (c == x)
744 			continue;
745 
746 		ccount = rm->rm_col[c].rc_size / sizeof (src[0]);
747 		count = MIN(ccount, xcount);
748 
749 		for (i = 0; i < count; i++, dst++, src++) {
750 			*dst ^= *src;
751 		}
752 	}
753 
754 	return (1 << VDEV_RAIDZ_P);
755 }
756 
757 static int
758 vdev_raidz_reconstruct_q(raidz_map_t *rm, int *tgts, int ntgts)
759 {
760 	uint64_t *dst, *src, xcount, ccount, count, mask, i;
761 	uint8_t *b;
762 	int x = tgts[0];
763 	int c, j, exp;
764 
765 	ASSERT(ntgts == 1);
766 
767 	xcount = rm->rm_col[x].rc_size / sizeof (src[0]);
768 	ASSERT(xcount <= rm->rm_col[VDEV_RAIDZ_Q].rc_size / sizeof (src[0]));
769 
770 	for (c = rm->rm_firstdatacol; c < rm->rm_cols; c++) {
771 		src = rm->rm_col[c].rc_data;
772 		dst = rm->rm_col[x].rc_data;
773 
774 		if (c == x)
775 			ccount = 0;
776 		else
777 			ccount = rm->rm_col[c].rc_size / sizeof (src[0]);
778 
779 		count = MIN(ccount, xcount);
780 
781 		if (c == rm->rm_firstdatacol) {
782 			for (i = 0; i < count; i++, dst++, src++) {
783 				*dst = *src;
784 			}
785 			for (; i < xcount; i++, dst++) {
786 				*dst = 0;
787 			}
788 
789 		} else {
790 			for (i = 0; i < count; i++, dst++, src++) {
791 				VDEV_RAIDZ_64MUL_2(*dst, mask);
792 				*dst ^= *src;
793 			}
794 
795 			for (; i < xcount; i++, dst++) {
796 				VDEV_RAIDZ_64MUL_2(*dst, mask);
797 			}
798 		}
799 	}
800 
801 	src = rm->rm_col[VDEV_RAIDZ_Q].rc_data;
802 	dst = rm->rm_col[x].rc_data;
803 	exp = 255 - (rm->rm_cols - 1 - x);
804 
805 	for (i = 0; i < xcount; i++, dst++, src++) {
806 		*dst ^= *src;
807 		for (j = 0, b = (uint8_t *)dst; j < 8; j++, b++) {
808 			*b = vdev_raidz_exp2(*b, exp);
809 		}
810 	}
811 
812 	return (1 << VDEV_RAIDZ_Q);
813 }
814 
815 static int
816 vdev_raidz_reconstruct_pq(raidz_map_t *rm, int *tgts, int ntgts)
817 {
818 	uint8_t *p, *q, *pxy, *qxy, *xd, *yd, tmp, a, b, aexp, bexp;
819 	void *pdata, *qdata;
820 	uint64_t xsize, ysize, i;
821 	int x = tgts[0];
822 	int y = tgts[1];
823 
824 	ASSERT(ntgts == 2);
825 	ASSERT(x < y);
826 	ASSERT(x >= rm->rm_firstdatacol);
827 	ASSERT(y < rm->rm_cols);
828 
829 	ASSERT(rm->rm_col[x].rc_size >= rm->rm_col[y].rc_size);
830 
831 	/*
832 	 * Move the parity data aside -- we're going to compute parity as
833 	 * though columns x and y were full of zeros -- Pxy and Qxy. We want to
834 	 * reuse the parity generation mechanism without trashing the actual
835 	 * parity so we make those columns appear to be full of zeros by
836 	 * setting their lengths to zero.
837 	 */
838 	pdata = rm->rm_col[VDEV_RAIDZ_P].rc_data;
839 	qdata = rm->rm_col[VDEV_RAIDZ_Q].rc_data;
840 	xsize = rm->rm_col[x].rc_size;
841 	ysize = rm->rm_col[y].rc_size;
842 
843 	rm->rm_col[VDEV_RAIDZ_P].rc_data =
844 	    zio_buf_alloc(rm->rm_col[VDEV_RAIDZ_P].rc_size);
845 	rm->rm_col[VDEV_RAIDZ_Q].rc_data =
846 	    zio_buf_alloc(rm->rm_col[VDEV_RAIDZ_Q].rc_size);
847 	rm->rm_col[x].rc_size = 0;
848 	rm->rm_col[y].rc_size = 0;
849 
850 	vdev_raidz_generate_parity_pq(rm);
851 
852 	rm->rm_col[x].rc_size = xsize;
853 	rm->rm_col[y].rc_size = ysize;
854 
855 	p = pdata;
856 	q = qdata;
857 	pxy = rm->rm_col[VDEV_RAIDZ_P].rc_data;
858 	qxy = rm->rm_col[VDEV_RAIDZ_Q].rc_data;
859 	xd = rm->rm_col[x].rc_data;
860 	yd = rm->rm_col[y].rc_data;
861 
862 	/*
863 	 * We now have:
864 	 *	Pxy = P + D_x + D_y
865 	 *	Qxy = Q + 2^(ndevs - 1 - x) * D_x + 2^(ndevs - 1 - y) * D_y
866 	 *
867 	 * We can then solve for D_x:
868 	 *	D_x = A * (P + Pxy) + B * (Q + Qxy)
869 	 * where
870 	 *	A = 2^(x - y) * (2^(x - y) + 1)^-1
871 	 *	B = 2^(ndevs - 1 - x) * (2^(x - y) + 1)^-1
872 	 *
873 	 * With D_x in hand, we can easily solve for D_y:
874 	 *	D_y = P + Pxy + D_x
875 	 */
876 
877 	a = vdev_raidz_pow2[255 + x - y];
878 	b = vdev_raidz_pow2[255 - (rm->rm_cols - 1 - x)];
879 	tmp = 255 - vdev_raidz_log2[a ^ 1];
880 
881 	aexp = vdev_raidz_log2[vdev_raidz_exp2(a, tmp)];
882 	bexp = vdev_raidz_log2[vdev_raidz_exp2(b, tmp)];
883 
884 	for (i = 0; i < xsize; i++, p++, q++, pxy++, qxy++, xd++, yd++) {
885 		*xd = vdev_raidz_exp2(*p ^ *pxy, aexp) ^
886 		    vdev_raidz_exp2(*q ^ *qxy, bexp);
887 
888 		if (i < ysize)
889 			*yd = *p ^ *pxy ^ *xd;
890 	}
891 
892 	zio_buf_free(rm->rm_col[VDEV_RAIDZ_P].rc_data,
893 	    rm->rm_col[VDEV_RAIDZ_P].rc_size);
894 	zio_buf_free(rm->rm_col[VDEV_RAIDZ_Q].rc_data,
895 	    rm->rm_col[VDEV_RAIDZ_Q].rc_size);
896 
897 	/*
898 	 * Restore the saved parity data.
899 	 */
900 	rm->rm_col[VDEV_RAIDZ_P].rc_data = pdata;
901 	rm->rm_col[VDEV_RAIDZ_Q].rc_data = qdata;
902 
903 	return ((1 << VDEV_RAIDZ_P) | (1 << VDEV_RAIDZ_Q));
904 }
905 
906 /* BEGIN CSTYLED */
907 /*
908  * In the general case of reconstruction, we must solve the system of linear
909  * equations defined by the coeffecients used to generate parity as well as
910  * the contents of the data and parity disks. This can be expressed with
911  * vectors for the original data (D) and the actual data (d) and parity (p)
912  * and a matrix composed of the identity matrix (I) and a dispersal matrix (V):
913  *
914  *            __   __                     __     __
915  *            |     |         __     __   |  p_0  |
916  *            |  V  |         |  D_0  |   | p_m-1 |
917  *            |     |    x    |   :   | = |  d_0  |
918  *            |  I  |         | D_n-1 |   |   :   |
919  *            |     |         ~~     ~~   | d_n-1 |
920  *            ~~   ~~                     ~~     ~~
921  *
922  * I is simply a square identity matrix of size n, and V is a vandermonde
923  * matrix defined by the coeffecients we chose for the various parity columns
924  * (1, 2, 4). Note that these values were chosen both for simplicity, speedy
925  * computation as well as linear separability.
