2018-06-05 19:42:14 -07:00
// SPDX-License-Identifier: GPL-2.0+
2016-10-03 09:11:32 -07:00
/*
* Copyright ( C ) 2016 Oracle . All Rights Reserved .
* Author : Darrick J . Wong < darrick . wong @ oracle . com >
*/
# include "xfs.h"
# include "xfs_fs.h"
# include "xfs_shared.h"
# include "xfs_format.h"
# include "xfs_log_format.h"
# include "xfs_trans_resv.h"
# include "xfs_mount.h"
# include "xfs_defer.h"
# include "xfs_da_format.h"
# include "xfs_da_btree.h"
# include "xfs_inode.h"
# include "xfs_trans.h"
# include "xfs_inode_item.h"
# include "xfs_bmap.h"
# include "xfs_bmap_util.h"
# include "xfs_error.h"
# include "xfs_dir2.h"
# include "xfs_dir2_priv.h"
# include "xfs_ioctl.h"
# include "xfs_trace.h"
# include "xfs_log.h"
# include "xfs_icache.h"
# include "xfs_pnfs.h"
2016-10-03 09:11:39 -07:00
# include "xfs_btree.h"
2016-10-03 09:11:32 -07:00
# include "xfs_refcount_btree.h"
# include "xfs_refcount.h"
# include "xfs_bmap_btree.h"
# include "xfs_trans_space.h"
# include "xfs_bit.h"
# include "xfs_alloc.h"
# include "xfs_quota_defs.h"
# include "xfs_quota.h"
# include "xfs_reflink.h"
2016-10-03 09:11:33 -07:00
# include "xfs_iomap.h"
2016-10-03 09:11:35 -07:00
# include "xfs_rmap_btree.h"
2016-10-03 09:11:45 -07:00
# include "xfs_sb.h"
# include "xfs_ag_resv.h"
2016-10-03 09:11:32 -07:00
/*
* Copy on Write of Shared Blocks
*
* XFS must preserve " the usual " file semantics even when two files share
* the same physical blocks . This means that a write to one file must not
* alter the blocks in a different file ; the way that we ' ll do that is
* through the use of a copy - on - write mechanism . At a high level , that
* means that when we want to write to a shared block , we allocate a new
* block , write the data to the new block , and if that succeeds we map the
* new block into the file .
*
* XFS provides a " delayed allocation " mechanism that defers the allocation
* of disk blocks to dirty - but - not - yet - mapped file blocks as long as
* possible . This reduces fragmentation by enabling the filesystem to ask
* for bigger chunks less often , which is exactly what we want for CoW .
*
* The delalloc mechanism begins when the kernel wants to make a block
* writable ( write_begin or page_mkwrite ) . If the offset is not mapped , we
* create a delalloc mapping , which is a regular in - core extent , but without
* a real startblock . ( For delalloc mappings , the startblock encodes both
* a flag that this is a delalloc mapping , and a worst - case estimate of how
* many blocks might be required to put the mapping into the BMBT . ) delalloc
* mappings are a reservation against the free space in the filesystem ;
* adjacent mappings can also be combined into fewer larger mappings .
*
2017-02-02 15:14:02 -08:00
* As an optimization , the CoW extent size hint ( cowextsz ) creates
* outsized aligned delalloc reservations in the hope of landing out of
* order nearby CoW writes in a single extent on disk , thereby reducing
* fragmentation and improving future performance .
*
* D : - - RRRRRRSSSRRRRRRRR - - - ( data fork )
* C : - - - - - - DDDDDDD - - - - - - - - - ( CoW fork )
*
2016-10-03 09:11:32 -07:00
* When dirty pages are being written out ( typically in writepage ) , the
2017-02-02 15:14:02 -08:00
* delalloc reservations are converted into unwritten mappings by
* allocating blocks and replacing the delalloc mapping with real ones .
* A delalloc mapping can be replaced by several unwritten ones if the
* free space is fragmented .
*
* D : - - RRRRRRSSSRRRRRRRR - - -
* C : - - - - - - UUUUUUU - - - - - - - - -
2016-10-03 09:11:32 -07:00
*
* We want to adapt the delalloc mechanism for copy - on - write , since the
* write paths are similar . The first two steps ( creating the reservation
* and allocating the blocks ) are exactly the same as delalloc except that
* the mappings must be stored in a separate CoW fork because we do not want
* to disturb the mapping in the data fork until we ' re sure that the write
* succeeded . IO completion in this case is the process of removing the old
* mapping from the data fork and moving the new mapping from the CoW fork to
* the data fork . This will be discussed shortly .
*
* For now , unaligned directio writes will be bounced back to the page cache .
* Block - aligned directio writes will use the same mechanism as buffered
* writes .
*
2017-02-02 15:14:02 -08:00
* Just prior to submitting the actual disk write requests , we convert
* the extents representing the range of the file actually being written
* ( as opposed to extra pieces created for the cowextsize hint ) to real
* extents . This will become important in the next step :
*
* D : - - RRRRRRSSSRRRRRRRR - - -
* C : - - - - - - UUrrUUU - - - - - - - - -
*
2016-10-03 09:11:32 -07:00
* CoW remapping must be done after the data block write completes ,
* because we don ' t want to destroy the old data fork map until we ' re sure
* the new block has been written . Since the new mappings are kept in a
* separate fork , we can simply iterate these mappings to find the ones
* that cover the file blocks that we just CoW ' d . For each extent , simply
* unmap the corresponding range in the data fork , map the new range into
2017-02-02 15:14:02 -08:00
* the data fork , and remove the extent from the CoW fork . Because of
* the presence of the cowextsize hint , however , we must be careful
* only to remap the blocks that we ' ve actually written out - - we must
* never remap delalloc reservations nor CoW staging blocks that have
* yet to be written . This corresponds exactly to the real extents in
* the CoW fork :
*
* D : - - RRRRRRrrSRRRRRRRR - - -
* C : - - - - - - UU - - UUU - - - - - - - - -
2016-10-03 09:11:32 -07:00
*
* Since the remapping operation can be applied to an arbitrary file
* range , we record the need for the remap step as a flag in the ioend
* instead of declaring a new IO type . This is required for direct io
* because we only have ioend for the whole dio , and we have to be able to
* remember the presence of unwritten blocks and CoW blocks with a single
* ioend structure . Better yet , the more ground we can cover with one
* ioend , the better .
*/
2016-10-03 09:11:33 -07:00
/*
* Given an AG extent , find the lowest - numbered run of shared blocks
* within that range and return the range in fbno / flen . If
* find_end_of_shared is true , return the longest contiguous extent of
* shared blocks . If there are no shared extents , fbno and flen will
* be set to NULLAGBLOCK and 0 , respectively .
*/
int
xfs_reflink_find_shared (
struct xfs_mount * mp ,
2017-06-16 11:00:10 -07:00
struct xfs_trans * tp ,
2016-10-03 09:11:33 -07:00
xfs_agnumber_t agno ,
xfs_agblock_t agbno ,
xfs_extlen_t aglen ,
xfs_agblock_t * fbno ,
xfs_extlen_t * flen ,
bool find_end_of_shared )
{
struct xfs_buf * agbp ;
struct xfs_btree_cur * cur ;
int error ;
2017-06-16 11:00:10 -07:00
error = xfs_alloc_read_agf ( mp , tp , agno , 0 , & agbp ) ;
2016-10-03 09:11:33 -07:00
if ( error )
return error ;
2017-07-17 14:30:57 -07:00
if ( ! agbp )
return - ENOMEM ;
2016-10-03 09:11:33 -07:00
2018-07-11 22:26:17 -07:00
cur = xfs_refcountbt_init_cursor ( mp , tp , agbp , agno ) ;
2016-10-03 09:11:33 -07:00
error = xfs_refcount_find_shared ( cur , agbno , aglen , fbno , flen ,
find_end_of_shared ) ;
2018-07-19 12:26:31 -07:00
xfs_btree_del_cursor ( cur , error ) ;
2016-10-03 09:11:33 -07:00
2017-06-16 11:00:10 -07:00
xfs_trans_brelse ( tp , agbp ) ;
2016-10-03 09:11:33 -07:00
return error ;
}
/*
* Trim the mapping to the next block where there ' s a change in the
* shared / unshared status . More specifically , this means that we
* find the lowest - numbered extent of shared blocks that coincides with
* the given block mapping . If the shared extent overlaps the start of
* the mapping , trim the mapping to the end of the shared extent . If
* the shared region intersects the mapping , trim the mapping to the
* start of the shared extent . If there are no shared regions that
* overlap , just return the original extent .
