1. 02 5月, 2019 1 次提交
  2. 30 4月, 2019 3 次提交
    • D
      xfs: add online scrub for superblock counters · 75efa57d
      Darrick J. Wong 提交于
      Teach online scrub how to check the filesystem summary counters.  We use
      the incore delalloc block counter along with the incore AG headers to
      compute expected values for fdblocks, icount, and ifree, and then check
      that the percpu counter is within a certain threshold of the expected
      value.  This is done to avoid having to freeze or otherwise lock the
      filesystem, which means that we're only checking that the counters are
      fairly close, not that they're exactly correct.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NDave Chinner <dchinner@redhat.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      75efa57d
    • C
      xfs: don't parse the mtpt mount option · 94079285
      Christoph Hellwig 提交于
      The text isn't really any more useful than the default unknown option
      handling.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      94079285
    • D
      xfs: always rejoin held resources during defer roll · 710d707d
      Darrick J. Wong 提交于
      During testing of xfs/141 on a V4 filesystem, I observed some
      inconsistent behavior with regards to resources that are held (i.e.
      remain locked) across a defer roll.  The transaction roll always gives
      the defer roll function a new transaction, even if committing the old
      transaction fails.  However, the defer roll function only rejoins the
      held resources if the transaction commit succeedied.  This means that
      callers of defer roll have to figure out whether the held resources are
      attached to the transaction being passed back.
      
      Worse yet, if the defer roll was part of a defer finish call, we have a
      third possibility: the defer finish could pass back a dirty transaction
      with dirty held resources and an error code.
      
      The only sane way to handle all of these scenarios is to require that
      the code that held the resource either cancel the transaction before
      unlocking and releasing the resources, or use functions that detach
      resources from a transaction properly (e.g.  xfs_trans_brelse) if they
      need to drop the reference before committing or cancelling the
      transaction.
      
      In order to make this so, change the defer roll code to join held
      resources to the new transaction unconditionally and fix all the bhold
      callers to release the held buffers correctly.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      710d707d
  3. 27 4月, 2019 6 次提交
  4. 23 4月, 2019 7 次提交
  5. 17 4月, 2019 8 次提交
    • D
      xfs: merge adjacent io completions of the same type · 3994fc48
      Darrick J. Wong 提交于
      It's possible for pagecache writeback to split up a large amount of work
      into smaller pieces for throttling purposes or to reduce the amount of
      time a writeback operation is pending.  Whatever the reason, XFS can end
      up with a bunch of IO completions that call for the same operation to be
      performed on a contiguous extent mapping.  Since mappings are extent
      based in XFS, we'd prefer to run fewer transactions when we can.
      
      When we're processing an ioend on the list of io completions, check to
      see if the next items on the list are both adjacent and of the same
      type.  If so, we can merge the completions to reduce transaction
      overhead.
      
      On fast storage this doesn't seem to make much of a difference in
      performance, though the number of transactions for an overnight xfstests
      run seems to drop by ~5%.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      3994fc48
    • D
      xfs: remove unused m_data_workqueue · 28408243
      Darrick J. Wong 提交于
      Now that we're no longer using m_data_workqueue, remove it.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      28408243
    • D
      xfs: implement per-inode writeback completion queues · cb357bf3
      Darrick J. Wong 提交于
      When scheduling writeback of dirty file data in the page cache, XFS uses
      IO completion workqueue items to ensure that filesystem metadata only
      updates after the write completes successfully.  This is essential for
      converting unwritten extents to real extents at the right time and
      performing COW remappings.
      
      Unfortunately, XFS queues each IO completion work item to an unbounded
      workqueue, which means that the kernel can spawn dozens of threads to
      try to handle the items quickly.  These threads need to take the ILOCK
      to update file metadata, which results in heavy ILOCK contention if a
      large number of the work items target a single file, which is
      inefficient.
      
      Worse yet, the writeback completion threads get stuck waiting for the
      ILOCK while holding transaction reservations, which can use up all
      available log reservation space.  When that happens, metadata updates to
      other parts of the filesystem grind to a halt, even if the filesystem
      could otherwise have handled it.
      