926  *
927  *      __               __               __     __
928  *      |   1   ..  1 1 1 |               |  p_0  |
929  *      | 2^n-1 ..  4 2 1 |   __     __   |   :   |
930  *      | 4^n-1 .. 16 4 1 |   |  D_0  |   | p_m-1 |
931  *      |   1   ..  0 0 0 |   |  D_1  |   |  d_0  |
932  *      |   0   ..  0 0 0 | x |  D_2  | = |  d_1  |
933  *      |   :       : : : |   |   :   |   |  d_2  |
934  *      |   0   ..  1 0 0 |   | D_n-1 |   |   :   |
935  *      |   0   ..  0 1 0 |   ~~     ~~   |   :   |
936  *      |   0   ..  0 0 1 |               | d_n-1 |
937  *      ~~               ~~               ~~     ~~
938  *
939  * Note that I, V, d, and p are known. To compute D, we must invert the
940  * matrix and use the known data and parity values to reconstruct the unknown
941  * data values. We begin by removing the rows in V|I and d|p that correspond
942  * to failed or missing columns; we then make V|I square (n x n) and d|p
943  * sized n by removing rows corresponding to unused parity from the bottom up
944  * to generate (V|I)' and (d|p)'. We can then generate the inverse of (V|I)'
945  * using Gauss-Jordan elimination. In the example below we use m=3 parity
946  * columns, n=8 data columns, with errors in d_1, d_2, and p_1:
947  *           __                               __
948  *           |  1   1   1   1   1   1   1   1  |
949  *           | 128  64  32  16  8   4   2   1  | <-----+-+-- missing disks
950  *           |  19 205 116  29  64  16  4   1  |      / /
951  *           |  1   0   0   0   0   0   0   0  |     / /
952  *           |  0   1   0   0   0   0   0   0  | <--' /
953  *  (V|I)  = |  0   0   1   0   0   0   0   0  | <---'
954  *           |  0   0   0   1   0   0   0   0  |
955  *           |  0   0   0   0   1   0   0   0  |
956  *           |  0   0   0   0   0   1   0   0  |
957  *           |  0   0   0   0   0   0   1   0  |
958  *           |  0   0   0   0   0   0   0   1  |
959  *           ~~                               ~~
960  *           __                               __
961  *           |  1   1   1   1   1   1   1   1  |
962  *           | 128  64  32  16  8   4   2   1  |
963  *           |  19 205 116  29  64  16  4   1  |
964  *           |  1   0   0   0   0   0   0   0  |
965  *           |  0   1   0   0   0   0   0   0  |
966  *  (V|I)' = |  0   0   1   0   0   0   0   0  |
967  *           |  0   0   0   1   0   0   0   0  |
968  *           |  0   0   0   0   1   0   0   0  |
969  *           |  0   0   0   0   0   1   0   0  |
970  *           |  0   0   0   0   0   0   1   0  |
971  *           |  0   0   0   0   0   0   0   1  |
972  *           ~~                               ~~
973  *
974  * Here we employ Gauss-Jordan elimination to find the inverse of (V|I)'. We
975  * have carefully chosen the seed values 1, 2, and 4 to ensure that this
976  * matrix is not singular.
977  * __                                                                 __
978  * |  1   1   1   1   1   1   1   1     1   0   0   0   0   0   0   0  |
979  * |  19 205 116  29  64  16  4   1     0   1   0   0   0   0   0   0  |
980  * |  1   0   0   0   0   0   0   0     0   0   1   0   0   0   0   0  |
981  * |  0   0   0   1   0   0   0   0     0   0   0   1   0   0   0   0  |
982  * |  0   0   0   0   1   0   0   0     0   0   0   0   1   0   0   0  |
983  * |  0   0   0   0   0   1   0   0     0   0   0   0   0   1   0   0  |
984  * |  0   0   0   0   0   0   1   0     0   0   0   0   0   0   1   0  |
985  * |  0   0   0   0   0   0   0   1     0   0   0   0   0   0   0   1  |
986  * ~~                                                                 ~~
987  * __                                                                 __
988  * |  1   0   0   0   0   0   0   0     0   0   1   0   0   0   0   0  |
989  * |  1   1   1   1   1   1   1   1     1   0   0   0   0   0   0   0  |
990  * |  19 205 116  29  64  16  4   1     0   1   0   0   0   0   0   0  |
991  * |  0   0   0   1   0   0   0   0     0   0   0   1   0   0   0   0  |
992  * |  0   0   0   0   1   0   0   0     0   0   0   0   1   0   0   0  |
993  * |  0   0   0   0   0   1   0   0     0   0   0   0   0   1   0   0  |
994  * |  0   0   0   0   0   0   1   0     0   0   0   0   0   0   1   0  |
995  * |  0   0   0   0   0   0   0   1     0   0   0   0   0   0   0   1  |
996  * ~~                                                                 ~~
997  * __                                                                 __
998  * |  1   0   0   0   0   0   0   0     0   0   1   0   0   0   0   0  |
999  * |  0   1   1   0   0   0   0   0     1   0   1   1   1   1   1   1  |
1000  * |  0  205 116  0   0   0   0   0     0   1   19  29  64  16  4   1  |
1001  * |  0   0   0   1   0   0   0   0     0   0   0   1   0   0   0   0  |
1002  * |  0   0   0   0   1   0   0   0     0   0   0   0   1   0   0   0  |
1003  * |  0   0   0   0   0   1   0   0     0   0   0   0   0   1   0   0  |
1004  * |  0   0   0   0   0   0   1   0     0   0   0   0   0   0   1   0  |
1005  * |  0   0   0   0   0   0   0   1     0   0   0   0   0   0   0   1  |
1006  * ~~                                                                 ~~
1007  * __                                                                 __
1008  * |  1   0   0   0   0   0   0   0     0   0   1   0   0   0   0   0  |
1009  * |  0   1   1   0   0   0   0   0     1   0   1   1   1   1   1   1  |
1010  * |  0   0  185  0   0   0   0   0    205  1  222 208 141 221 201 204 |
1011  * |  0   0   0   1   0   0   0   0     0   0   0   1   0   0   0   0  |
1012  * |  0   0   0   0   1   0   0   0     0   0   0   0   1   0   0   0  |
1013  * |  0   0   0   0   0   1   0   0     0   0   0   0   0   1   0   0  |
1014  * |  0   0   0   0   0   0   1   0     0   0   0   0   0   0   1   0  |
1015  * |  0   0   0   0   0   0   0   1     0   0   0   0   0   0   0   1  |
1016  * ~~                                                                 ~~
1017  * __                                                                 __
1018  * |  1   0   0   0   0   0   0   0     0   0   1   0   0   0   0   0  |
1019  * |  0   1   1   0   0   0   0   0     1   0   1   1   1   1   1   1  |
1020  * |  0   0   1   0   0   0   0   0    166 100  4   40 158 168 216 209 |
1021  * |  0   0   0   1   0   0   0   0     0   0   0   1   0   0   0   0  |
1022  * |  0   0   0   0   1   0   0   0     0   0   0   0   1   0   0   0  |
1023  * |  0   0   0   0   0   1   0   0     0   0   0   0   0   1   0   0  |
1024  * |  0   0   0   0   0   0   1   0     0   0   0   0   0   0   1   0  |
1025  * |  0   0   0   0   0   0   0   1     0   0   0   0   0   0   0   1  |
1026  * ~~                                                                 ~~
1027  * __                                                                 __
1028  * |  1   0   0   0   0   0   0   0     0   0   1   0   0   0   0   0  |
1029  * |  0   1   0   0   0   0   0   0    167 100  5   41 159 169 217 208 |
1030  * |  0   0   1   0   0   0   0   0    166 100  4   40 158 168 216 209 |
1031  * |  0   0   0   1   0   0   0   0     0   0   0   1   0   0   0   0  |
1032  * |  0   0   0   0   1   0   0   0     0   0   0   0   1   0   0   0  |
1033  * |  0   0   0   0   0   1   0   0     0   0   0   0   0   1   0   0  |
1034  * |  0   0   0   0   0   0   1   0     0   0   0   0   0   0   1   0  |
1035  * |  0   0   0   0   0   0   0   1     0   0   0   0   0   0   0   1  |
1036  * ~~                                                                 ~~
1037  *                   __                               __
1038  *                   |  0   0   1   0   0   0   0   0  |
1039  *                   | 167 100  5   41 159 169 217 208 |
1040  *                   | 166 100  4   40 158 168 216 209 |
1041  *       (V|I)'^-1 = |  0   0   0   1   0   0   0   0  |
1042  *                   |  0   0   0   0   1   0   0   0  |
1043  *                   |  0   0   0   0   0   1   0   0  |
1044  *                   |  0   0   0   0   0   0   1   0  |
1045  *                   |  0   0   0   0   0   0   0   1  |
1046  *                   ~~                               ~~
1047  *
1048  * We can then simply compute D = (V|I)'^-1 x (d|p)' to discover the values
1049  * of the missing data.