*/
int
xfs_reflink_trim_around_shared (
struct xfs_inode * ip ,
struct xfs_bmbt_irec * irec ,
2018-10-18 17:19:48 +11:00
bool * shared )
2016-10-03 09:11:33 -07:00
{
xfs_agnumber_t agno ;
xfs_agblock_t agbno ;
xfs_extlen_t aglen ;
xfs_agblock_t fbno ;
xfs_extlen_t flen ;
int error = 0 ;
/* Holes, unwritten, and delalloc extents cannot be shared */
2017-03-28 14:53:35 -07:00
if ( ! xfs_is_reflink_inode ( ip ) | | ! xfs_bmap_is_real_extent ( irec ) ) {
2016-10-03 09:11:33 -07:00
* shared = false ;
return 0 ;
}
trace_xfs_reflink_trim_around_shared ( ip , irec ) ;
agno = XFS_FSB_TO_AGNO ( ip - > i_mount , irec - > br_startblock ) ;
agbno = XFS_FSB_TO_AGBNO ( ip - > i_mount , irec - > br_startblock ) ;
aglen = irec - > br_blockcount ;
2017-06-16 11:00:10 -07:00
error = xfs_reflink_find_shared ( ip - > i_mount , NULL , agno , agbno ,
2016-10-03 09:11:33 -07:00
aglen , & fbno , & flen , true ) ;
if ( error )
return error ;
2018-10-18 17:19:48 +11:00
* shared = false ;
2016-10-03 09:11:33 -07:00
if ( fbno = = NULLAGBLOCK ) {
/* No shared blocks at all. */
return 0 ;
} else if ( fbno = = agbno ) {
/*
* The start of this extent is shared . Truncate the
* mapping at the end of the shared region so that a
* subsequent iteration starts at the start of the
* unshared region .
*/
irec - > br_blockcount = flen ;
* shared = true ;
return 0 ;
} else {
/*
* There ' s a shared extent midway through this extent .
* Truncate the mapping at the start of the shared
* extent so that a subsequent iteration starts at the
* start of the shared region .
*/
irec - > br_blockcount = fbno - agbno ;
return 0 ;
}
}
2016-10-20 15:53:50 +11:00
/*
* Trim the passed in imap to the next shared / unshared extent boundary , and
* if imap - > br_startoff points to a shared extent reserve space for it in the
2018-10-18 17:19:37 +11:00
* COW fork .
2016-10-20 15:53:50 +11:00
*
* Note that imap will always contain the block numbers for the existing blocks
* in the data fork , as the upper layers need them for read - modify - write
* operations .
*/
int
xfs_reflink_reserve_cow (
2016-10-03 09:11:33 -07:00
struct xfs_inode * ip ,
2018-10-18 17:19:37 +11:00
struct xfs_bmbt_irec * imap )
2016-10-03 09:11:33 -07:00
{
2016-11-24 11:39:49 +11:00
struct xfs_ifork * ifp = XFS_IFORK_PTR ( ip , XFS_COW_FORK ) ;
struct xfs_bmbt_irec got ;
int error = 0 ;
2018-10-18 17:19:48 +11:00
bool eof = false ;
2017-11-03 10:34:43 -07:00
struct xfs_iext_cursor icur ;
2018-10-18 17:19:37 +11:00
bool shared ;
2016-10-03 09:11:33 -07:00
2016-10-20 15:53:50 +11:00
/*
* Search the COW fork extent list first . This serves two purposes :
* first this implement the speculative preallocation using cowextisze ,
* so that we also unshared block adjacent to shared blocks instead
* of just the shared blocks themselves . Second the lookup in the
* extent list is generally faster than going out to the shared extent
* tree .
*/
2016-11-24 11:39:49 +11:00
2017-11-03 10:34:43 -07:00
if ( ! xfs_iext_lookup_extent ( ip , ifp , imap - > br_startoff , & icur , & got ) )
2016-11-24 11:39:49 +11:00
eof = true ;
2016-10-20 15:53:50 +11:00
if ( ! eof & & got . br_startoff < = imap - > br_startoff ) {
trace_xfs_reflink_cow_found ( ip , imap ) ;
xfs_trim_extent ( imap , got . br_startoff , got . br_blockcount ) ;
return 0 ;
}
2016-10-03 09:11:33 -07:00
/* Trim the mapping to the nearest shared extent boundary. */
2018-10-18 17:19:48 +11:00
error = xfs_reflink_trim_around_shared ( ip , imap , & shared ) ;
2016-10-03 09:11:33 -07:00
if ( error )
2016-10-20 15:53:50 +11:00
return error ;
2016-10-03 09:11:33 -07:00
/* Not shared? Just report the (potentially capped) extent. */
2018-10-18 17:19:37 +11:00
if ( ! shared )
2016-10-20 15:53:50 +11:00
return 0 ;
2016-10-03 09:11:33 -07:00
/*
* Fork all the shared blocks from our write offset until the end of
* the extent .
*/
2018-05-04 15:30:22 -07:00
error = xfs_qm_dqattach_locked ( ip , false ) ;
2016-10-03 09:11:33 -07:00
if ( error )
2016-10-20 15:53:50 +11:00
return error ;
error = xfs_bmapi_reserve_delalloc ( ip , XFS_COW_FORK , imap - > br_startoff ,
2017-11-03 10:34:43 -07:00
imap - > br_blockcount , 0 , & got , & icur , eof ) ;
xfs: clean up cow fork reservation and tag inodes correctly
COW fork reservation is implemented via delayed allocation. The code is
modeled after the traditional delalloc allocation code, but is slightly
different in terms of how preallocation occurs. Rather than post-eof
speculative preallocation, COW fork preallocation is implemented via a
COW extent size hint that is designed to minimize fragmentation as a
reflinked file is split over time.
xfs_reflink_reserve_cow() still uses logic that is oriented towards
dealing with post-eof speculative preallocation, however, and is stale
or not necessarily correct. First, the EOF alignment to the COW extent
size hint is implemented in xfs_bmapi_reserve_delalloc() (which does so
correctly by aligning the start and end offsets) and so is not necessary
in xfs_reflink_reserve_cow(). The backoff and retry logic on ENOSPC is
also ineffective for the same reason, as xfs_bmapi_reserve_delalloc()
will simply perform the same allocation request on the retry. Finally,
since the COW extent size hint aligns the start and end offset of the
range to allocate, the end_fsb != orig_end_fsb logic is not sufficient.
Indeed, if a write request happens to end on an aligned offset, it is
possible that we do not tag the inode for COW preallocation even though
xfs_bmapi_reserve_delalloc() may have preallocated at the start offset.
Kill the unnecessary, duplicate code in xfs_reflink_reserve_cow().
Remove the inode tag logic as well since xfs_bmapi_reserve_delalloc()
has been updated to tag the inode correctly.
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-11-28 14:57:42 +11:00
if ( error = = - ENOSPC | | error = = - EDQUOT )
2016-10-20 15:53:50 +11:00
trace_xfs_reflink_cow_enospc ( ip , imap ) ;
xfs: clean up cow fork reservation and tag inodes correctly
COW fork reservation is implemented via delayed allocation. The code is
modeled after the traditional delalloc allocation code, but is slightly
different in terms of how preallocation occurs. Rather than post-eof
speculative preallocation, COW fork preallocation is implemented via a
COW extent size hint that is designed to minimize fragmentation as a
reflinked file is split over time.
xfs_reflink_reserve_cow() still uses logic that is oriented towards
dealing with post-eof speculative preallocation, however, and is stale
or not necessarily correct. First, the EOF alignment to the COW extent
size hint is implemented in xfs_bmapi_reserve_delalloc() (which does so
correctly by aligning the start and end offsets) and so is not necessary
in xfs_reflink_reserve_cow(). The backoff and retry logic on ENOSPC is
also ineffective for the same reason, as xfs_bmapi_reserve_delalloc()
will simply perform the same allocation request on the retry. Finally,
since the COW extent size hint aligns the start and end offset of the
range to allocate, the end_fsb != orig_end_fsb logic is not sufficient.