      Even worse, if one of the things grinding to a halt happens to be a
      thread in the middle of a defer-ops finish holding the same ILOCK and
      trying to obtain more log reservation having exhausted the permanent
      reservation, we now have an ABBA deadlock - writeback completion has a
      transaction reserved and wants the ILOCK, and someone else has the ILOCK
      and wants a transaction reservation.
      
      Therefore, we create a per-inode writeback io completion queue + work
      item.  When writeback finishes, it can add the ioend to the per-inode
      queue and let the single worker item process that queue.  This
      dramatically cuts down on the number of kworkers and ILOCK contention in
      the system, and seems to have eliminated an occasional deadlock I was
      seeing while running generic/476.
      
      Testing with a program that simulates a heavy random-write workload to a
      single file demonstrates that the number of kworkers drops from
      approximately 120 threads per file to 1, without dramatically changing
      write bandwidth or pagecache access latency.
      
      Note that we leave the xfs-conv workqueue's max_active alone because we
      still want to be able to run ioend processing for as many inodes as the
      system can handle.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      cb357bf3
    • D
      xfs: scrub should only cross-reference with healthy btrees · 4fb7951f
      Darrick J. Wong 提交于
      Skip cross-referencing with a btree if the health report tells us that
      it's known to be bad.  This should reduce the dmesg spew considerably.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NDave Chinner <dchinner@redhat.com>
      4fb7951f
    • D
      xfs: scrub/repair should update filesystem metadata health · 4860a05d
      Darrick J. Wong 提交于
      Now that we have the ability to track sick metadata in-core, make scrub
      and repair update those health assessments after doing work.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NDave Chinner <dchinner@redhat.com>
      4860a05d
    • D
      xfs: hoist the already_fixed variable to the scrub context · 160b5a78
      Darrick J. Wong 提交于
      Now that we no longer memset the scrub context, we can move the
      already_fixed variable into the scrub context's state flags instead of
      passing around pointers to separate stack variables.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NDave Chinner <dchinner@redhat.com>
      160b5a78
    • D
      xfs: collapse scrub bool state flags into a single unsigned int · f8c2a225
      Darrick J. Wong 提交于
      Combine all the boolean state flags in struct xfs_scrub into a single
      unsigned int, because we're going to be adding more state flags soon.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NDave Chinner <dchinner@redhat.com>
      f8c2a225
    • D
      xfs: refactor scrub context initialization · 9d71e155
      Darrick J. Wong 提交于
      It's a little silly how the memset in scrub context initialization
      forces us to declare stack variables to preserve context variables
      across a retry.  Since the teardown functions already null out most of
      the ephemeral state (buffer pointers, btree cursors, etc.), just skip
      the memset and move the initialization as needed.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NDave Chinner <dchinner@redhat.com>
      9d71e155
  6. 15 4月, 2019 15 次提交
    • D
      xfs: report inode health via bulkstat · 89d139d5
      Darrick J. Wong 提交于
      Use space in the bulkstat ioctl structure to report any problems
      observed with the inode.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      89d139d5
    • D
      xfs: report AG health via AG geometry ioctl · 1302c6a2
      Darrick J. Wong 提交于
      Use the AG geometry info ioctl to report health status too.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      1302c6a2
    • D
      xfs: report fs and rt health via geometry structure · c23232d4
      Darrick J. Wong 提交于
      Use our newly expanded geometry structure to report the overall fs and
      realtime health status.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      c23232d4
    • D
      xfs: add a new ioctl to describe allocation group geometry · 7cd5006b
      Darrick J. Wong 提交于
      Add a new ioctl to describe an allocation group's geometry.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      7cd5006b
    • D
      xfs: bump XFS_IOC_FSGEOMETRY to v5 structures · 1b6d968d
      Dave Chinner 提交于
      Unfortunately, the V4 XFS_IOC_FSGEOMETRY structure is out of space so we
      can't just add a new field to it. Hence we need to bump the definition
      to V5 and and treat the V4 ioctl and structure similar to v1 to v3.
      