1050  *
1051  * As is apparent from the example above, the only non-trivial rows in the
1052  * inverse matrix correspond to the data disks that we're trying to
1053  * reconstruct. Indeed, those are the only rows we need as the others would
1054  * only be useful for reconstructing data known or assumed to be valid. For
1055  * that reason, we only build the coefficients in the rows that correspond to
1056  * targeted columns.
1057  */
1058 /* END CSTYLED */
1059 
1060 static void
1061 vdev_raidz_matrix_init(raidz_map_t *rm, int n, int nmap, int *map,
1062     uint8_t **rows)
1063 {
1064 	int i, j;
1065 	int pow;
1066 
1067 	ASSERT(n == rm->rm_cols - rm->rm_firstdatacol);
1068 
1069 	/*
1070 	 * Fill in the missing rows of interest.
1071 	 */
1072 	for (i = 0; i < nmap; i++) {
1073 		ASSERT3S(0, <=, map[i]);
1074 		ASSERT3S(map[i], <=, 2);
1075 
1076 		pow = map[i] * n;
1077 		if (pow > 255)
1078 			pow -= 255;
1079 		ASSERT(pow <= 255);
1080 
1081 		for (j = 0; j < n; j++) {
1082 			pow -= map[i];
1083 			if (pow < 0)
1084 				pow += 255;
1085 			rows[i][j] = vdev_raidz_pow2[pow];
1086 		}
1087 	}
1088 }
1089 
1090 static void
1091 vdev_raidz_matrix_invert(raidz_map_t *rm, int n, int nmissing, int *missing,
1092     uint8_t **rows, uint8_t **invrows, const uint8_t *used)
1093 {
1094 	int i, j, ii, jj;
1095 	uint8_t log;
1096 
1097 	/*
1098 	 * Assert that the first nmissing entries from the array of used
1099 	 * columns correspond to parity columns and that subsequent entries
1100 	 * correspond to data columns.
1101 	 */
1102 	for (i = 0; i < nmissing; i++) {
1103 		ASSERT3S(used[i], <, rm->rm_firstdatacol);
1104 	}
1105 	for (; i < n; i++) {
1106 		ASSERT3S(used[i], >=, rm->rm_firstdatacol);
1107 	}
1108 
1109 	/*
1110 	 * First initialize the storage where we'll compute the inverse rows.
1111 	 */
1112 	for (i = 0; i < nmissing; i++) {
1113 		for (j = 0; j < n; j++) {
1114 			invrows[i][j] = (i == j) ? 1 : 0;
1115 		}
1116 	}
1117 
1118 	/*
1119 	 * Subtract all trivial rows from the rows of consequence.
1120 	 */
1121 	for (i = 0; i < nmissing; i++) {
1122 		for (j = nmissing; j < n; j++) {
1123 			ASSERT3U(used[j], >=, rm->rm_firstdatacol);
1124 			jj = used[j] - rm->rm_firstdatacol;
1125 			ASSERT3S(jj, <, n);
1126 			invrows[i][j] = rows[i][jj];
1127 			rows[i][jj] = 0;
1128 		}
1129 	}
1130 
1131 	/*
1132 	 * For each of the rows of interest, we must normalize it and subtract
1133 	 * a multiple of it from the other rows.
1134 	 */
1135 	for (i = 0; i < nmissing; i++) {
1136 		for (j = 0; j < missing[i]; j++) {
1137 			ASSERT3U(rows[i][j], ==, 0);
1138 		}
1139 		ASSERT3U(rows[i][missing[i]], !=, 0);
1140 
1141 		/*
1142 		 * Compute the inverse of the first element and multiply each
1143 		 * element in the row by that value.
1144 		 */
1145 		log = 255 - vdev_raidz_log2[rows[i][missing[i]]];
1146 
1147 		for (j = 0; j < n; j++) {
1148 			rows[i][j] = vdev_raidz_exp2(rows[i][j], log);
1149 			invrows[i][j] = vdev_raidz_exp2(invrows[i][j], log);
1150 		}
1151 
1152 		for (ii = 0; ii < nmissing; ii++) {
1153 			if (i == ii)
1154 				continue;
1155 
1156 			ASSERT3U(rows[ii][missing[i]], !=, 0);
1157 
1158 			log = vdev_raidz_log2[rows[ii][missing[i]]];
1159 
1160 			for (j = 0; j < n; j++) {
1161 				rows[ii][j] ^=
1162 				    vdev_raidz_exp2(rows[i][j], log);
1163 				invrows[ii][j] ^=
1164 				    vdev_raidz_exp2(invrows[i][j], log);
1165 			}
1166 		}
1167 	}
1168 
1169 	/*
1170 	 * Verify that the data that is left in the rows are properly part of
1171 	 * an identity matrix.