Indeed, if a write request happens to end on an aligned offset, it is
possible that we do not tag the inode for COW preallocation even though
xfs_bmapi_reserve_delalloc() may have preallocated at the start offset.
Kill the unnecessary, duplicate code in xfs_reflink_reserve_cow().
Remove the inode tag logic as well since xfs_bmapi_reserve_delalloc()
has been updated to tag the inode correctly.
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-11-28 14:57:42 +11:00
if ( error )
2016-10-20 15:53:50 +11:00
return error ;
2016-10-03 09:11:46 -07:00
xfs: fix shared extent data corruption due to missing cow reservation
Page writeback indirectly handles shared extents via the existence
of overlapping COW fork blocks. If COW fork blocks exist, writeback
always performs the associated copy-on-write regardless if the
underlying blocks are actually shared. If the blocks are shared,
then overlapping COW fork blocks must always exist.
fstests shared/010 reproduces a case where a buffered write occurs
over a shared block without performing the requisite COW fork
reservation. This ultimately causes writeback to the shared extent
and data corruption that is detected across md5 checks of the
filesystem across a mount cycle.
The problem occurs when a buffered write lands over a shared extent
that crosses an extent size hint boundary and that also happens to
have a partial COW reservation that doesn't cover the start and end
blocks of the data fork extent.
For example, a buffered write occurs across the file offset (in FSB
units) range of [29, 57]. A shared extent exists at blocks [29, 35]
and COW reservation already exists at blocks [32, 34]. After
accommodating a COW extent size hint of 32 blocks and the existing
reservation at offset 32, xfs_reflink_reserve_cow() allocates 32
blocks of reservation at offset 0 and returns with COW reservation
across the range of [0, 34]. The associated data fork extent is
still [29, 35], however, which isn't fully covered by the COW
reservation.
This leads to a buffered write at file offset 35 over a shared
extent without associated COW reservation. Writeback eventually
kicks in, performs an overwrite of the underlying shared block and
causes the associated data corruption.
Update xfs_reflink_reserve_cow() to accommodate the fact that a
delalloc allocation request may not fully cover the extent in the
data fork. Trim the data fork extent appropriately, just as is done
for shared extent boundaries and/or existing COW reservations that
happen to overlap the start of the data fork extent. This prevents
shared/010 failures due to data corruption on reflink enabled
filesystems.
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2018-11-14 07:46:40 -08:00
xfs_trim_extent ( imap , got . br_startoff , got . br_blockcount ) ;
2016-10-03 09:11:33 -07:00
trace_xfs_reflink_cow_alloc ( ip , & got ) ;
2016-10-20 15:53:50 +11:00
return 0 ;
2016-10-03 09:11:33 -07:00
}
2016-10-03 09:11:34 -07:00
2017-02-02 15:14:02 -08:00
/* Convert part of an unwritten CoW extent to a real one. */
STATIC int
xfs_reflink_convert_cow_extent (
struct xfs_inode * ip ,
struct xfs_bmbt_irec * imap ,
xfs_fileoff_t offset_fsb ,
2018-07-11 22:26:06 -07:00
xfs_filblks_t count_fsb )
2017-02-02 15:14:02 -08:00
{
int nimaps = 1 ;
if ( imap - > br_state = = XFS_EXT_NORM )
return 0 ;
2017-02-06 10:46:01 -08:00
xfs_trim_extent ( imap , offset_fsb , count_fsb ) ;
trace_xfs_reflink_convert_cow ( ip , imap ) ;
if ( imap - > br_blockcount = = 0 )
2017-02-02 15:14:02 -08:00
return 0 ;
2017-02-06 10:46:01 -08:00
return xfs_bmapi_write ( NULL , ip , imap - > br_startoff , imap - > br_blockcount ,
2018-07-11 22:26:25 -07:00
XFS_BMAPI_COWFORK | XFS_BMAPI_CONVERT , 0 , imap ,
2018-07-11 22:26:19 -07:00
& nimaps ) ;
2017-02-02 15:14:02 -08:00
}
/* Convert all of the unwritten CoW extents in a file's range to real ones. */
int
xfs_reflink_convert_cow (
struct xfs_inode * ip ,
xfs_off_t offset ,
xfs_off_t count )
{
struct xfs_mount * mp = ip - > i_mount ;
xfs_fileoff_t offset_fsb = XFS_B_TO_FSBT ( mp , offset ) ;
xfs_fileoff_t end_fsb = XFS_B_TO_FSB ( mp , offset + count ) ;
2017-11-03 10:34:44 -07:00
xfs_filblks_t count_fsb = end_fsb - offset_fsb ;
struct xfs_bmbt_irec imap ;
int nimaps = 1 , error = 0 ;
2017-02-02 15:14:02 -08:00
2017-11-03 10:34:44 -07:00
ASSERT ( count ! = 0 ) ;
2017-02-02 15:14:02 -08:00
2017-11-03 10:34:44 -07:00
xfs_ilock ( ip , XFS_ILOCK_EXCL ) ;
error = xfs_bmapi_write ( NULL , ip , offset_fsb , count_fsb ,
XFS_BMAPI_COWFORK | XFS_BMAPI_CONVERT |
2018-07-11 22:26:25 -07:00
XFS_BMAPI_CONVERT_ONLY , 0 , & imap , & nimaps ) ;
2017-02-02 15:14:02 -08:00
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
return error ;
}
2018-09-29 13:47:15 +10:00
/*
* Find the extent that maps the given range in the COW fork . Even if the extent
* is not shared we might have a preallocation for it in the COW fork . If so we
* use it that rather than trigger a new allocation .
*/
static int
xfs_find_trim_cow_extent (
struct xfs_inode * ip ,
struct xfs_bmbt_irec * imap ,
bool * shared ,
bool * found )
{
xfs_fileoff_t offset_fsb = imap - > br_startoff ;
xfs_filblks_t count_fsb = imap - > br_blockcount ;
struct xfs_iext_cursor icur ;
struct xfs_bmbt_irec got ;
* found = false ;
/*
* If we don ' t find an overlapping extent , trim the range we need to
* allocate to fit the hole we found .
*/
2018-10-18 17:19:58 +11:00
if ( ! xfs_iext_lookup_extent ( ip , ip - > i_cowfp , offset_fsb , & icur , & got ) )
got . br_startoff = offset_fsb + count_fsb ;
if ( got . br_startoff > offset_fsb ) {
xfs_trim_extent ( imap , imap - > br_startoff ,
got . br_startoff - imap - > br_startoff ) ;
2018-10-18 17:19:48 +11:00
return xfs_reflink_trim_around_shared ( ip , imap , shared ) ;
2018-10-18 17:19:58 +11:00
}
2018-09-29 13:47:15 +10:00
* shared = true ;
if ( isnullstartblock ( got . br_startblock ) ) {
xfs_trim_extent ( imap , got . br_startoff , got . br_blockcount ) ;
return 0 ;
}
/* real extent found - no need to allocate */
xfs_trim_extent ( & got , offset_fsb , count_fsb ) ;
* imap = got ;
* found = true ;
return 0 ;
}
2016-10-03 09:11:37 -07:00
/* Allocate all CoW reservations covering a range of blocks in a file. */
2017-02-06 10:51:03 -08:00
int
xfs_reflink_allocate_cow (
2016-10-03 09:11:37 -07:00
struct xfs_inode * ip ,
2017-02-06 10:51:03 -08:00
struct xfs_bmbt_irec * imap ,
bool * shared ,
uint * lockmode )
2016-10-03 09:11:37 -07:00
{
struct xfs_mount * mp = ip - > i_mount ;
2017-02-06 10:51:03 -08:00
xfs_fileoff_t offset_fsb = imap - > br_startoff ;
xfs_filblks_t count_fsb = imap - > br_blockcount ;
2018-09-29 13:47:15 +10:00
struct xfs_trans * tp ;
2017-02-06 10:51:03 -08:00
int nimaps , error = 0 ;
2018-09-29 13:47:15 +10:00
bool found ;
2017-02-06 10:50:49 -08:00
xfs_filblks_t resaligned ;
2017-02-06 10:51:03 -08:00
xfs_extlen_t resblks = 0 ;
2016-10-03 09:11:37 -07:00
2018-03-13 23:15:31 -07:00
ASSERT ( xfs_isilocked ( ip , XFS_ILOCK_EXCL ) ) ;
2018-09-29 13:47:15 +10:00
ASSERT ( xfs_is_reflink_inode ( ip ) ) ;
2016-10-03 09:11:37 -07:00
2018-09-29 13:47:15 +10:00
error = xfs_find_trim_cow_extent ( ip , imap , shared , & found ) ;
if ( error | | ! * shared )
return error ;
if ( found )
goto convert ;
2017-02-06 10:51:03 -08:00
2018-09-29 13:47:15 +10:00
resaligned = xfs_aligned_fsb_count ( imap - > br_startoff ,
imap - > br_blockcount , xfs_get_cowextsz_hint ( ip ) ) ;
resblks = XFS_DIOSTRAT_SPACE_RES ( mp , resaligned ) ;
2017-02-06 10:50:49 -08:00
2018-09-29 13:47:15 +10:00
xfs_iunlock ( ip , * lockmode ) ;
error = xfs_trans_alloc ( mp , & M_RES ( mp ) - > tr_write , resblks , 0 , 0 , & tp ) ;
* lockmode = XFS_ILOCK_EXCL ;
xfs_ilock ( ip , * lockmode ) ;
2016-10-20 15:53:50 +11:00
2018-09-29 13:47:15 +10:00
if ( error )
return error ;
2017-02-06 10:50:49 -08:00
2018-09-29 13:47:15 +10:00
error = xfs_qm_dqattach_locked ( ip , false ) ;
if ( error )
goto out_trans_cancel ;
2017-02-06 10:51:03 -08:00
2018-09-29 13:47:15 +10:00
/*
* Check for an overlapping extent again now that we dropped the ilock .
