JP2006268502A - Array controller, media error restoring method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent the generation of restoration failure by preliminarily or as quickly as possible solving any media error existing in a normal disk drive. <P>SOLUTION: In an array controller 20, an HDD failure predicting part 24 predicts the failure of each of HDDs 11-0 to 11-2 configuring a logical disk 10. When the failure of any of the HDDs 11-0 to 11-2 is predicted, an HDD health confirming part 25 performs health confirmation processing for confirming the presence/absence of any media error by inspecting the contents of any HDD other than the HDD whose failure has been predicted among the HDDs 11-0 to 11-2. When any media error has been detected by the HDD health confirming part 25, a medial error restoring part 26 restores the deficiency of the data of the place where the media error has been generated by using the data or redundant data of all the HDDs excluding the HDD where the media error has been generated among the HDDs 11-0 to 11-2. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an array controller that controls a redundant disk array composed of a plurality of disk drives, and more particularly to an array controller, a media error repair method, and a media controller that are suitable for quickly eliminating a media error in a disk drive. To provide a program.

  As a technology to improve data reliability by having redundant data, a redundant disk array (redundant disk array) configured using multiple disk drives (HDD), that is, RAID (Redundant Array of Inexpensive Disks) Or Redundant Array of Independent Disks). Several levels (RAID levels) are defined for RAID, and RAID 1 (mirroring), RAID 5 (striping with parity), and the like are known. Both are technologies that enable data to be restored even if one of the HDDs fails by arranging data and redundant data in a redundant disk array composed of a plurality of HDDs.

  A device composed of a disk array and an array controller that controls the disk array is called a disk array device. A disk array is recognized as one logical disk (logical unit) having one storage area from a host (host computer) that uses the disk array device as an external storage device. For this reason, the disk array is sometimes called a logical disk (logical unit).

In a disk array device, when one of a plurality of HDDs constituting a disk array (logical disk) fails, it is common to replace the failed HDD (failed HDD) with another normal HDD (spare HDD). (For example, see Patent Document 1). The array controller restores the data of the failed HDD by using the data redundancy in the disk array based on the data of the HDD excluding the failed HDD among the plurality of HDDs constituting the disk array. The restored data is stored in the replaced HDD. In this way, the data of the failed HDD is restored to the replaced HDD. Then, the disk array device can continue the operation as before the occurrence of the HDD failure.
JP-A-8-190460 (paragraphs 0020 to 0027)

  As described above, in the prior art, when any of a plurality of HDDs constituting a disk array fails, the data of the failed HDD (failed HDD) can be restored from the data of the remaining HDDs.

  However, a media error may exist in any of a plurality of HDDs constituting the disk array other than the failed HDD. A media error refers to an error in which data cannot be read or written due to a disk medium (disk medium) of the HDD. If a media error exists, there is a possibility that data or redundant data necessary for restoring the data of the failed HDD cannot be read from the HDD in which the media error exists. In such a case, it becomes impossible to restore the data of the failed HDD corresponding to the area where the media error exists.

For example, consider a case where HDD # 1 fails in a RAID1 level logical disk composed of HDDs # 1 and # 2. In this case, the failed HDD # 1 is replaced with a new HDD # 3. In this state, the array controller restores the data by reading data from the normal HDD # 2 and writing the read data to the new HDD # 3. However, if a media error occurs in the HDD # 2 by reading data from the HDD # 2, the data in that portion cannot be read, and the data cannot be written to the HDD # 3. As a result, the data stored in the portion where the media error has occurred is lost, and the restoration fails.
As described above, in the conventional technology, when restoring data of a failed HDD (disk drive), there is a case where the restoration fails due to a media error of a normal HDD (disk drive).

  The present invention has been made in consideration of the above circumstances, and an object of the present invention is to provide an array controller and a medium capable of preventing the occurrence of restoration failure by eliminating a media error existing in a normal disk drive in advance or as quickly as possible. An object of the present invention is to provide an error repair method and program.

  According to one aspect of the present invention, by controlling access to a plurality of disk drives constituting a logical disk, data requested from a host and redundant data of the data are distributed to the plurality of disk drives. An array controller for placement is provided. The array controller includes a disk drive failure prediction means for predicting a failure of each of a plurality of disk drives constituting the logical disk, and a failure is detected by the disk drive failure prediction means among the plurality of disk drives constituting the logical disk. A soundness check means for executing a soundness check process to check the contents of all disk drives except the predicted disk drive to check for the presence of a media error, and this soundness check means detects a media error. In such a case, the media error has occurred using data or redundant data of all the disk drives except for the disk drive in which the media error has occurred among the plurality of disk drives constituting the logical disk. To repair missing data Composed of the Aera repair means.