1172 	 */
1173 	for (i = 0; i < nmissing; i++) {
1174 		for (j = 0; j < n; j++) {
1175 			if (j == missing[i]) {
1176 				ASSERT3U(rows[i][j], ==, 1);
1177 			} else {
1178 				ASSERT3U(rows[i][j], ==, 0);
1179 			}
1180 		}
1181 	}
1182 }
1183 
1184 static void
1185 vdev_raidz_matrix_reconstruct(raidz_map_t *rm, int n, int nmissing,
1186     int *missing, uint8_t **invrows, const uint8_t *used)
1187 {
1188 	int i, j, x, cc, c;
1189 	uint8_t *src;
1190 	uint64_t ccount;
1191 	uint8_t *dst[VDEV_RAIDZ_MAXPARITY];
1192 	uint64_t dcount[VDEV_RAIDZ_MAXPARITY];
1193 	uint8_t log, val;
1194 	int ll;
1195 	uint8_t *invlog[VDEV_RAIDZ_MAXPARITY];
1196 	uint8_t *p, *pp;
1197 	size_t psize;
1198 
1199 	psize = sizeof (invlog[0][0]) * n * nmissing;
1200 	p = kmem_alloc(psize, KM_SLEEP);
1201 
1202 	for (pp = p, i = 0; i < nmissing; i++) {
1203 		invlog[i] = pp;
1204 		pp += n;
1205 	}
1206 
1207 	for (i = 0; i < nmissing; i++) {
1208 		for (j = 0; j < n; j++) {
1209 			ASSERT3U(invrows[i][j], !=, 0);
1210 			invlog[i][j] = vdev_raidz_log2[invrows[i][j]];
1211 		}
1212 	}
1213 
1214 	for (i = 0; i < n; i++) {
1215 		c = used[i];
1216 		ASSERT3U(c, <, rm->rm_cols);
1217 
1218 		src = rm->rm_col[c].rc_data;
1219 		ccount = rm->rm_col[c].rc_size;
1220 		for (j = 0; j < nmissing; j++) {
1221 			cc = missing[j] + rm->rm_firstdatacol;
1222 			ASSERT3U(cc, >=, rm->rm_firstdatacol);
1223 			ASSERT3U(cc, <, rm->rm_cols);
1224 			ASSERT3U(cc, !=, c);
1225 
1226 			dst[j] = rm->rm_col[cc].rc_data;
1227 			dcount[j] = rm->rm_col[cc].rc_size;
1228 		}
1229 
1230 		ASSERT(ccount >= rm->rm_col[missing[0]].rc_size || i > 0);
1231 
1232 		for (x = 0; x < ccount; x++, src++) {
1233 			if (*src != 0)
1234 				log = vdev_raidz_log2[*src];
1235 
1236 			for (cc = 0; cc < nmissing; cc++) {
1237 				if (x >= dcount[cc])
1238 					continue;
1239 
1240 				if (*src == 0) {
1241 					val = 0;
1242 				} else {
1243 					if ((ll = log + invlog[cc][i]) >= 255)
1244 						ll -= 255;
1245 					val = vdev_raidz_pow2[ll];
1246 				}
1247 
1248 				if (i == 0)
1249 					dst[cc][x] = val;
1250 				else
1251 					dst[cc][x] ^= val;
1252 			}
1253 		}
1254 	}
1255 
1256 	kmem_free(p, psize);
1257 }
1258 
1259 static int
1260 vdev_raidz_reconstruct_general(raidz_map_t *rm, int *tgts, int ntgts)
1261 {
1262 	int n, i, c, t, tt;
1263 	int nmissing_rows;
1264 	int missing_rows[VDEV_RAIDZ_MAXPARITY];
1265 	int parity_map[VDEV_RAIDZ_MAXPARITY];
1266 
1267 	uint8_t *p, *pp;
1268 	size_t psize;
1269 
1270 	uint8_t *rows[VDEV_RAIDZ_MAXPARITY];
1271 	uint8_t *invrows[VDEV_RAIDZ_MAXPARITY];
1272 	uint8_t *used;
1273 
1274 	int code = 0;
1275 
1276 
1277 	n = rm->rm_cols - rm->rm_firstdatacol;
1278 
1279 	/*
1280 	 * Figure out which data columns are missing.
1281 	 */
1282 	nmissing_rows = 0;
1283 	for (t = 0; t < ntgts; t++) {
1284 		if (tgts[t] >= rm->rm_firstdatacol) {
1285 			missing_rows[nmissing_rows++] =
1286 			    tgts[t] - rm->rm_firstdatacol;
1287 		}
1288 	}
1289 
1290 	/*
1291 	 * Figure out which parity columns to use to help generate the missing
1292 	 * data columns.
1293 	 */
1294 	for (tt = 0, c = 0, i = 0; i < nmissing_rows; c++) {
1295 		ASSERT(tt < ntgts);
1296 		ASSERT(c < rm->rm_firstdatacol);
1297 
1298 		/*
1299 		 * Skip any targeted parity columns.
1300 		 */
1301 		if (c == tgts[tt]) {
1302 			tt++;
1303 			continue;
1304 		}
1305 
1306 		code |= 1 << c;
1307 
1308 		parity_map[i] = c;
1309 		i++;
1310 	}
1311 
1312 	ASSERT(code != 0);
1313 	ASSERT3U(code, <, 1 << VDEV_RAIDZ_MAXPARITY);
1314 
1315 	psize = (sizeof (rows[0][0]) + sizeof (invrows[0][0])) *
1316 	    nmissing_rows * n + sizeof (used[0]) * n;
1317 	p = kmem_alloc(psize, KM_SLEEP);
1318 
1319 	for (pp = p, i = 0; i < nmissing_rows; i++) {
1320 		rows[i] = pp;
1321 		pp += n;
1322 		invrows[i] = pp;
1323 		pp += n;
1324 	}
1325 	used = pp;
1326 
1327 	for (i = 0; i < nmissing_rows; i++) {
1328 		used[i] = parity_map[i];
1329 	}
1330 
1331 	for (tt = 0, c = rm->rm_firstdatacol; c < rm->rm_cols; c++) {
1332 		if (tt < nmissing_rows &&
1333 		    c == missing_rows[tt] + rm->rm_firstdatacol) {
1334 			tt++;
1335 			continue;
1336 		}
1337 
1338 		ASSERT3S(i, <, n);
1339 		used[i] = c;
1340 		i++;
1341 	}
1342 
1343 	/*
1344 	 * Initialize the interesting rows of the matrix.
1345 	 */
1346 	vdev_raidz_matrix_init(rm, n, nmissing_rows, parity_map, rows);
1347 
1348 	/*
1349 	 * Invert the matrix.
1350 	 */
1351 	vdev_raidz_matrix_invert(rm, n, nmissing_rows, missing_rows, rows,
1352 	    invrows, used);
1353 
1354 	/*
1355 	 * Reconstruct the missing data using the generated matrix.
1356 	 */
1357 	vdev_raidz_matrix_reconstruct(rm, n, nmissing_rows, missing_rows,
1358 	    invrows, used);
1359 
1360 	kmem_free(p, psize);
1361 
1362 	return (code);
1363 }
1364 
1365 static int
1366 vdev_raidz_reconstruct(raidz_map_t *rm, int *t, int nt)
1367 {
1368 	int tgts[VDEV_RAIDZ_MAXPARITY], *dt;
1369 	int ntgts;
1370 	int i, c;
1371 	int code;
1372 	int nbadparity, nbaddata;
1373 	int parity_valid[VDEV_RAIDZ_MAXPARITY];
1374 
1375 	/*
1376 	 * The tgts list must already be sorted.
1377 	 */
1378 	for (i = 1; i < nt; i++) {
1379 		ASSERT(t[i] > t[i - 1]);
1380 	}
1381 
1382 	nbadparity = rm->rm_firstdatacol;
1383 	nbaddata = rm->rm_cols - nbadparity;
1384 	ntgts = 0;
1385 	for (i = 0, c = 0; c < rm->rm_cols; c++) {
1386 		if (c < rm->rm_firstdatacol)
1387 			parity_valid[c] = B_FALSE;
1388 
1389 		if (i < nt && c == t[i]) {
1390 			tgts[ntgts++] = c;
1391 			i++;
1392 		} else if (rm->rm_col[c].rc_error != 0) {
1393 			tgts[ntgts++] = c;
1394 		} else if (c >= rm->rm_firstdatacol) {
1395 			nbaddata--;
1396 		} else {
1397 			parity_valid[c] = B_TRUE;
1398 			nbadparity--;
1399 		}
1400 	}
1401 
1402 	ASSERT(ntgts >= nt);
1403 	ASSERT(nbaddata >= 0);
1404 	ASSERT(nbaddata + nbadparity == ntgts);
1405 
1406 	dt = &tgts[nbadparity];
1407 
1408 	/*
1409 	 * See if we can use any of our optimized reconstruction routines.