*/
error = xfs_find_trim_cow_extent ( ip , imap , shared , & found ) ;
if ( error | | ! * shared )
goto out_trans_cancel ;
if ( found ) {
xfs_trans_cancel ( tp ) ;
goto convert ;
2017-02-06 10:50:49 -08:00
}
error = xfs_trans_reserve_quota_nblks ( tp , ip , resblks , 0 ,
XFS_QMOPT_RES_REGBLKS ) ;
2016-10-03 09:11:37 -07:00
if ( error )
2018-09-29 13:47:15 +10:00
goto out_trans_cancel ;
2016-10-03 09:11:37 -07:00
2017-02-06 10:50:49 -08:00
xfs_trans_ijoin ( tp , ip , 0 ) ;
2017-02-02 15:14:02 -08:00
/* Allocate the entire reservation as unwritten blocks. */
2018-09-29 13:47:15 +10:00
nimaps = 1 ;
2017-02-06 10:51:03 -08:00
error = xfs_bmapi_write ( tp , ip , imap - > br_startoff , imap - > br_blockcount ,
2018-07-11 22:26:23 -07:00
XFS_BMAPI_COWFORK | XFS_BMAPI_PREALLOC ,
2018-07-11 22:26:25 -07:00
resblks , imap , & nimaps ) ;
2016-10-03 09:11:37 -07:00
if ( error )
2018-09-29 13:47:15 +10:00
goto out_unreserve ;
2016-10-03 09:11:37 -07:00
2017-12-14 15:46:06 -08:00
xfs_inode_set_cowblocks_tag ( ip ) ;
2016-10-03 09:11:37 -07:00
error = xfs_trans_commit ( tp ) ;
2017-02-06 10:50:49 -08:00
if ( error )
2017-02-06 10:51:03 -08:00
return error ;
2018-01-26 11:37:44 -08:00
/*
* Allocation succeeded but the requested range was not even partially
* satisfied ? Bail out !
*/
if ( nimaps = = 0 )
return - ENOSPC ;
2017-02-06 10:51:03 -08:00
convert :
2018-07-11 22:26:06 -07:00
return xfs_reflink_convert_cow_extent ( ip , imap , offset_fsb , count_fsb ) ;
2018-09-29 13:47:15 +10:00
out_unreserve :
2017-02-06 10:50:49 -08:00
xfs_trans_unreserve_quota_nblks ( tp , ip , ( long ) resblks , 0 ,
XFS_QMOPT_RES_REGBLKS ) ;
2018-09-29 13:47:15 +10:00
out_trans_cancel :
xfs_trans_cancel ( tp ) ;
2017-02-06 10:51:03 -08:00
return error ;
2016-10-03 09:11:37 -07:00
}
2016-10-03 09:11:35 -07:00
/*
2017-03-07 16:45:58 -08:00
* Cancel CoW reservations for some block range of an inode .
*
* If cancel_real is true this function cancels all COW fork extents for the
* inode ; if cancel_real is false , real extents are not cleared .
2018-05-09 07:49:09 -07:00
*
* Caller must have already joined the inode to the current transaction . The
* inode will be joined to the transaction returned to the caller .
2016-10-03 09:11:35 -07:00
*/
int
xfs_reflink_cancel_cow_blocks (
struct xfs_inode * ip ,
struct xfs_trans * * tpp ,
xfs_fileoff_t offset_fsb ,
2017-03-07 16:45:58 -08:00
xfs_fileoff_t end_fsb ,
bool cancel_real )
2016-10-03 09:11:35 -07:00
{
2016-10-20 15:54:31 +11:00
struct xfs_ifork * ifp = XFS_IFORK_PTR ( ip , XFS_COW_FORK ) ;
2016-11-24 11:39:50 +11:00
struct xfs_bmbt_irec got , del ;
2017-11-03 10:34:43 -07:00
struct xfs_iext_cursor icur ;
2016-11-24 11:39:50 +11:00
int error = 0 ;
2016-10-03 09:11:35 -07:00
2018-07-17 16:51:51 -07:00
if ( ! xfs_inode_has_cow_data ( ip ) )
2016-10-03 09:11:35 -07:00
return 0 ;
2017-11-03 10:34:44 -07:00
if ( ! xfs_iext_lookup_extent_before ( ip , ifp , & end_fsb , & icur , & got ) )
2016-10-20 15:54:31 +11:00
return 0 ;
2016-10-03 09:11:35 -07:00
2017-11-03 10:34:44 -07:00
/* Walk backwards until we're out of the I/O range... */
while ( got . br_startoff + got . br_blockcount > offset_fsb ) {
2016-10-20 15:54:31 +11:00
del = got ;
xfs_trim_extent ( & del , offset_fsb , end_fsb - offset_fsb ) ;
2017-11-03 10:34:44 -07:00
/* Extent delete may have bumped ext forward */
if ( ! del . br_blockcount ) {
xfs_iext_prev ( ifp , & icur ) ;
goto next_extent ;
}
2016-10-20 15:54:31 +11:00
trace_xfs_reflink_cancel_cow ( ip , & del ) ;
2016-10-03 09:11:35 -07:00
2016-10-20 15:54:31 +11:00
if ( isnullstartblock ( del . br_startblock ) ) {
error = xfs_bmap_del_extent_delay ( ip , XFS_COW_FORK ,
2017-11-03 10:34:43 -07:00
& icur , & got , & del ) ;
2016-10-03 09:11:35 -07:00
if ( error )
break ;
2017-03-07 16:45:58 -08:00
} else if ( del . br_state = = XFS_EXT_UNWRITTEN | | cancel_real ) {
2018-07-24 13:43:12 -07:00
ASSERT ( ( * tpp ) - > t_firstblock = = NULLFSBLOCK ) ;
2016-10-03 09:11:35 -07:00
2016-10-03 09:11:39 -07:00
/* Free the CoW orphan record. */
2018-08-01 07:20:34 -07:00
error = xfs_refcount_free_cow_extent ( * tpp ,
del . br_startblock , del . br_blockcount ) ;
2016-10-03 09:11:39 -07:00
if ( error )
break ;
2018-08-01 07:20:34 -07:00
xfs_bmap_add_free ( * tpp , del . br_startblock ,
del . br_blockcount , NULL ) ;
2016-10-03 09:11:35 -07:00
/* Roll the transaction */
2018-07-24 13:43:15 -07:00
error = xfs_defer_finish ( tpp ) ;
2018-08-01 07:20:33 -07:00
if ( error )
2016-10-03 09:11:35 -07:00
break ;
/* Remove the mapping from the CoW fork. */
2017-11-03 10:34:43 -07:00
xfs_bmap_del_extent_cow ( ip , & icur , & got , & del ) ;
2018-01-19 09:05:48 -08:00
/* Remove the quota reservation */
error = xfs_trans_reserve_quota_nblks ( NULL , ip ,
- ( long ) del . br_blockcount , 0 ,
XFS_QMOPT_RES_REGBLKS ) ;
if ( error )
break ;
2017-12-10 18:03:55 -08:00
} else {
/* Didn't do anything, push cursor back. */
xfs_iext_prev ( ifp , & icur ) ;
2016-10-03 09:11:35 -07:00
}
2017-11-03 10:34:44 -07:00
next_extent :
if ( ! xfs_iext_get_extent ( ifp , & icur , & got ) )
2016-10-24 14:21:08 +11:00
break ;
2016-10-03 09:11:35 -07:00
}
2016-10-24 14:21:08 +11:00
/* clear tag if cow fork is emptied */
if ( ! ifp - > if_bytes )
xfs_inode_clear_cowblocks_tag ( ip ) ;
2016-10-03 09:11:35 -07:00
return error ;
}
/*
2017-03-07 16:45:58 -08:00
* Cancel CoW reservations for some byte range of an inode .
