A particular disk array system which provides a high degree of availability of the disks thereof has recently been developed, which system is often referred to as a Redundant Array of Inexpensive Disks (RAID). A specific implementation thereof is often referred as a Level 5 array, i.e., a RAID-5 disk array, which implementation is described in the article, "A Case For Redundant Arrays of Inexpensive Disks (RAID), David A. Patterson et al., Dept. of Electrical Engineering and Computer Sciences, University of California, Berkeley, Calif. Such system uses an intelligent input/output (I/O) processor for accessing one or more disk modules of the array in response to the needs of a host computer, each disk module of the array being driven by disk drive circuitry operating via the I/O control processor in a manner that effectively appears to the host computer as a single disk drive. A disk module comprises, for example, a disk, disk driver circuitry, and power/control circuitry. Alternatively, in some implementations of such systems, an I/O processor need not be used and the host computer may communicate directly with the disk modules which form an array.
In a particular RAID-5 context, for example, which comprises an array of five disk modules, each disk has a plurality of "N" data storage sectors, corresponding sectors in each of the five disks being usually referred to as a "stripe" of sectors. With respect to any stripe, 80% of the sector regions in the stripe (i.e., in a 5 disk array effectively 4 out of 5 sectors) is used for user data and 20% thereof (i.e., effectively 1 out of 5 sectors) is used for redundant, or parity, data. The use of such redundancy allows for the reconstruction of user data in the event of a failure of a user data sector in the stripe.
When a user data disk module fails, the redundant or parity entry that is available in the parity sector of a stripe and the data in the non-failed user data sectors of the stripe can be used to permit the user data that was in the sector of the failed disk to be effectively reconstructed so that the system can remain operative using such reconstructed data even when the user data of that sector of the failed disk cannot be accessed. The system is then said to be operating in a "degraded" mode since extra processing operations and, accordingly, extra time is required to reconstruct the data in the failed disk sector when access thereto is required.
Certain kinds of failures, however, can occur in which the array is left in an incoherent or effectively unusable state, e.g., a situation can occur in which there is power failure, i.e., power to the I/O processor (IOP) fails or the I/O processor itself fails due to a hardware defect, or power to the disk drives themselves fails. A further problem can arise, for example, if a power failure results in the need to use a new IOP to replace a failed one and there is no way to identify where a write operation to a sector of the array was taking place after the new IOP has replaced the old IOP.
It is desirable to devise techniques for handling such power failure situations that cannot be handled by RAID-5 systems as currently designed and used.