1410 	 */
1411 	if (!vdev_raidz_default_to_general) {
1412 		switch (nbaddata) {
1413 		case 1:
1414 			if (parity_valid[VDEV_RAIDZ_P])
1415 				return (vdev_raidz_reconstruct_p(rm, dt, 1));
1416 
1417 			ASSERT(rm->rm_firstdatacol > 1);
1418 
1419 			if (parity_valid[VDEV_RAIDZ_Q])
1420 				return (vdev_raidz_reconstruct_q(rm, dt, 1));
1421 
1422 			ASSERT(rm->rm_firstdatacol > 2);
1423 			break;
1424 
1425 		case 2:
1426 			ASSERT(rm->rm_firstdatacol > 1);
1427 
1428 			if (parity_valid[VDEV_RAIDZ_P] &&
1429 			    parity_valid[VDEV_RAIDZ_Q])
1430 				return (vdev_raidz_reconstruct_pq(rm, dt, 2));
1431 
1432 			ASSERT(rm->rm_firstdatacol > 2);
1433 
1434 			break;
1435 		}
1436 	}
1437 
1438 	code = vdev_raidz_reconstruct_general(rm, tgts, ntgts);
1439 	ASSERT(code < (1 << VDEV_RAIDZ_MAXPARITY));
1440 	ASSERT(code > 0);
1441 	return (code);
1442 }
1443 
1444 static int
1445 vdev_raidz_open(vdev_t *vd, uint64_t *asize, uint64_t *max_asize,
1446     uint64_t *ashift)
1447 {
1448 	vdev_t *cvd;
1449 	uint64_t nparity = vd->vdev_nparity;
1450 	int c;
1451 	int lasterror = 0;
1452 	int numerrors = 0;
1453 
1454 	ASSERT(nparity > 0);
1455 
1456 	if (nparity > VDEV_RAIDZ_MAXPARITY ||
1457 	    vd->vdev_children < nparity + 1) {
1458 		vd->vdev_stat.vs_aux = VDEV_AUX_BAD_LABEL;
1459 		return (EINVAL);
1460 	}
1461 
1462 	vdev_open_children(vd);
1463 
1464 	for (c = 0; c < vd->vdev_children; c++) {
1465 		cvd = vd->vdev_child[c];
1466 
1467 		if (cvd->vdev_open_error != 0) {
1468 			lasterror = cvd->vdev_open_error;
1469 			numerrors++;
1470 			continue;
1471 		}
1472 
1473 		*asize = MIN(*asize - 1, cvd->vdev_asize - 1) + 1;
1474 		*max_asize = MIN(*max_asize - 1, cvd->vdev_max_asize - 1) + 1;
1475 		*ashift = MAX(*ashift, cvd->vdev_ashift);
1476 	}
1477 
1478 	*asize *= vd->vdev_children;
1479 	*max_asize *= vd->vdev_children;
1480 
1481 	if (numerrors > nparity) {
1482 		vd->vdev_stat.vs_aux = VDEV_AUX_NO_REPLICAS;
1483 		return (lasterror);
1484 	}
1485 
1486 	return (0);
1487 }
1488 
1489 static void
1490 vdev_raidz_close(vdev_t *vd)
1491 {
1492 	int c;
1493 
1494 	for (c = 0; c < vd->vdev_children; c++)
1495 		vdev_close(vd->vdev_child[c]);
1496 }
1497 
1498 static uint64_t
1499 vdev_raidz_asize(vdev_t *vd, uint64_t psize)
1500 {
1501 	uint64_t asize;
1502 	uint64_t ashift = vd->vdev_top->vdev_ashift;
1503 	uint64_t cols = vd->vdev_children;
1504 	uint64_t nparity = vd->vdev_nparity;
1505 
1506 	asize = ((psize - 1) >> ashift) + 1;
1507 	asize += nparity * ((asize + cols - nparity - 1) / (cols - nparity));
1508 	asize = roundup(asize, nparity + 1) << ashift;
1509 
1510 	return (asize);
1511 }
1512 
1513 static void
1514 vdev_raidz_child_done(zio_t *zio)
1515 {
1516 	raidz_col_t *rc = zio->io_private;
1517 
1518 	rc->rc_error = zio->io_error;
1519 	rc->rc_tried = 1;
1520 	rc->rc_skipped = 0;
1521 }
1522 
1523 static int
1524 vdev_raidz_io_start(zio_t *zio)
1525 {
1526 	vdev_t *vd = zio->io_vd;
1527 	vdev_t *tvd = vd->vdev_top;
1528 	vdev_t *cvd;
1529 	raidz_map_t *rm;
1530 	raidz_col_t *rc;
1531 	int c, i;
1532 
1533 	rm = vdev_raidz_map_alloc(zio, tvd->vdev_ashift, vd->vdev_children,
1534 	    vd->vdev_nparity);
1535 
1536 	ASSERT3U(rm->rm_asize, ==, vdev_psize_to_asize(vd, zio->io_size));
1537 
1538 	if (zio->io_type == ZIO_TYPE_WRITE) {
1539 		vdev_raidz_generate_parity(rm);
1540 
1541 		for (c = 0; c < rm->rm_cols; c++) {
1542 			rc = &rm->rm_col[c];
1543 			cvd = vd->vdev_child[rc->rc_devidx];
1544 			zio_nowait(zio_vdev_child_io(zio, NULL, cvd,
1545 			    rc->rc_offset, rc->rc_data, rc->rc_size,
1546 			    zio->io_type, zio->io_priority, 0,
1547 			    vdev_raidz_child_done, rc));
1548 		}
1549 
1550 		/*
1551 		 * Generate optional I/Os for any skipped sectors to improve
1552 		 * aggregation contiguity.
1553 		 */
1554 		for (c = rm->rm_skipstart, i = 0; i < rm->rm_nskip; c++, i++) {
1555 			ASSERT(c <= rm->rm_scols);
1556 			if (c == rm->rm_scols)
1557 				c = 0;
1558 			rc = &rm->rm_col[c];
1559 			cvd = vd->vdev_child[rc->rc_devidx];
1560 			zio_nowait(zio_vdev_child_io(zio, NULL, cvd,
1561 			    rc->rc_offset + rc->rc_size, NULL,
1562 			    1 << tvd->vdev_ashift,
1563 			    zio->io_type, zio->io_priority,
1564 			    ZIO_FLAG_NODATA | ZIO_FLAG_OPTIONAL, NULL, NULL));
1565 		}
1566 
1567 		return (ZIO_PIPELINE_CONTINUE);
1568 	}
1569 
1570 	ASSERT(zio->io_type == ZIO_TYPE_READ);
1571 
1572 	/*
1573 	 * Iterate over the columns in reverse order so that we hit the parity
1574 	 * last -- any errors along the way will force us to read the parity.