*
* If cancel_real is true this function cancels all COW fork extents for the
* inode ; if cancel_real is false , real extents are not cleared .
2016-10-03 09:11:35 -07:00
*/
int
xfs_reflink_cancel_cow_range (
struct xfs_inode * ip ,
xfs_off_t offset ,
2017-03-07 16:45:58 -08:00
xfs_off_t count ,
bool cancel_real )
2016-10-03 09:11:35 -07:00
{
struct xfs_trans * tp ;
xfs_fileoff_t offset_fsb ;
xfs_fileoff_t end_fsb ;
int error ;
trace_xfs_reflink_cancel_cow_range ( ip , offset , count ) ;
2016-10-10 16:47:32 +11:00
ASSERT ( xfs_is_reflink_inode ( ip ) ) ;
2016-10-03 09:11:35 -07:00
offset_fsb = XFS_B_TO_FSBT ( ip - > i_mount , offset ) ;
if ( count = = NULLFILEOFF )
end_fsb = NULLFILEOFF ;
else
end_fsb = XFS_B_TO_FSB ( ip - > i_mount , offset + count ) ;
/* Start a rolling transaction to remove the mappings */
error = xfs_trans_alloc ( ip - > i_mount , & M_RES ( ip - > i_mount ) - > tr_write ,
2018-03-06 17:07:22 -08:00
0 , 0 , XFS_TRANS_NOFS , & tp ) ;
2016-10-03 09:11:35 -07:00
if ( error )
goto out ;
xfs_ilock ( ip , XFS_ILOCK_EXCL ) ;
xfs_trans_ijoin ( tp , ip , 0 ) ;
/* Scrape out the old CoW reservations */
2017-03-07 16:45:58 -08:00
error = xfs_reflink_cancel_cow_blocks ( ip , & tp , offset_fsb , end_fsb ,
cancel_real ) ;
2016-10-03 09:11:35 -07:00
if ( error )
goto out_cancel ;
error = xfs_trans_commit ( tp ) ;
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
return error ;
out_cancel :
xfs_trans_cancel ( tp ) ;
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
out :
trace_xfs_reflink_cancel_cow_range_error ( ip , error , _RET_IP_ ) ;
return error ;
}
/*
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
* Remap part of the CoW fork into the data fork .
*
* We aim to remap the range starting at @ offset_fsb and ending at @ end_fsb
* into the data fork ; this function will remap what it can ( at the end of the
* range ) and update @ end_fsb appropriately . Each remap gets its own
* transaction because we can end up merging and splitting bmbt blocks for
* every remap operation and we ' d like to keep the block reservation
* requirements as low as possible .
2016-10-03 09:11:35 -07:00
*/
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
STATIC int
xfs_reflink_end_cow_extent (
struct xfs_inode * ip ,
xfs_fileoff_t offset_fsb ,
xfs_fileoff_t * end_fsb )
2016-10-03 09:11:35 -07:00
{
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
struct xfs_bmbt_irec got , del ;
struct xfs_iext_cursor icur ;
struct xfs_mount * mp = ip - > i_mount ;
struct xfs_trans * tp ;
struct xfs_ifork * ifp = XFS_IFORK_PTR ( ip , XFS_COW_FORK ) ;
xfs_filblks_t rlen ;
unsigned int resblks ;
int error ;
2016-10-03 09:11:35 -07:00
2016-10-20 15:54:45 +11:00
/* No COW extents? That's easy! */
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
if ( ifp - > if_bytes = = 0 ) {
* end_fsb = offset_fsb ;
2016-10-20 15:54:45 +11:00
return 0 ;
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
}
2016-10-20 15:54:45 +11:00
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
resblks = XFS_EXTENTADD_SPACE_RES ( mp , XFS_DATA_FORK ) ;
error = xfs_trans_alloc ( mp , & M_RES ( mp ) - > tr_write , resblks , 0 ,
XFS_TRANS_RESERVE | XFS_TRANS_NOFS , & tp ) ;
if ( error )
return error ;
2016-10-03 09:11:35 -07:00
2017-04-12 12:26:07 -07:00
/*
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
* Lock the inode . We have to ijoin without automatic unlock because
* the lead transaction is the refcountbt record deletion ; the data
* fork update follows as a deferred log item .
2017-04-12 12:26:07 -07:00
*/
2016-10-03 09:11:35 -07:00
xfs_ilock ( ip , XFS_ILOCK_EXCL ) ;
xfs_trans_ijoin ( tp , ip , 0 ) ;
2017-10-23 16:32:39 -07:00
/*
* In case of racing , overlapping AIO writes no COW extents might be
* left by the time I / O completes for the loser of the race . In that
* case we are done .
*/
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
if ( ! xfs_iext_lookup_extent_before ( ip , ifp , end_fsb , & icur , & got ) | |
got . br_startoff + got . br_blockcount < = offset_fsb ) {
* end_fsb = offset_fsb ;
2017-10-23 16:32:39 -07:00
goto out_cancel ;
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
}
2016-10-03 09:11:35 -07:00
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
/*
* Structure copy @ got into @ del , then trim @ del to the range that we
* were asked to remap . We preserve @ got for the eventual CoW fork
* deletion ; from now on @ del represents the mapping that we ' re
* actually remapping .
*/
del = got ;
xfs_trim_extent ( & del , offset_fsb , * end_fsb - offset_fsb ) ;
2016-10-20 15:54:45 +11:00
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
ASSERT ( del . br_blockcount > 0 ) ;
2017-02-02 15:14:02 -08:00
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
/*
* Only remap real extents that contain data . With AIO , speculative
* preallocations can leak into the range we are called upon , and we
* need to skip them .