      While doing this, clean up all the definitions associated with the
      XFS_IOC_FSGEOMETRY ioctl.
      Signed-Off-By: NDave Chinner <dchinner@redhat.com>
      Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
      [darrick: forward port to 5.1, expand structure size to 256 bytes]
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      1b6d968d
    • D
      xfs: clear BAD_SUMMARY if unmounting an unhealthy filesystem · 519841c2
      Darrick J. Wong 提交于
      If we know the filesystem metadata isn't healthy during unmount, we want
      to encourage the administrator to run xfs_repair right away.  We can't
      do this if BAD_SUMMARY will cause an unclean log unmount to force
      summary recalculation, so turn it off if the fs is bad.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      519841c2
    • D
      xfs: replace the BAD_SUMMARY mount flag with the equivalent health code · 39353ff6
      Darrick J. Wong 提交于
      Replace the BAD_SUMMARY mount flag with calls to the equivalent health
      tracking code.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      39353ff6
    • D
      xfs: track metadata health status · 6772c1f1
      Darrick J. Wong 提交于
      Add the necessary in-core metadata fields to keep track of which parts
      of the filesystem have been observed and which parts were observed to be
      unhealthy, and print a warning at unmount time if we have unfixed
      problems.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NBrian Foster <bfoster@redhat.com>
      6772c1f1
    • W
      xfs,fstrim: fix to return correct minlen · 2bf9d264
      Wang Shilong 提交于
      This patch tries to address two problems:
      
      1) return @minlen we used to trim to
      user space.
      
      2) return EINVAL if granularity is larger than
      avg size, even most of cases, granularity is small(4K),
      but if devices return a lager granularity for some reaons
      (testing, bugs etc), fstrim should return failure directly.
      Signed-off-by: NWang Shilong <wshilong@ddn.com>
      Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      2bf9d264
    • B
      xfs: don't account extra agfl blocks as available · 1ca89fbc
      Brian Foster 提交于
      The block allocation AG selection code has parameters that allow a
      caller to perform multiple allocations from a single AG and
      transaction (under certain conditions). The parameters specify the
      total block allocation count required by the transaction and the AG
      selection code selects and locks an AG that will be able to satisfy
      the overall requirement. If the available block accounting
      calculation turns out to be inaccurate and a subsequent allocation
      call fails with -ENOSPC, the resulting transaction cancel leads to
      filesystem shutdown because the transaction is dirty.
      
      This exact problem can be reproduced with a highly parallel space
      consumer and fsstress workload running long enough to a large
      filesystem against -ENOSPC conditions. A bmbt block allocation
      request made for inode extent to bmap format conversion after an
      extent allocation is expected to be satisfied by the same AG and the
      same transaction as the extent allocation. The bmbt block allocation
      fails, however, because the block availability of the AG has changed
      since the AG was selected (outside of the blocks used for the extent
      itself).
      
      The inconsistent block availability calculation is caused by the
      deferred block freeing behavior of the AGFL. This immediately
      removes extra blocks from the AGFL to free up AGFL slots, but rather
      than immediately freeing such blocks as was done in the past, the
      block free is deferred such that said blocks are not available for
      allocation until the current transaction commits. The AG selection
      logic currently considers all AGFL blocks as available and executes
      shortly before any extra AGFL blocks are freed. This means the block
      availability of the current AG can change before the first
      allocation even occurs, but in practice a failure is more likely to
      manifest via a subsequent allocation because extent allocation
      usually has a contiguity requirement larger than a single block that
      can't be satisfied from the AGFL.
      
      In general, XFS prefers operational robustness to absolute
      allocation efficiency. In other words, we prefer to return -ENOSPC
      slightly earlier at the expense of not being able to allocate every
      last block in an AG to avoid this kind of problem. As such, update
      the AG block availability calculation to consider extra AGFL blocks
      as unavailable since they are immediately removed following the
      calculation and will not become available until the current
      transaction commits.
      Signed-off-by: NBrian Foster <bfoster@redhat.com>
      Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      1ca89fbc
    • B
      xfs: shutdown after buf release in iflush cluster abort path · 22fedd80
      Brian Foster 提交于
      If xfs_iflush_cluster() fails due to corruption, the error path
      issues a shutdown and simulates an I/O completion to release the
      buffer. This code has a couple small problems. First, the shutdown
      sequence can issue a synchronous log force, which is unsafe to do
      with buffer locks held. Second, the simulated I/O completion does not
      guarantee the buffer is async and thus is unlocked and released.
      