1575 	 */
1576 	for (c = rm->rm_cols - 1; c >= 0; c--) {
1577 		rc = &rm->rm_col[c];
1578 		cvd = vd->vdev_child[rc->rc_devidx];
1579 		if (!vdev_readable(cvd)) {
1580 			if (c >= rm->rm_firstdatacol)
1581 				rm->rm_missingdata++;
1582 			else
1583 				rm->rm_missingparity++;
1584 			rc->rc_error = ENXIO;
1585 			rc->rc_tried = 1;	/* don't even try */
1586 			rc->rc_skipped = 1;
1587 			continue;
1588 		}
1589 		if (vdev_dtl_contains(cvd, DTL_MISSING, zio->io_txg, 1)) {
1590 			if (c >= rm->rm_firstdatacol)
1591 				rm->rm_missingdata++;
1592 			else
1593 				rm->rm_missingparity++;
1594 			rc->rc_error = ESTALE;
1595 			rc->rc_skipped = 1;
1596 			continue;
1597 		}
1598 		if (c >= rm->rm_firstdatacol || rm->rm_missingdata > 0 ||
1599 		    (zio->io_flags & (ZIO_FLAG_SCRUB | ZIO_FLAG_RESILVER))) {
1600 			zio_nowait(zio_vdev_child_io(zio, NULL, cvd,
1601 			    rc->rc_offset, rc->rc_data, rc->rc_size,
1602 			    zio->io_type, zio->io_priority, 0,
1603 			    vdev_raidz_child_done, rc));
1604 		}
1605 	}
1606 
1607 	return (ZIO_PIPELINE_CONTINUE);
1608 }
1609 
1610 
1611 /*
1612  * Report a checksum error for a child of a RAID-Z device.
1613  */
1614 static void
1615 raidz_checksum_error(zio_t *zio, raidz_col_t *rc, void *bad_data)
1616 {
1617 	vdev_t *vd = zio->io_vd->vdev_child[rc->rc_devidx];
1618 
1619 	if (!(zio->io_flags & ZIO_FLAG_SPECULATIVE)) {
1620 		zio_bad_cksum_t zbc;
1621 		raidz_map_t *rm = zio->io_vsd;
1622 
1623 		mutex_enter(&vd->vdev_stat_lock);
1624 		vd->vdev_stat.vs_checksum_errors++;
1625 		mutex_exit(&vd->vdev_stat_lock);
1626 
1627 		zbc.zbc_has_cksum = 0;
1628 		zbc.zbc_injected = rm->rm_ecksuminjected;
1629 
1630 		zfs_ereport_post_checksum(zio->io_spa, vd, zio,
1631 		    rc->rc_offset, rc->rc_size, rc->rc_data, bad_data,
1632 		    &zbc);
1633 	}
1634 }
1635 
1636 /*
1637  * We keep track of whether or not there were any injected errors, so that
1638  * any ereports we generate can note it.
1639  */
1640 static int
1641 raidz_checksum_verify(zio_t *zio)
1642 {
1643 	zio_bad_cksum_t zbc;
1644 	raidz_map_t *rm = zio->io_vsd;
1645 
1646 	int ret = zio_checksum_error(zio, &zbc);
1647 	if (ret != 0 && zbc.zbc_injected != 0)
1648 		rm->rm_ecksuminjected = 1;
1649 
1650 	return (ret);
1651 }
1652 
1653 /*
1654  * Generate the parity from the data columns. If we tried and were able to
1655  * read the parity without error, verify that the generated parity matches the
1656  * data we read. If it doesn't, we fire off a checksum error. Return the
1657  * number such failures.
1658  */
1659 static int
1660 raidz_parity_verify(zio_t *zio, raidz_map_t *rm)
1661 {
1662 	void *orig[VDEV_RAIDZ_MAXPARITY];
1663 	int c, ret = 0;
1664 	raidz_col_t *rc;
1665 
1666 	for (c = 0; c < rm->rm_firstdatacol; c++) {
1667 		rc = &rm->rm_col[c];
1668 		if (!rc->rc_tried || rc->rc_error != 0)
1669 			continue;
1670 		orig[c] = zio_buf_alloc(rc->rc_size);
1671 		bcopy(rc->rc_data, orig[c], rc->rc_size);
1672 	}
1673 
1674 	vdev_raidz_generate_parity(rm);
1675 
1676 	for (c = 0; c < rm->rm_firstdatacol; c++) {
1677 		rc = &rm->rm_col[c];
1678 		if (!rc->rc_tried || rc->rc_error != 0)
1679 			continue;
1680 		if (bcmp(orig[c], rc->rc_data, rc->rc_size) != 0) {
1681 			raidz_checksum_error(zio, rc, orig[c]);
1682 			rc->rc_error = ECKSUM;
1683 			ret++;
1684 		}
1685 		zio_buf_free(orig[c], rc->rc_size);
1686 	}
1687 
1688 	return (ret);
1689 }
1690 
1691 /*
1692  * Keep statistics on all the ways that we used parity to correct data.
1693  */
1694 static uint64_t raidz_corrected[1 << VDEV_RAIDZ_MAXPARITY];
1695 
1696 static int
1697 vdev_raidz_worst_error(raidz_map_t *rm)
1698 {
1699 	int error = 0;
1700 
1701 	for (int c = 0; c < rm->rm_cols; c++)
1702 		error = zio_worst_error(error, rm->rm_col[c].rc_error);
1703 
1704 	return (error);
1705 }
1706 
1707 /*
1708  * Iterate over all combinations of bad data and attempt a reconstruction.
1709  * Note that the algorithm below is non-optimal because it doesn't take into
1710  * account how reconstruction is actually performed. For example, with
1711  * triple-parity RAID-Z the reconstruction procedure is the same if column 4
1712  * is targeted as invalid as if columns 1 and 4 are targeted since in both
1713  * cases we'd only use parity information in column 0.
1714  */
1715 static int
1716 vdev_raidz_combrec(zio_t *zio, int total_errors, int data_errors)
1717 {
1718 	raidz_map_t *rm = zio->io_vsd;
1719 	raidz_col_t *rc;
1720 	void *orig[VDEV_RAIDZ_MAXPARITY];
1721 	int tstore[VDEV_RAIDZ_MAXPARITY + 2];
1722 	int *tgts = &tstore[1];
1723 	int current, next, i, c, n;
1724 	int code, ret = 0;
1725 
1726 	ASSERT(total_errors < rm->rm_firstdatacol);
1727 
1728 	/*
1729 	 * This simplifies one edge condition.
1730 	 */
1731 	tgts[-1] = -1;
1732 
1733 	for (n = 1; n <= rm->rm_firstdatacol - total_errors; n++) {
1734 		/*
1735 		 * Initialize the targets array by finding the first n columns
1736 		 * that contain no error.
1737 		 *
1738 		 * If there were no data errors, we need to ensure that we're
1739 		 * always explicitly attempting to reconstruct at least one
1740 		 * data column. To do this, we simply push the highest target
1741 		 * up into the data columns.
1742 		 */
1743 		for (c = 0, i = 0; i < n; i++) {
1744 			if (i == n - 1 && data_errors == 0 &&
1745 			    c < rm->rm_firstdatacol) {
1746 				c = rm->rm_firstdatacol;
1747 			}
1748 
1749 			while (rm->rm_col[c].rc_error != 0) {
1750 				c++;
1751 				ASSERT3S(c, <, rm->rm_cols);
1752 			}
1753 
1754 			tgts[i] = c++;
1755 		}
1756 
1757 		/*
1758 		 * Setting tgts[n] simplifies the other edge condition.
1759 		 */
1760 		tgts[n] = rm->rm_cols;
1761 
1762 		/*
1763 		 * These buffers were allocated in previous iterations.