*/
if ( ! xfs_bmap_is_real_extent ( & got ) ) {
* end_fsb = del . br_startoff ;
goto out_cancel ;
}
2016-10-03 09:11:35 -07:00
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
/* Unmap the old blocks in the data fork. */
rlen = del . br_blockcount ;
error = __xfs_bunmapi ( tp , ip , del . br_startoff , & rlen , 0 , 1 ) ;
if ( error )
goto out_cancel ;
2016-10-03 09:11:39 -07:00
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
/* Trim the extent to whatever got unmapped. */
xfs_trim_extent ( & del , del . br_startoff + rlen , del . br_blockcount - rlen ) ;
trace_xfs_reflink_cow_remap ( ip , & del ) ;
2016-10-03 09:11:35 -07:00
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
/* Free the CoW orphan record. */
error = xfs_refcount_free_cow_extent ( tp , del . br_startblock ,
del . br_blockcount ) ;
if ( error )
goto out_cancel ;
2016-10-03 09:11:35 -07:00
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
/* Map the new blocks into the data fork. */
error = xfs_bmap_map_extent ( tp , ip , & del ) ;
if ( error )
goto out_cancel ;
2018-01-19 09:05:48 -08:00
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
/* Charge this new data fork mapping to the on-disk quota. */
xfs_trans_mod_dquot_byino ( tp , ip , XFS_TRANS_DQ_DELBCOUNT ,
( long ) del . br_blockcount ) ;
2016-10-20 15:54:45 +11:00
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
/* Remove the mapping from the CoW fork. */
xfs_bmap_del_extent_cow ( ip , & icur , & got , & del ) ;
2016-10-03 09:11:35 -07:00
error = xfs_trans_commit ( tp ) ;
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
if ( error )
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
return error ;
/* Update the caller about how much progress we made. */
* end_fsb = del . br_startoff ;
2016-10-03 09:11:35 -07:00
return 0 ;
2017-10-03 08:58:33 -07:00
out_cancel :
2016-10-03 09:11:35 -07:00
xfs_trans_cancel ( tp ) ;
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
xfs: split up the xfs_reflink_end_cow work into smaller transactions
In xfs_reflink_end_cow, we allocate a single transaction for the entire
end_cow operation and then loop the CoW fork mappings to move them to
the data fork. This design fails on a heavily fragmented filesystem
where an inode's data fork has exactly one more extent than would fit in
an extents-format fork, because the unmap can collapse the data fork
into extents format (freeing the bmbt block) but the remap can expand
the data fork back into a (newly allocated) bmbt block. If the number
of extents we end up remapping is large, we can overflow the block
reservation because we reserved blocks assuming that we were adding
mappings into an already-cleared area of the data fork.
Let's say we have 8 extents in the data fork, 8 extents in the CoW fork,
and the data fork can hold at most 7 extents before needing to convert
to btree format; and that blocks A-P are discontiguous single-block
extents:
0......7
D: ABCDEFGH
C: IJKLMNOP
When a write to file blocks 0-7 completes, we must remap I-P into the
data fork. We start by removing H from the btree-format data fork. Now
we have 7 extents, so we convert the fork to extents format, freeing the
bmbt block. We then move P into the data fork and it now has 8 extents
again. We must convert the data fork back to btree format, requiring a
block allocation. If we repeat this sequence for blocks 6-5-4-3-2-1-0,
we'll need a total of 8 block allocations to remap all 8 blocks. We
reserved only enough blocks to handle one btree split (5 blocks on a 4k
block filesystem), which means we overflow the block reservation.
To fix this issue, create a separate helper function to remap a single
extent, and change _reflink_end_cow to call it in a tight loop over the
entire range we're completing. As a side effect this also removes the
size restrictions on how many extents we can end_cow at a time, though
nobody ever hit that. It is not reasonable to reserve N blocks to remap
N blocks.
Note that this can be reproduced after ~320 million fsx ops while
running generic/938 (long soak directio fsx exerciser):
XFS: Assertion failed: tp->t_blk_res >= tp->t_blk_res_used, file: fs/xfs/xfs_trans.c, line: 116
<machine registers snipped>
Call Trace:
xfs_trans_dup+0x211/0x250 [xfs]
xfs_trans_roll+0x6d/0x180 [xfs]
xfs_defer_trans_roll+0x10c/0x3b0 [xfs]
xfs_defer_finish_noroll+0xdf/0x740 [xfs]
xfs_defer_finish+0x13/0x70 [xfs]
xfs_reflink_end_cow+0x2c6/0x680 [xfs]
xfs_dio_write_end_io+0x115/0x220 [xfs]
iomap_dio_complete+0x3f/0x130
iomap_dio_rw+0x3c3/0x420
xfs_file_dio_aio_write+0x132/0x3c0 [xfs]
xfs_file_write_iter+0x8b/0xc0 [xfs]
__vfs_write+0x193/0x1f0
vfs_write+0xba/0x1c0
ksys_write+0x52/0xc0
do_syscall_64+0x50/0x160
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
2018-12-12 08:46:19 -08:00
return error ;
}
/*
* Remap parts of a file ' s data fork after a successful CoW .
*/
int
xfs_reflink_end_cow (
struct xfs_inode * ip ,
xfs_off_t offset ,
xfs_off_t count )
{
xfs_fileoff_t offset_fsb ;
xfs_fileoff_t end_fsb ;
int error = 0 ;
trace_xfs_reflink_end_cow ( ip , offset , count ) ;
offset_fsb = XFS_B_TO_FSBT ( ip - > i_mount , offset ) ;
end_fsb = XFS_B_TO_FSB ( ip - > i_mount , offset + count ) ;
/*
* Walk backwards until we ' re out of the I / O range . The loop function
* repeatedly cycles the ILOCK to allocate one transaction per remapped
* extent .
*
* If we ' re being called by writeback then the the pages will still
* have PageWriteback set , which prevents races with reflink remapping
* and truncate . Reflink remapping prevents races with writeback by
* taking the iolock and mmaplock before flushing the pages and
* remapping , which means there won ' t be any further writeback or page
* cache dirtying until the reflink completes .
*
* We should never have two threads issuing writeback for the same file
* region . There are also have post - eof checks in the writeback
* preparation code so that we don ' t bother writing out pages that are
* about to be truncated .
*
* If we ' re being called as part of directio write completion , the dio
* count is still elevated , which reflink and truncate will wait for .
* Reflink remapping takes the iolock and mmaplock and waits for
* pending dio to finish , which should prevent any directio until the
* remap completes . Multiple concurrent directio writes to the same
* region are handled by end_cow processing only occurring for the
* threads which succeed ; the outcome of multiple overlapping direct
* writes is not well defined anyway .
*
* It ' s possible that a buffered write and a direct write could collide
* here ( the buffered write stumbles in after the dio flushes and
* invalidates the page cache and immediately queues writeback ) , but we
* have never supported this 100 % . If either disk write succeeds the
* blocks will be remapped .
*/
while ( end_fsb > offset_fsb & & ! error )
error = xfs_reflink_end_cow_extent ( ip , offset_fsb , & end_fsb ) ;
if ( error )
trace_xfs_reflink_end_cow_error ( ip , error , _RET_IP_ ) ;
2016-10-03 09:11:35 -07:00
return error ;
}
2016-10-03 09:11:39 -07:00
/*
* Free leftover CoW reservations that didn ' t get cleaned out .
*/
int
xfs_reflink_recover_cow (
struct xfs_mount * mp )
{
xfs_agnumber_t agno ;
int error = 0 ;
if ( ! xfs_sb_version_hasreflink ( & mp - > m_sb ) )
return 0 ;
for ( agno = 0 ; agno < mp - > m_sb . sb_agcount ; agno + + ) {
error = xfs_refcount_recover_cow_leftovers ( mp , agno ) ;
if ( error )
break ;
}
return error ;
}
2016-10-03 09:11:40 -07:00
/*
* Reflinking ( Block ) Ranges of Two Files Together
*
* First , ensure that the reflink flag is set on both inodes . The flag is an
* optimization to avoid unnecessary refcount btree lookups in the write path .
*
* Now we can iteratively remap the range of extents ( and holes ) in src to the
* corresponding ranges in dest . Let drange and srange denote the ranges of
* logical blocks in dest and src touched by the reflink operation .
*
* While the length of drange is greater than zero ,
* - Read src ' s bmbt at the start of srange ( " imap " )
* - If imap doesn ' t exist , make imap appear to start at the end of srange
* with zero length .
* - If imap starts before srange , advance imap to start at srange .
* - If imap goes beyond srange , truncate imap to end at the end of srange .
* - Punch ( imap start - srange start + imap len ) blocks from dest at
* offset ( drange start ) .
* - If imap points to a real range of pblks ,
* > Increase the refcount of the imap ' s pblks
* > Map imap ' s pblks into dest at the offset
* ( drange start + imap start - srange start )
* - Advance drange and srange by ( imap start - srange start + imap len )
*
* Finally , if the reflink made dest longer , update both the in - core and
* on - disk file sizes .
*
* ASCII Art Demonstration :
*
* Let ' s say we want to reflink this source file :
*
* - - - - SSSSSSS - SSSSS - - - - SSSSSS ( src file )
* < - - - - - - - - - - - - - - - - - - - - >
*
* into this destination file :
*
* - - DDDDDDDDDDDDDDDDDDD - - DDD ( dest file )
* < - - - - - - - - - - - - - - - - - - - - >
* ' - ' means a hole , and ' S ' and ' D ' are written blocks in the src and dest .