  In such a configuration, when the disk drive failure predicting means predicts that any of the plurality of disk drives constituting the logical disk will fail in the near future, the failure is predicted among the plurality of disk drives. The contents of all the disk drives other than the selected disk drive are inspected by the soundness confirmation means. If a media error that prevents data from being read correctly is detected during this check, all the disk drives (that is, the failure) of the plurality of disk drives constituting the logical disk except the disk drive in which the media error has occurred are detected. The data loss at the location where the media error has occurred is repaired using the data or the redundant data of the disk drive including the predicted disk drive).

  As described above, in the above configuration, a disk drive that may fail in the near future is predicted from among a plurality of disk drives that make up a logical disk, and the disk drive that is likely to fail actually fails. That is, while the data or redundant data of the disk drive that might fail may be read normally and the redundancy of the logical disk is maintained, the other disk drives that make up the logical disk A location where a media error has occurred is repaired using the data or redundant data of the disk drive that may possibly fail. As a result, even if the disk drive that may fail is actually failed, the data of the failed disk drive is restored using the data or redundant data of the remaining disk drives that make up the logical disk. it can.

  Here, after completion of the soundness confirmation processing by the soundness confirmation means, data copy means for executing data copy processing for copying the data of the disk drive in which the failure is predicted to a spare disk drive, and the data After completion of data copy processing by the copy means, a logical disk restoration means is added to replace the disk drive in which the failure is predicted with the spare disk drive and to disconnect the disk drive in which the failure is predicted from the logical disk. good. This makes it possible to reliably replace the disk drive with a spare disk drive before a disk drive that may fail in the near future actually fails. In addition, even if a disk drive that was expected to fail during the data copy process by the data copy means actually fails, the data integrity of the other disk drives that make up the logical disk has already been confirmed. As a result, data can be copied to the spare disk more safely.

  Further, instead of the data copy means, a data copy means for executing the data copy processing in a direction opposite to the direction of the address in which the soundness confirmation processing proceeds by the soundness confirmation means is used. It is preferable that the soundness confirmation processing is terminated when the soundness confirmation processing is executed up to the address corresponding to the area where the data copy processing has been completed. In this case, it is not necessary to start the data copying process by the data copying unit after the completion of the sounding checking process by the sounding checking unit. Therefore, the data copy is performed after detecting a disk drive that may fail. The time until the data copy processing by the means is completed can be shortened, and the soundness confirmation processing by the soundness confirmation means can be efficiently performed without waste. This effect is the highest when the data copy process by the data copy means is started at the start of the soundness confirmation process by the soundness confirmation means.

  According to the present invention, before a disk drive that has a possibility of failure actually breaks down, a location where a media error has occurred in another disk drive that constitutes the logical disk is identified as a disk that has the possibility of failure. By using drive data or redundant data for repair, even if the disk drive that may fail is actually failed, the remaining disk drive data or redundant data that make up the logical disk is used. Thus, the data of the failed disk drive can be restored, and the inability to restore data due to a media error can be avoided.

Embodiments of the present invention will be described below with reference to the drawings.
FIG. 1 is a block diagram showing a configuration of a disk array device according to an embodiment of the present invention. The disk array device of FIG. 1 is mainly composed of a logical disk (disk array) 10 and a controller (array controller) that controls the logical disk 10. The logical disk 10 holds a plurality of disk drives, for example, three magnetic disk drives (HDDs) 11-0 (# 0) to 11-2 (in order to hold redundant data necessary for improving the reliability of the disk 10. # 2). That is, the logical disk 10 is a logical unit having redundancy. RAID1, RAID10, RAID3, RAID5, etc. are known as this redundancy level. Here, it is assumed that the logical disk 10 is a disk array to which RAID 5 is applied. In RAID 5, data is distributed and written to a plurality of HDDs, and parity data of the data is written as redundant data to another HDD. In RAID5, the HDD to which redundant data (parity data) is written is not fixed. Therefore, if the logical disk 10 applies RAID 5, the HDDs 11-0 to 11-2 constituting the logical disk 10 are all used for storing data and redundant data (parity data). (Parity data) is distributed and stored in the HDDs 11-0 to 11-2.