1764 		 */
1765 		for (i = 0; i < n - 1; i++) {
1766 			ASSERT(orig[i] != NULL);
1767 		}
1768 
1769 		orig[n - 1] = zio_buf_alloc(rm->rm_col[0].rc_size);
1770 
1771 		current = 0;
1772 		next = tgts[current];
1773 
1774 		while (current != n) {
1775 			tgts[current] = next;
1776 			current = 0;
1777 
1778 			/*
1779 			 * Save off the original data that we're going to
1780 			 * attempt to reconstruct.
1781 			 */
1782 			for (i = 0; i < n; i++) {
1783 				ASSERT(orig[i] != NULL);
1784 				c = tgts[i];
1785 				ASSERT3S(c, >=, 0);
1786 				ASSERT3S(c, <, rm->rm_cols);
1787 				rc = &rm->rm_col[c];
1788 				bcopy(rc->rc_data, orig[i], rc->rc_size);
1789 			}
1790 
1791 			/*
1792 			 * Attempt a reconstruction and exit the outer loop on
1793 			 * success.
1794 			 */
1795 			code = vdev_raidz_reconstruct(rm, tgts, n);
1796 			if (raidz_checksum_verify(zio) == 0) {
1797 				atomic_inc_64(&raidz_corrected[code]);
1798 
1799 				for (i = 0; i < n; i++) {
1800 					c = tgts[i];
1801 					rc = &rm->rm_col[c];
1802 					ASSERT(rc->rc_error == 0);
1803 					if (rc->rc_tried)
1804 						raidz_checksum_error(zio, rc,
1805 						    orig[i]);
1806 					rc->rc_error = ECKSUM;
1807 				}
1808 
1809 				ret = code;
1810 				goto done;
1811 			}
1812 
1813 			/*
1814 			 * Restore the original data.
1815 			 */
1816 			for (i = 0; i < n; i++) {
1817 				c = tgts[i];
1818 				rc = &rm->rm_col[c];
1819 				bcopy(orig[i], rc->rc_data, rc->rc_size);
1820 			}
1821 
1822 			do {
1823 				/*
1824 				 * Find the next valid column after the current
1825 				 * position..
1826 				 */
1827 				for (next = tgts[current] + 1;
1828 				    next < rm->rm_cols &&
1829 				    rm->rm_col[next].rc_error != 0; next++)
1830 					continue;
1831 
1832 				ASSERT(next <= tgts[current + 1]);
1833 
1834 				/*
1835 				 * If that spot is available, we're done here.
1836 				 */
1837 				if (next != tgts[current + 1])
1838 					break;
1839 
1840 				/*
1841 				 * Otherwise, find the next valid column after
1842 				 * the previous position.
1843 				 */
1844 				for (c = tgts[current - 1] + 1;
1845 				    rm->rm_col[c].rc_error != 0; c++)
1846 					continue;
1847 
1848 				tgts[current] = c;
1849 				current++;
1850 
1851 			} while (current != n);
1852 		}
1853 	}
1854 	n--;
1855 done:
1856 	for (i = 0; i < n; i++) {
1857 		zio_buf_free(orig[i], rm->rm_col[0].rc_size);
1858 	}
1859 
1860 	return (ret);
1861 }
1862 
1863 static void
1864 vdev_raidz_io_done(zio_t *zio)
1865 {
1866 	vdev_t *vd = zio->io_vd;
1867 	vdev_t *cvd;
1868 	raidz_map_t *rm = zio->io_vsd;
1869 	raidz_col_t *rc;
1870 	int unexpected_errors = 0;
1871 	int parity_errors = 0;
1872 	int parity_untried = 0;
1873 	int data_errors = 0;
1874 	int total_errors = 0;
1875 	int n, c;
1876 	int tgts[VDEV_RAIDZ_MAXPARITY];
1877 	int code;
1878 
1879 	ASSERT(zio->io_bp != NULL);  /* XXX need to add code to enforce this */
1880 
1881 	ASSERT(rm->rm_missingparity <= rm->rm_firstdatacol);
1882 	ASSERT(rm->rm_missingdata <= rm->rm_cols - rm->rm_firstdatacol);
1883 
1884 	for (c = 0; c < rm->rm_cols; c++) {
1885 		rc = &rm->rm_col[c];
1886 
1887 		if (rc->rc_error) {
1888 			ASSERT(rc->rc_error != ECKSUM);	/* child has no bp */
1889 
1890 			if (c < rm->rm_firstdatacol)
1891 				parity_errors++;
1892 			else
1893 				data_errors++;
1894 
1895 			if (!rc->rc_skipped)
1896 				unexpected_errors++;
1897 
1898 			total_errors++;
1899 		} else if (c < rm->rm_firstdatacol && !rc->rc_tried) {
1900 			parity_untried++;
1901 		}
1902 	}
1903 
1904 	if (zio->io_type == ZIO_TYPE_WRITE) {
1905 		/*
1906 		 * XXX -- for now, treat partial writes as a success.
1907 		 * (If we couldn't write enough columns to reconstruct
1908 		 * the data, the I/O failed.  Otherwise, good enough.)
1909 		 *
1910 		 * Now that we support write reallocation, it would be better
1911 		 * to treat partial failure as real failure unless there are
1912 		 * no non-degraded top-level vdevs left, and not update DTLs
1913 		 * if we intend to reallocate.
1914 		 */
1915 		/* XXPOLICY */
1916 		if (total_errors > rm->rm_firstdatacol)
1917 			zio->io_error = vdev_raidz_worst_error(rm);
1918 
1919 		return;
1920 	}
1921 
1922 	ASSERT(zio->io_type == ZIO_TYPE_READ);
1923 	/*
1924 	 * There are three potential phases for a read:
1925 	 *	1. produce valid data from the columns read
1926 	 *	2. read all disks and try again
1927 	 *	3. perform combinatorial reconstruction
1928 	 *
1929 	 * Each phase is progressively both more expensive and less likely to
1930 	 * occur. If we encounter more errors than we can repair or all phases
1931 	 * fail, we have no choice but to return an error.
1932 	 */
1933 
1934 	/*
1935 	 * If the number of errors we saw was correctable -- less than or equal
1936 	 * to the number of parity disks read -- attempt to produce data that
1937 	 * has a valid checksum. Naturally, this case applies in the absence of
1938 	 * any errors.
1939 	 */
1940 	if (total_errors <= rm->rm_firstdatacol - parity_untried) {
1941 		if (data_errors == 0) {
1942 			if (raidz_checksum_verify(zio) == 0) {
1943 				/*
1944 				 * If we read parity information (unnecessarily
1945 				 * as it happens since no reconstruction was
1946 				 * needed) regenerate and verify the parity.
1947 				 * We also regenerate parity when resilvering
1948 				 * so we can write it out to the failed device
1949 				 * later.
1950 				 */
1951 				if (parity_errors + parity_untried <
1952 				    rm->rm_firstdatacol ||
1953 				    (zio->io_flags & ZIO_FLAG_RESILVER)) {
1954 					n = raidz_parity_verify(zio, rm);
1955 					unexpected_errors += n;
1956 					ASSERT(parity_errors + n <=
1957 					    rm->rm_firstdatacol);
1958 				}
1959 				goto done;
1960 			}
1961 		} else {
1962 			/*
1963 			 * We either attempt to read all the parity columns or
1964 			 * none of them. If we didn't try to read parity, we
1965 			 * wouldn't be here in the correctable case. There must
1966 			 * also have been fewer parity errors than parity
1967 			 * columns or, again, we wouldn't be in this code path.
1968 			 */
1969 			ASSERT(parity_untried == 0);
1970 			ASSERT(parity_errors < rm->rm_firstdatacol);
1971 
1972 			/*
1973 			 * Identify the data columns that reported an error.