* Observe that the range has different logical offsets in either file .
*
* Consider that the first extent in the source file doesn ' t line up with our
* reflink range . Unmapping and remapping are separate operations , so we can
* unmap more blocks from the destination file than we remap .
*
* - - - - SSSSSSS - SSSSS - - - - SSSSSS
* < - - - - - - - >
* - - DDDDD - - - - - - - - - DDDDD - - DDD
* < - - - - - - - >
*
* Now remap the source extent into the destination file :
*
* - - - - SSSSSSS - SSSSS - - - - SSSSSS
* < - - - - - - - >
* - - DDDDD - - SSSSSSSDDDDD - - DDD
* < - - - - - - - >
*
* Do likewise with the second hole and extent in our range . Holes in the
* unmap range don ' t affect our operation .
*
* - - - - SSSSSSS - SSSSS - - - - SSSSSS
* < - - - - >
* - - DDDDD - - SSSSSSS - SSSSS - DDD
* < - - - - >
*
* Finally , unmap and remap part of the third extent . This will increase the
* size of the destination file .
*
* - - - - SSSSSSS - SSSSS - - - - SSSSSS
* < - - - - - >
* - - DDDDD - - SSSSSSS - SSSSS - - - - SSS
* < - - - - - >
*
* Once we update the destination file ' s i_size , we ' re done .
*/
/*
* Ensure the reflink bit is set in both inodes .
*/
STATIC int
xfs_reflink_set_inode_flag (
struct xfs_inode * src ,
struct xfs_inode * dest )
{
struct xfs_mount * mp = src - > i_mount ;
int error ;
struct xfs_trans * tp ;
if ( xfs_is_reflink_inode ( src ) & & xfs_is_reflink_inode ( dest ) )
return 0 ;
error = xfs_trans_alloc ( mp , & M_RES ( mp ) - > tr_ichange , 0 , 0 , 0 , & tp ) ;
if ( error )
goto out_error ;
/* Lock both files against IO */
if ( src - > i_ino = = dest - > i_ino )
xfs_ilock ( src , XFS_ILOCK_EXCL ) ;
else
2018-01-26 15:27:33 -08:00
xfs_lock_two_inodes ( src , XFS_ILOCK_EXCL , dest , XFS_ILOCK_EXCL ) ;
2016-10-03 09:11:40 -07:00
if ( ! xfs_is_reflink_inode ( src ) ) {
trace_xfs_reflink_set_inode_flag ( src ) ;
xfs_trans_ijoin ( tp , src , XFS_ILOCK_EXCL ) ;
src - > i_d . di_flags2 | = XFS_DIFLAG2_REFLINK ;
xfs_trans_log_inode ( tp , src , XFS_ILOG_CORE ) ;
xfs_ifork_init_cow ( src ) ;
} else
xfs_iunlock ( src , XFS_ILOCK_EXCL ) ;
if ( src - > i_ino = = dest - > i_ino )
goto commit_flags ;
if ( ! xfs_is_reflink_inode ( dest ) ) {
trace_xfs_reflink_set_inode_flag ( dest ) ;
xfs_trans_ijoin ( tp , dest , XFS_ILOCK_EXCL ) ;
dest - > i_d . di_flags2 | = XFS_DIFLAG2_REFLINK ;
xfs_trans_log_inode ( tp , dest , XFS_ILOG_CORE ) ;
xfs_ifork_init_cow ( dest ) ;
} else
xfs_iunlock ( dest , XFS_ILOCK_EXCL ) ;
commit_flags :
error = xfs_trans_commit ( tp ) ;
if ( error )
goto out_error ;
return error ;
out_error :
trace_xfs_reflink_set_inode_flag_error ( dest , error , _RET_IP_ ) ;
return error ;
}
/*
2016-10-03 09:11:43 -07:00
* Update destination inode size & cowextsize hint , if necessary .
2016-10-03 09:11:40 -07:00
*/
2018-10-30 10:47:26 +11:00
int
2016-10-03 09:11:40 -07:00
xfs_reflink_update_dest (
struct xfs_inode * dest ,
2016-10-03 09:11:43 -07:00
xfs_off_t newlen ,
2017-02-06 17:45:51 -08:00
xfs_extlen_t cowextsize ,
2018-10-30 10:41:28 +11:00
unsigned int remap_flags )
2016-10-03 09:11:40 -07:00
{
struct xfs_mount * mp = dest - > i_mount ;
struct xfs_trans * tp ;
int error ;
2018-10-30 10:47:48 +11:00
if ( newlen < = i_size_read ( VFS_I ( dest ) ) & & cowextsize = = 0 )
2016-10-03 09:11:40 -07:00
return 0 ;
error = xfs_trans_alloc ( mp , & M_RES ( mp ) - > tr_ichange , 0 , 0 , 0 , & tp ) ;
if ( error )
goto out_error ;
xfs_ilock ( dest , XFS_ILOCK_EXCL ) ;
xfs_trans_ijoin ( tp , dest , XFS_ILOCK_EXCL ) ;
2016-10-03 09:11:43 -07:00
if ( newlen > i_size_read ( VFS_I ( dest ) ) ) {
trace_xfs_reflink_update_inode_size ( dest , newlen ) ;
i_size_write ( VFS_I ( dest ) , newlen ) ;
dest - > i_d . di_size = newlen ;
}
if ( cowextsize ) {
dest - > i_d . di_cowextsize = cowextsize ;
dest - > i_d . di_flags2 | = XFS_DIFLAG2_COWEXTSIZE ;
}
2016-10-03 09:11:40 -07:00
xfs_trans_log_inode ( tp , dest , XFS_ILOG_CORE ) ;
error = xfs_trans_commit ( tp ) ;
if ( error )
goto out_error ;
return error ;
out_error :
trace_xfs_reflink_update_inode_size_error ( dest , error , _RET_IP_ ) ;
return error ;
}
2016-10-03 09:11:45 -07:00
/*
* Do we have enough reserve in this AG to handle a reflink ? The refcount
* btree already reserved all the space it needs , but the rmap btree can grow
* infinitely , so we won ' t allow more reflinks when the AG is down to the
* btree reserves .
*/
static int
xfs_reflink_ag_has_free_space (
struct xfs_mount * mp ,
xfs_agnumber_t agno )
{
struct xfs_perag * pag ;
int error = 0 ;
if ( ! xfs_sb_version_hasrmapbt ( & mp - > m_sb ) )
return 0 ;
pag = xfs_perag_get ( mp , agno ) ;
2018-03-09 14:01:59 -08:00
if ( xfs_ag_resv_critical ( pag , XFS_AG_RESV_RMAPBT ) | |
2016-10-03 09:11:45 -07:00
xfs_ag_resv_critical ( pag , XFS_AG_RESV_METADATA ) )
error = - ENOSPC ;
xfs_perag_put ( pag ) ;
return error ;
}
2016-10-03 09:11:40 -07:00
/*
* Unmap a range of blocks from a file , then map other blocks into the hole .
* The range to unmap is ( destoff : destoff + srcioff + irec - > br_blockcount ) .
* The extent irec is mapped into dest at irec - > br_startoff .