  The disk array apparatus of FIG. 1 further has a spare HDD (SHDD) 11-3 (SHDD) 11-3 (used in place of the failed HDD when any of the HDDs 11-0 to 11-2 constituting the logical disk 10 fails. # 3). The HDD group including the HDDs 11-3, that is, the HDDs 11-0 to 11-3 are connected to the array controller 20 through, for example, a SCSI interface.

  The array controller 20 includes a configuration management unit 21, an access control unit 22, a logical disk restoration unit 23, an HDD failure prediction unit 24, an HDD soundness confirmation unit 25, a media error restoration unit 26, and a data copy unit 27. And have.

  The configuration management unit 21 mainly manages the configuration of the logical disk 10. The access control unit 22 controls access to the logical disk 10 in response to a read / write request from a host (host computer) that uses the disk array device of FIG. 1 as an external storage device. Here, the access control unit 22 converts a read / write request from the host into a read / write request for each HDD that actually reads / writes data, and the converted read / write request corresponds to the corresponding HDD. To issue. For example, in the case of a data D write request from the host, the access control unit 22 divides the data D into data D1 and D2. For example, for the HDD 11-0, the data D1 write request is sent to the HDD 11-1. Then, a write request for data D2 and a write request for exclusive data (parity data) of data D1 and D2, that is, redundant data of data D1 and D2, are issued to HDD 11-2. When any of the HDD groups (HDDs 11-0 to 11-2) constituting the logical disk 10 fails, the logical disk restoration unit 23 replaces the failed HDD (failed HDD) with a spare HDD (SHDD) 11−. Substitute with 4. At this time, the logical disk restoration unit 23 restores the failed HDD data from the normal HDD data in the logical disk 10 and stores it in the HD 11-4. Each function of the configuration management unit 21, the access control unit 22, and the logical disk restoration unit 23 is a well-known function that the array controller 20 generally has.

  The HDD failure prediction unit 24 predicts a failure of the HDDs 11-0 to 11-2 constituting the logical disk 10. This failure prediction method will be described later. The HDD soundness confirmation unit 25 inspects the contents of all HDDs other than the HDDs for which a failure is predicted by the HDD failure prediction unit 24 among the HDDs 11-0 to 11-2 constituting the logical disk 10 to check for media errors. The HDD soundness confirmation process for detecting presence / absence is executed, for example, in units of data blocks of a certain size (here, 64 KB data blocks). When the HDD soundness confirmation unit 25 detects a data block in which a media error has occurred in the soundness confirmation, the HDD error confirmation unit 25 causes the media error repair unit 26 to repair the data block. The data copy unit 27 copies the HDD data for which the failure has been predicted by the HDD failure prediction unit 24 to the spare HDD 11-3, for example, in units of data blocks of a certain size (here, 64 KB data blocks).

  Next, the operation of the array controller 20 in the disk array apparatus of FIG. 1 will be described in order of (1) prediction of failed HDD, (2) processing based on prediction of failed HDD, and (3) HDD soundness confirmation processing. .

(1) Prediction of failed HDD First, prediction (prediction) of failure of the HDD 11-i (i = 0, 1, 2) constituting the logical disk 10 by the HDD failure prediction unit 24 of the array controller 20 will be described.

  Many HDDs in recent years have a function called SMART (Self-Monitoring, Analysis and Reporting Technology). This SMART function is a function for monitoring and analyzing the state related to the deterioration of reliability of the HDD, for example, and reporting the result to the host. It is assumed that the HDD 11-i also has this SMART function, and the HDD failure prediction unit 24 has a function of predicting a failure of the HDD 11-i itself, that is, the failure of the HDD 11-i itself of the HDD 11-i. By using this, a failure of the HDD 11-i can be easily predicted.

As an event related to the risk of failure of the HDD 11-i,
a) When an error occurs in the request from the access controller 22 of the array controller 20 to the HDD 11-i and an error retry occurs in the array controller 20
b) An error that can be recovered by a request to the HDD 11-i (an error recovered by the error recovery function of the HDD 11-i) may occur.

  Obviously, when there is a risk that the HDD 11-i will break down in the near future, the number of occurrences of the event a) or b) in the request to the HDD 11-i increases. Therefore, the HDD failure prediction unit 24 counts the number of times the event a) or b) occurs in the request to the HDD 11-i, and the event occurs beyond a predetermined number of times within a predetermined time. In such a case, a failure of the HDD 11-i is predicted. Note that when the event a) or b) occurs more than a predetermined number of times, a failure of the HDD 11-i may be predicted.