1974 			 */
1975 			n = 0;
1976 			for (c = rm->rm_firstdatacol; c < rm->rm_cols; c++) {
1977 				rc = &rm->rm_col[c];
1978 				if (rc->rc_error != 0) {
1979 					ASSERT(n < VDEV_RAIDZ_MAXPARITY);
1980 					tgts[n++] = c;
1981 				}
1982 			}
1983 
1984 			ASSERT(rm->rm_firstdatacol >= n);
1985 
1986 			code = vdev_raidz_reconstruct(rm, tgts, n);
1987 
1988 			if (raidz_checksum_verify(zio) == 0) {
1989 				atomic_inc_64(&raidz_corrected[code]);
1990 
1991 				/*
1992 				 * If we read more parity disks than were used
1993 				 * for reconstruction, confirm that the other
1994 				 * parity disks produced correct data. This
1995 				 * routine is suboptimal in that it regenerates
1996 				 * the parity that we already used in addition
1997 				 * to the parity that we're attempting to
1998 				 * verify, but this should be a relatively
1999 				 * uncommon case, and can be optimized if it
2000 				 * becomes a problem. Note that we regenerate
2001 				 * parity when resilvering so we can write it
2002 				 * out to failed devices later.
2003 				 */
2004 				if (parity_errors < rm->rm_firstdatacol - n ||
2005 				    (zio->io_flags & ZIO_FLAG_RESILVER)) {
2006 					n = raidz_parity_verify(zio, rm);
2007 					unexpected_errors += n;
2008 					ASSERT(parity_errors + n <=
2009 					    rm->rm_firstdatacol);
2010 				}
2011 
2012 				goto done;
2013 			}
2014 		}
2015 	}
2016 
2017 	/*
2018 	 * This isn't a typical situation -- either we got a read error or
2019 	 * a child silently returned bad data. Read every block so we can
2020 	 * try again with as much data and parity as we can track down. If
2021 	 * we've already been through once before, all children will be marked
2022 	 * as tried so we'll proceed to combinatorial reconstruction.
2023 	 */
2024 	unexpected_errors = 1;
2025 	rm->rm_missingdata = 0;
2026 	rm->rm_missingparity = 0;
2027 
2028 	for (c = 0; c < rm->rm_cols; c++) {
2029 		if (rm->rm_col[c].rc_tried)
2030 			continue;
2031 
2032 		zio_vdev_io_redone(zio);
2033 		do {
2034 			rc = &rm->rm_col[c];
2035 			if (rc->rc_tried)
2036 				continue;
2037 			zio_nowait(zio_vdev_child_io(zio, NULL,
2038 			    vd->vdev_child[rc->rc_devidx],
2039 			    rc->rc_offset, rc->rc_data, rc->rc_size,
2040 			    zio->io_type, zio->io_priority, 0,
2041 			    vdev_raidz_child_done, rc));
2042 		} while (++c < rm->rm_cols);
2043 
2044 		return;
2045 	}
2046 
2047 	/*
2048 	 * At this point we've attempted to reconstruct the data given the
2049 	 * errors we detected, and we've attempted to read all columns. There
2050 	 * must, therefore, be one or more additional problems -- silent errors
2051 	 * resulting in invalid data rather than explicit I/O errors resulting
2052 	 * in absent data. We check if there is enough additional data to
2053 	 * possibly reconstruct the data and then perform combinatorial
2054 	 * reconstruction over all possible combinations. If that fails,
2055 	 * we're cooked.
2056 	 */
2057 	if (total_errors > rm->rm_firstdatacol) {
2058 		zio->io_error = vdev_raidz_worst_error(rm);
2059 
2060 	} else if (total_errors < rm->rm_firstdatacol &&
2061 	    (code = vdev_raidz_combrec(zio, total_errors, data_errors)) != 0) {
2062 		/*
2063 		 * If we didn't use all the available parity for the
2064 		 * combinatorial reconstruction, verify that the remaining
2065 		 * parity is correct.
2066 		 */
2067 		if (code != (1 << rm->rm_firstdatacol) - 1)
2068 			(void) raidz_parity_verify(zio, rm);
2069 	} else {
2070 		/*
2071 		 * We're here because either:
2072 		 *
2073 		 *	total_errors == rm_first_datacol, or
2074 		 *	vdev_raidz_combrec() failed
2075 		 *
2076 		 * In either case, there is enough bad data to prevent
2077 		 * reconstruction.
2078 		 *
2079 		 * Start checksum ereports for all children which haven't
2080 		 * failed, and the IO wasn't speculative.
2081 		 */
2082 		zio->io_error = ECKSUM;
2083 
2084 		if (!(zio->io_flags & ZIO_FLAG_SPECULATIVE)) {
2085 			for (c = 0; c < rm->rm_cols; c++) {
2086 				rc = &rm->rm_col[c];
2087 				if (rc->rc_error == 0) {
2088 					zio_bad_cksum_t zbc;
2089 					zbc.zbc_has_cksum = 0;
2090 					zbc.zbc_injected =
2091 					    rm->rm_ecksuminjected;
2092 
2093 					zfs_ereport_start_checksum(
2094 					    zio->io_spa,
2095 					    vd->vdev_child[rc->rc_devidx],
2096 					    zio, rc->rc_offset, rc->rc_size,
2097 					    (void *)(uintptr_t)c, &zbc);
2098 				}
2099 			}
2100 		}
2101 	}
2102 
2103 done:
2104 	zio_checksum_verified(zio);
2105 
2106 	if (zio->io_error == 0 && spa_writeable(zio->io_spa) &&
2107 	    (unexpected_errors || (zio->io_flags & ZIO_FLAG_RESILVER))) {
2108 		/*
2109 		 * Use the good data we have in hand to repair damaged children.
2110 		 */
2111 		for (c = 0; c < rm->rm_cols; c++) {
2112 			rc = &rm->rm_col[c];
2113 			cvd = vd->vdev_child[rc->rc_devidx];
2114 
2115 			if (rc->rc_error == 0)
2116 				continue;
2117 
2118 			zio_nowait(zio_vdev_child_io(zio, NULL, cvd,
2119 			    rc->rc_offset, rc->rc_data, rc->rc_size,
2120 			    ZIO_TYPE_WRITE, zio->io_priority,
2121 			    ZIO_FLAG_IO_REPAIR | (unexpected_errors ?
2122 			    ZIO_FLAG_SELF_HEAL : 0), NULL, NULL));
2123 		}
2124 	}
2125 }
2126 
2127 static void
2128 vdev_raidz_state_change(vdev_t *vd, int faulted, int degraded)
2129 {
2130 	if (faulted > vd->vdev_nparity)
2131 		vdev_set_state(vd, B_FALSE, VDEV_STATE_CANT_OPEN,
2132 		    VDEV_AUX_NO_REPLICAS);
2133 	else if (degraded + faulted != 0)
2134 		vdev_set_state(vd, B_FALSE, VDEV_STATE_DEGRADED, VDEV_AUX_NONE);
2135 	else
2136 		vdev_set_state(vd, B_FALSE, VDEV_STATE_HEALTHY, VDEV_AUX_NONE);
2137 }
2138 
2139 vdev_ops_t vdev_raidz_ops = {
2140 	vdev_raidz_open,
2141 	vdev_raidz_close,
2142 	vdev_raidz_asize,
2143 	vdev_raidz_io_start,
2144 	vdev_raidz_io_done,
2145 	vdev_raidz_state_change,
2146 	NULL,
2147 	NULL,
2148 	VDEV_TYPE_RAIDZ,	/* name of this vdev type */
2149 	B_FALSE			/* not a leaf vdev */
2150 };
2151