      For example, if the last operation on the buffer was a read off disk
      prior to the corruption event, XBF_ASYNC is not set and the buffer
      is left locked and held upon return. This results in a memory leak
      as shown by the following message on module unload:
      
       BUG xfs_buf (...): Objects remaining in xfs_buf on __kmem_cache_shutdown()
      
      Fix both of these problems by setting XBF_ASYNC on the buffer prior
      to the simulated I/O error and performing the shutdown immediately
      after ioend processing when the buffer has been released.
      Signed-off-by: NBrian Foster <bfoster@redhat.com>
      Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      22fedd80
    • B
      xfs: wake commit waiters on CIL abort before log item abort · 545aa41f
      Brian Foster 提交于
      XFS shutdown deadlocks have been reproduced by fstest generic/475.
      The deadlock signature involves log I/O completion running error
      handling to abort logged items and waiting for an inode cluster
      buffer lock in the buffer item unpin handler. The buffer lock is
      held by xfsaild attempting to flush an inode. The buffer happens to
      be pinned and so xfs_iflush() triggers an async log force to begin
      work required to get it unpinned. The log force is blocked waiting
      on the commit completion, which never occurs and thus leaves the
      filesystem deadlocked.
      
      The root problem is that aborted log I/O completion pots commit
      completion behind callback completion, which is unexpected for async
      log forces. Under normal running conditions, an async log force
      returns to the caller once the CIL ctx has been formatted/submitted
      and the commit completion event triggered at the tail end of
      xlog_cil_push(). If the filesystem has shutdown, however, we rely on
      xlog_cil_committed() to trigger the completion event and it happens
      to do so after running log item unpin callbacks. This makes it
      unsafe to invoke an async log force from contexts that hold locks
      that might also be required in log completion processing.
      
      To address this problem, wake commit completion waiters before
      aborting log items in the log I/O completion handler. This ensures
      that an async log force will not deadlock on held locks if the
      filesystem happens to shutdown. Note that it is still unsafe to
      issue a sync log force while holding such locks because a sync log
      force explicitly waits on the force completion, which occurs after
      log I/O completion processing.
      Signed-off-by: NBrian Foster <bfoster@redhat.com>
      Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      545aa41f
    • B
      xfs: fix use after free in buf log item unlock assert · 4d09807f
      Brian Foster 提交于
      The xfs_buf_log_item ->iop_unlock() callback asserts that the buffer
      is unlocked when either non-stale or aborted. This assert occurs
      after the bli refcount has been dropped and the log item potentially
      freed. The aborted check is thus a potential use after free. This
      problem has been reproduced with KASAN enabled via generic/475.
      
      Fix up xfs_buf_item_unlock() to query aborted state before the bli
      reference is dropped to prevent a potential use after free.
      Signed-off-by: NBrian Foster <bfoster@redhat.com>
      Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      4d09807f
    • L
      Linux 5.1-rc5 · dc4060a5
      Linus Torvalds 提交于
      dc4060a5
    • L
      Merge branch 'page-refs' (page ref overflow) · 6b3a7077
      Linus Torvalds 提交于
      Merge page ref overflow branch.
      
      Jann Horn reported that he can overflow the page ref count with
      sufficient memory (and a filesystem that is intentionally extremely
      slow).
      
      Admittedly it's not exactly easy.  To have more than four billion
      references to a page requires a minimum of 32GB of kernel memory just
      for the pointers to the pages, much less any metadata to keep track of
      those pointers.  Jann needed a total of 140GB of memory and a specially
      crafted filesystem that leaves all reads pending (in order to not ever
      free the page references and just keep adding more).
      
      Still, we have a fairly straightforward way to limit the two obvious
      user-controllable sources of page references: direct-IO like page
      references gotten through get_user_pages(), and the splice pipe page
      duplication.  So let's just do that.
      
      * branch page-refs:
        fs: prevent page refcount overflow in pipe_buf_get
        mm: prevent get_user_pages() from overflowing page refcount
        mm: add 'try_get_page()' helper function
        mm: make page ref count overflow check tighter and more explicit
      6b3a7077