(2) Processing based on the prediction of the failed HDD,
Next, processing when the HDD failure prediction unit 24 predicts a failure of the HDD 11-i will be described with reference to the flowchart of FIG. 2.

  Now, it is assumed that the HDD failure prediction unit 24 has predicted (predicted) a failure of any one of the HDDs 11-0 to 11-2, for example, the HDD 11-0. In this case, the HDD failure predicting unit 24 notifies the HDD soundness confirmation unit 25 and the data copy unit 27 that the HDD 11-0 has been predicted to fail, and the HDD soundness confirmation unit 25 and the data copy unit 27 are notified respectively. Start (steps S1, S2).

  Then, the HDD soundness confirmation unit 25 executes HDD soundness confirmation processing, and the HDD failure prediction unit 24 predicts a failure among the HDDs 11-0 to 11-2 configuring the logical disk 10 at that time. The soundness of the disk medium (media) mounted on all HDDs except the HDD 11-0 (that is, the HDDs 11-1 and 11-2) is confirmed. When the HDD soundness confirmation unit 25 detects a location where a media error has occurred in this HDD soundness confirmation processing, the media error repairing unit 26 repairs the data at that location. For this repair, of all HDDs 11-0 to 11-2 constituting the logical disk 10 except the HDD in which the media error has occurred (that is, the HDD including the HDD 11-0 in which a failure is predicted). Data or redundant data is used.

  The operations of the HDD soundness confirmation unit 25 and the media error repair unit 26 are that there is a possibility that the HDD 11-0 may really break down in the near future because the HDD failure prediction unit 24 has predicted the failure of the HDD 11-0. Is taken into consideration. In other words, before the HDD 11-0 actually fails and the media of the HDD 11-0 cannot be accessed, the media error of the other HDDs 11-1 and 11-2 that are not predicted to fail is detected, and the media error The data at the location is restored using the data or redundant data of all HDDs of the HDDs 11-0 to 11-2 constituting the logical disk 10 except the HDD in which the media error has occurred.

  If the HDD 11-0 that is predicted to fail really fails in the near future, it becomes impossible to repair the media error portion of the HDDs 11-1 and 11-2 as described above. On the other hand, in this embodiment, when a failure of the HDD 11-0 is predicted, the media error portion of the other HDDs 11-1 and 11-2 where the failure is not predicted is repaired. -0 (that is, HDD 11-0 that has not yet failed at this stage) or redundant data can be used.

  On the other hand, the data copy unit 27 executes a data copy process for copying the data of the HDD 11-0, for which the failure has been predicted by the HDD failure prediction unit 24, to the spare HDD 11-3 in units of data blocks of a certain size. . In this data copy processing, if there is a location where data cannot be read from the HDD 11-0 (that is, a location where a media error has occurred), the data copy unit 27 sends the other HDD 11-1 that constitutes the logical disk 10 and The data to be read from the HDD 11-0 is restored using the data 11-2 and copied to the HDD 11-3. This indicates that the data block that has been subjected to data copy is a block that has been confirmed to be sound enough to maintain data redundancy. Even if the HDD 11-0 for which a failure is predicted is actually failed during the data copy processing period by the data copy unit 27, the data copy unit 27 is also connected to other HDDs 11- constituting the logical disk 10 in the same manner as described above. The data to be read from the HDD 11-0 is restored using the data of 1 and 11-2 and copied to the HDD 11-3. When data or redundant data is written in the HDD 11-0 as a result of a data write request from the host during the data copy period by the data copy unit 27, the access control unit 22 also stores the same data or redundant data in the HDD 11-3. Write data.

  Here, the data copy process by the data copy unit 27 and the HDD soundness confirmation process by the HDD soundness confirmation unit 25 are represented in the direction from the address 0 to the maximum address of the HDD11-j when the processing target HDD is represented by the HDD11-j. May be executed in the direction from the maximum address to address 0. However, in this embodiment, in order to improve processing efficiency, the direction of processing by the data copy unit 27 and the direction of processing by the HDD soundness confirmation unit 25 are opposite. Here, the process by the HDD soundness confirmation unit 25 (HDD soundness confirmation process) is executed in the direction from the maximum address of the HDD 11-j to the address 0 as indicated by an arrow 31 in FIG. On the other hand, the process (data copy process) by the data copy unit 27 is executed in the direction from the address 0 to the maximum address of the HDD 11-j as indicated by an arrow 32 in FIG. The effect of this difference in processing direction will be described later. In this embodiment, the HDDs 11-j to be processed by the data copy unit 27 are the HDDs 11-0 and 11-3, and the HDDs 11-j to be processed by the HDD soundness confirmation unit 25 are the HDDs 11-1. And 11-2, the two HDDs 11-j are different. However, in FIG. 3, it is represented by one HDD 11-j for convenience.

  Now, when the HDD failure prediction unit 24 starts up the HDD soundness confirmation unit 25 and the data copy unit 27, the HDD failure prediction unit 24 waits for completion of the data copy processing by the data copy unit 27 (step S3). If the data copy process by the data copy unit 27 is completed, the HDD failure prediction unit 24 activates the logical disk restoration unit 23 (step S4). Then, the logical disk restoration unit 23 substitutes the spare HDD 11-3 for the HDD 11-0 for which the failure is predicted by the HDD failure prediction unit 24, and disconnects the HDD 11-0 from the logical disk 10. At this time, the data in the HDD 11-0 is copied to the spare HDD 11-3 by the data copy processing by the data copy unit 27 in step S2. Therefore, unlike the case where the HDD 11-0 is replaced with a spare HDD 11-3 because the HDD 11-0 has actually failed, the logical disk restoration unit 23 transfers the data of the HDD 11-0 to the other HDDs 11-1 and 11-12 of the logical disk 10. There is no need to perform a restoration process using the data of 11-2 or redundant data. When the HDD 11-0 in the logical disk 10 is replaced with the spare HDD 11-3 and the HDD 11-1 is disconnected from the HDD 11-0, the configuration management unit 21 updates the configuration management information of the logical disk 10.

(3) HDD soundness confirmation processing Next, details of the HDD soundness confirmation processing by the HDD soundness confirmation unit 25 will be described with reference to the flowchart of FIG.

  The HDD soundness confirmation unit 25 starts from the address (logical block address) that designates the data block (logical block) that is to be soundness-checked, and the entire area of the HDD 11-j (here, the HDDs 11-1 and 11-2). Is scanned (ie, the soundness is confirmed) (step S11). If there remains an area to be scanned (confirming the soundness), the HDD soundness confirmation unit 25 changes the address to be the object of the soundness confirmation from the HDD 11-0 where the failure is predicted to the spare HDD 11. It is determined whether it is included in the area where the data copy to -3 has been completed (step S12).

  If the address to be subjected to the soundness check is not included in the area where the data copy from the HDD 11-0 to the spare HDD 11-3 has been completed, the HDD soundness check unit 25 performs the address check. For example, a read command is issued to the HDDs 11-1 and 11-2 for checking the area (data block) designated by the HDD 11-1 and confirming the soundness of the area (step S13). The HDD soundness confirmation unit 25 determines whether a media error has occurred in the HDD 11-1 or 11-2 based on the responses from the HDDs 11-1 and 11-2 to the read command (step S14). If no media error has occurred, the HDD soundness confirmation unit 25 updates the address to be soundness-checked so as to designate the next data block, and returns to step S11.

  On the other hand, if a media error has occurred in the HDD 11-1 or HDD 11-2, the HDD soundness confirmation unit 25 uses the media error repair unit 26 to repair the location (data block) where the media error has occurred. (Step S15). Assuming that a media error has occurred in the HDD 11-2, the media error occurrence location is repaired by data or redundant data in the HDDs 11-0 and 11-1 corresponding to the media error occurrence location (data block). Thus, the data at the location where the media error has occurred is restored, and the restored data is written into the data block (address) where the media error has occurred. If the HDD 11-0 has actually failed, the media error in the HDD 11-2 cannot be repaired, and therefore the data of the HDD 11-0 cannot be restored from the HDDs 11-1 and 11-2. In some cases, the media error repair unit 26 performs repair, and substitute processing is performed inside the HDD 11-2. In this case, the physical location where the restored data is written is different from the physical location where the media error occurred. However, the physical location of the alternative destination is linked at the address where the media error has occurred, and is correctly accessed at that address.

  When the media error occurrence part is repaired by the media error repair unit 26, the HDD soundness confirmation unit 25 updates the address to be subjected to soundness confirmation so as to designate the next data block, and returns to step S11.

  As described above, among the HDDs 11-0 to 11-2 configuring the logical disk 10, all the HDDs 11-j (HDDs 11-1 and 11-2) except the HDD 11-0 in which a failure is predicted are targeted. As a result of the progress of the soundness confirmation process, it is assumed that the next address to be the object of soundness confirmation is Ac shown in FIG. At this time, it is assumed that the data copy processing from the HDD 11-0 to the spare HDD 11-3 by the data copy unit 27 is completed from the address 0 to the address Ac. That is, the address to be checked next has reached the data copy completion area to the spare HDD 11-3. In more detail, the HDD 11-j (HDD11- It is assumed that the areas 1 and 11-2) have been reached.

  Even if the HDD soundness confirmation unit 25 does not complete (scan) the soundness of all areas of the HDD 11-j (HDDs 11-1 and 11-2) (step S11), the HDD soundness confirmation unit 25 next performs the soundness confirmation target. If the address to be reached has reached the data copy completion area (step S12), the soundness confirmation process is terminated. The reason for this is that, as already described, the HDD 11-1 or 11-2 area corresponding to the data copy completion area (address 0 to Ac) of the HDD 11-3 includes a location where a media error occurs. This is because even if the location is not restored, the data at that location can be restored from the data of other HDDs including the HDD 11-3 constituting the new logical disk 10. The soundness confirmation process may be executed for all areas of the HDD 11-j (HDDs 11-1 and 11-2).

  In the above embodiment, the HDD health prediction unit 24 predicts the failure of the HDD 11-0 and the time until the data copy from the HDD 11-0 to the spare HDD 11-3 is completed can be shortened. The soundness confirmation processing by the property confirmation unit 25 and the copy processing by the data copy unit 27 are almost simultaneously performed, and the directions in which addresses are updated are reversed. However, the data of the HDD 11-0 in which the failure is predicted is copied to the spare HDD 11-3 before the HDD 11-0 actually fails, and the remaining HDDs 11-1 and 11 are used using the data of the HDD 11-0. From the viewpoint of repairing media errors of -2, it is not limited to this method. For example, the soundness confirmation processing by the HDD soundness confirmation unit 25 may be performed on all areas of the HDDs 11-1 and 11-2 first, and then the copy processing by the data copy unit 27 may be performed. If attention is paid only to the viewpoint of repairing the media error of the remaining HDDs 11-1 and 11-2 by using the data of the HDD 11-0 or redundant data, the copy process by the data copy unit 27 is not necessarily required. In this case, when the HDD 11-0 is replaced with the spare HDD 11-3, the logical disk restoration unit 23 restores the data of the HDD 11-0 with the data of the HDDs 11-1 and 11-2 and writes the data to the HDD 11-3. That's fine.

  Further, in the above embodiment, the data copy unit 27 copies the data of the HDD 11-0 to the spare HDD 11-3 as it is, except when the data cannot be read from the HDD 11-0 that is predicted to fail. However, among the HDDs 11-0 to 11-2 constituting the logical disk 10, the data of the HDD 11-0 is restored using the data of the remaining HDDs 11-1 and 11-2 or the redundant data, and the restored data May be copied to the HDD 11-3.

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Further, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment.

1 is a block diagram showing a configuration of a disk array device according to an embodiment of the present invention. 7 is a flowchart showing a processing procedure when a failure of the HDD 11-i is predicted by the HDD failure prediction unit 24. The figure which shows the direction of the address which each process of the HDD soundness confirmation process by the HDD soundness confirmation part 25 and the data copy process by the data copy part 27 advances, and the address where HDD soundness confirmation process is complete | finished. 6 is a flowchart showing a detailed procedure of HDD soundness confirmation processing by the HDD soundness confirmation unit 25;

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10 ... Logical disk, 11-0-11-2 ... HDD (magnetic disk drive), 11-3 ... Spare HDD (magnetic disk drive), 20 ... Array controller, 21 ... Configuration management part, 22 ... Access control part, 23 ... Logical disk restoration unit, 24 ... HDD failure prediction unit, 25 ... HDD soundness confirmation unit, 26 ... Media error restoration unit, 27 ... Data copy unit.

Claims (10)

In an array controller that distributes and arranges data requested by a host and redundant data of the data in the plurality of disk drives by controlling access to the plurality of disk drives constituting the logical disk,
Disk drive failure prediction means for predicting failure of each of the plurality of disk drives constituting the logical disk;
Soundness for checking the contents of all the disk drives except the disk drive for which the failure is predicted by the disk drive failure prediction means among the plurality of disk drives constituting the logical disk to confirm the presence or absence of a media error Soundness confirmation means for executing the confirmation process;
When a media error is detected by the soundness confirmation means, data or redundant data of all the disk drives except the disk drive in which the media error has occurred among the plurality of disk drives constituting the logical disk An array controller comprising: media error repairing means for repairing data loss at a location where the media error has occurred, using A data copy means for executing a data copy process for copying the data of the disk drive in which the failure is predicted to a spare disk drive after the completion of the soundness confirmation process by the soundness confirmation means;
After completion of the data copy processing by the data copy means, a logical disk restoring means for replacing the disk drive in which the failure is predicted by the spare disk drive and separating the disk drive in which the failure is predicted from the logical disk The array controller according to claim 1, further comprising:   The data copy means normally copies the data of the disk drive for which the failure is predicted to the spare disk drive, and when the data of the disk drive for which the failure is predicted cannot be read normally. The data is restored from the data or redundant data of all the disk drives except the disk drive where the failure is predicted among the plurality of disk drives constituting the logical disk, and the restored data is restored to the spare disk. 3. The array controller according to claim 2, wherein the array controller is copied to a drive.   The data copy means includes data of a disk drive in which the failure is predicted, data of all the disk drives other than the disk drive in which the failure is predicted among the plurality of disk drives constituting the logical disk, or redundant data. The array controller according to claim 2, wherein the restored data is copied to the spare disk drive. Data copy for executing a data copy process for copying the data of the disk drive in which the failure is predicted to a spare disk drive in a direction opposite to the direction of the address in which the soundness confirmation process proceeds by the soundness confirmation unit Means,
After completion of the data copy processing by the data copy means, a logical disk restoring means for replacing the disk drive in which the failure is predicted by the spare disk drive and separating the disk drive in which the failure is predicted from the logical disk And further comprising
The soundness confirmation means ends the soundness confirmation process at the stage where the soundness confirmation process has been executed up to an address corresponding to an area where the data copy process by the data copy means has been completed. The array controller according to claim 1.   6. The array controller according to claim 5, wherein the data copy means starts the data copy process at the start of the soundness confirmation process by the soundness confirmation means.   The disk drive failure predicting means monitors and analyzes the state related to deterioration in reliability of the disk drive, which the disk drive constituting the logical disk has as a standard, 2. The array controller according to claim 1, wherein a failure of each of the plurality of disk drives is predicted using a function of reporting the result to a device using the disk drive.   The disk drive failure predicting means counts the number of times an error retry or recoverable error has occurred in access to each of the plurality of disk drives constituting the logical disk, and sets the count value of each of the plurality of disk drives. 2. The array controller according to claim 1, wherein a failure of each of the plurality of disk drives is predicted based on the failure. Media error applied to an array controller that distributes data requested by a host and redundant data of the data distributed to the plurality of disk drives by controlling access to the plurality of disk drives constituting the logical disk A repair method,
Predicting a failure of each of the plurality of disk drives constituting the logical disk;
When a failure of any one of the plurality of disk drives is predicted, the contents of all the disk drives except the disk drive for which the failure is predicted among the plurality of disk drives constituting the logical disk Performing a soundness check process to check whether there is a media error and
When a media error is detected by the soundness confirmation processing, data or redundant data of all the disk drives except the disk drive in which the media error has occurred among the plurality of disk drives constituting the logical disk And a step of repairing data loss at a location where the media error occurs by using the media error repairing method. A program for causing an array controller that distributes and arranges data requested from a host and redundant data of the data to the plurality of disk drives by controlling access to the plurality of disk drives constituting the logical disk Because
In the array controller,
Predicting a failure of each of the plurality of disk drives constituting the logical disk;
When a failure of any one of the plurality of disk drives is predicted, the contents of all the disk drives except the disk drive for which the failure is predicted among the plurality of disk drives constituting the logical disk Performing a soundness check process to check whether there is a media error and
When a media error is detected by the soundness confirmation processing, data or redundant data of all the disk drives except the disk drive in which the media error has occurred among the plurality of disk drives constituting the logical disk And a program for executing the step of repairing data loss at a location where the media error has occurred.

Images