*/
STATIC int
xfs_reflink_remap_extent (
struct xfs_inode * ip ,
struct xfs_bmbt_irec * irec ,
xfs_fileoff_t destoff ,
xfs_off_t new_isize )
{
struct xfs_mount * mp = ip - > i_mount ;
2017-03-28 14:53:35 -07:00
bool real_extent = xfs_bmap_is_real_extent ( irec ) ;
2016-10-03 09:11:40 -07:00
struct xfs_trans * tp ;
unsigned int resblks ;
struct xfs_bmbt_irec uirec ;
xfs_filblks_t rlen ;
xfs_filblks_t unmap_len ;
xfs_off_t newlen ;
int error ;
unmap_len = irec - > br_startoff + irec - > br_blockcount - destoff ;
trace_xfs_reflink_punch_range ( ip , destoff , unmap_len ) ;
2016-10-03 09:11:45 -07:00
/* No reflinking if we're low on space */
if ( real_extent ) {
error = xfs_reflink_ag_has_free_space ( mp ,
XFS_FSB_TO_AGNO ( mp , irec - > br_startblock ) ) ;
if ( error )
goto out ;
}
2016-10-03 09:11:40 -07:00
/* Start a rolling transaction to switch the mappings */
resblks = XFS_EXTENTADD_SPACE_RES ( ip - > i_mount , XFS_DATA_FORK ) ;
error = xfs_trans_alloc ( mp , & M_RES ( mp ) - > tr_write , resblks , 0 , 0 , & tp ) ;
if ( error )
goto out ;
xfs_ilock ( ip , XFS_ILOCK_EXCL ) ;
xfs_trans_ijoin ( tp , ip , 0 ) ;
/* If we're not just clearing space, then do we have enough quota? */
if ( real_extent ) {
error = xfs_trans_reserve_quota_nblks ( tp , ip ,
irec - > br_blockcount , 0 , XFS_QMOPT_RES_REGBLKS ) ;
if ( error )
goto out_cancel ;
}
trace_xfs_reflink_remap ( ip , irec - > br_startoff ,
irec - > br_blockcount , irec - > br_startblock ) ;
/* Unmap the old blocks in the data fork. */
rlen = unmap_len ;
while ( rlen ) {
2018-08-01 07:20:35 -07:00
ASSERT ( tp - > t_firstblock = = NULLFSBLOCK ) ;
2018-07-11 22:26:25 -07:00
error = __xfs_bunmapi ( tp , ip , destoff , & rlen , 0 , 1 ) ;
2016-10-03 09:11:40 -07:00
if ( error )
2018-07-24 13:43:13 -07:00
goto out_cancel ;
2016-10-03 09:11:40 -07:00
/*
* Trim the extent to whatever got unmapped .
* Remember , bunmapi works backwards .
*/
uirec . br_startblock = irec - > br_startblock + rlen ;
uirec . br_startoff = irec - > br_startoff + rlen ;
uirec . br_blockcount = unmap_len - rlen ;
unmap_len = rlen ;
/* If this isn't a real mapping, we're done. */
if ( ! real_extent | | uirec . br_blockcount = = 0 )
goto next_extent ;
trace_xfs_reflink_remap ( ip , uirec . br_startoff ,
uirec . br_blockcount , uirec . br_startblock ) ;
/* Update the refcount tree */
2018-08-01 07:20:34 -07:00
error = xfs_refcount_increase_extent ( tp , & uirec ) ;
2016-10-03 09:11:40 -07:00
if ( error )
2018-07-24 13:43:13 -07:00
goto out_cancel ;
2016-10-03 09:11:40 -07:00
/* Map the new blocks into the data fork. */
2018-08-01 07:20:34 -07:00
error = xfs_bmap_map_extent ( tp , ip , & uirec ) ;
2016-10-03 09:11:40 -07:00
if ( error )
2018-07-24 13:43:13 -07:00
goto out_cancel ;
2016-10-03 09:11:40 -07:00
/* Update quota accounting. */
xfs_trans_mod_dquot_byino ( tp , ip , XFS_TRANS_DQ_BCOUNT ,
uirec . br_blockcount ) ;
/* Update dest isize if needed. */
newlen = XFS_FSB_TO_B ( mp ,
uirec . br_startoff + uirec . br_blockcount ) ;
newlen = min_t ( xfs_off_t , newlen , new_isize ) ;
if ( newlen > i_size_read ( VFS_I ( ip ) ) ) {
trace_xfs_reflink_update_inode_size ( ip , newlen ) ;
i_size_write ( VFS_I ( ip ) , newlen ) ;
ip - > i_d . di_size = newlen ;
xfs_trans_log_inode ( tp , ip , XFS_ILOG_CORE ) ;
}
next_extent :
/* Process all the deferred stuff. */
2018-07-24 13:43:15 -07:00
error = xfs_defer_finish ( & tp ) ;
2016-10-03 09:11:40 -07:00
if ( error )
2018-07-24 13:43:13 -07:00
goto out_cancel ;
2016-10-03 09:11:40 -07:00
}
error = xfs_trans_commit ( tp ) ;
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
if ( error )
goto out ;
return 0 ;
out_cancel :
xfs_trans_cancel ( tp ) ;
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
out :
trace_xfs_reflink_remap_extent_error ( ip , error , _RET_IP_ ) ;
return error ;
}
/*
* Iteratively remap one file ' s extents ( and holes ) to another ' s .
*/
2018-10-30 10:47:26 +11:00
int
2016-10-03 09:11:40 -07:00
xfs_reflink_remap_blocks (
struct xfs_inode * src ,
2018-10-30 10:46:50 +11:00
loff_t pos_in ,
2016-10-03 09:11:40 -07:00
struct xfs_inode * dest ,
2018-10-30 10:46:50 +11:00
loff_t pos_out ,
2018-10-30 10:47:06 +11:00
loff_t remap_len ,
loff_t * remapped )
2016-10-03 09:11:40 -07:00
{
struct xfs_bmbt_irec imap ;
2018-10-30 10:46:50 +11:00
xfs_fileoff_t srcoff ;
xfs_fileoff_t destoff ;
xfs_filblks_t len ;
xfs_filblks_t range_len ;
2018-10-30 10:47:06 +11:00
xfs_filblks_t remapped_len = 0 ;
2018-10-30 10:46:50 +11:00
xfs_off_t new_isize = pos_out + remap_len ;
2016-10-03 09:11:40 -07:00
int nimaps ;
int error = 0 ;
2018-10-30 10:46:50 +11:00
destoff = XFS_B_TO_FSBT ( src - > i_mount , pos_out ) ;
srcoff = XFS_B_TO_FSBT ( src - > i_mount , pos_in ) ;
len = XFS_B_TO_FSB ( src - > i_mount , remap_len ) ;
2016-10-03 09:11:40 -07:00
/* drange = (destoff, destoff + len); srange = (srcoff, srcoff + len) */
while ( len ) {
2018-01-18 14:07:53 -08:00
uint lock_mode ;
2016-10-03 09:11:40 -07:00
trace_xfs_reflink_remap_blocks_loop ( src , srcoff , len ,
dest , destoff ) ;
2018-01-18 14:07:53 -08:00
2016-10-03 09:11:40 -07:00
/* Read extent from the source file */
nimaps = 1 ;
2018-01-18 14:07:53 -08:00
lock_mode = xfs_ilock_data_map_shared ( src ) ;
2016-10-03 09:11:40 -07:00
error = xfs_bmapi_read ( src , srcoff , len , & imap , & nimaps , 0 ) ;
2018-01-18 14:07:53 -08:00
xfs_iunlock ( src , lock_mode ) ;
2016-10-03 09:11:40 -07:00
if ( error )
2018-10-30 10:46:50 +11:00
break ;
2016-10-03 09:11:40 -07:00
ASSERT ( nimaps = = 1 ) ;
trace_xfs_reflink_remap_imap ( src , srcoff , len , XFS_IO_OVERWRITE ,
& imap ) ;
/* Translate imap into the destination file. */
range_len = imap . br_startoff + imap . br_blockcount - srcoff ;
imap . br_startoff + = destoff - srcoff ;
/* Clear dest from destoff to the end of imap and map it in. */
error = xfs_reflink_remap_extent ( dest , & imap , destoff ,
new_isize ) ;
if ( error )
2018-10-30 10:46:50 +11:00
break ;
2016-10-03 09:11:40 -07:00
if ( fatal_signal_pending ( current ) ) {
error = - EINTR ;
2018-10-30 10:46:50 +11:00
break ;
2016-10-03 09:11:40 -07:00
}
/* Advance drange/srange */
srcoff + = range_len ;
destoff + = range_len ;
len - = range_len ;
2018-10-30 10:47:06 +11:00
remapped_len + = range_len ;
2016-10-03 09:11:40 -07:00
}
2018-10-30 10:46:50 +11:00
if ( error )
trace_xfs_reflink_remap_blocks_error ( dest , error , _RET_IP_ ) ;
2018-10-30 10:47:06 +11:00
* remapped = min_t ( loff_t , remap_len ,
XFS_FSB_TO_B ( src - > i_mount , remapped_len ) ) ;
2016-10-03 09:11:40 -07:00
return error ;
}
2018-01-18 13:55:20 -08:00
/*
* Grab the exclusive iolock for a data copy from src to dest , making
* sure to abide vfs locking order ( lowest pointer value goes first ) and
* breaking the pnfs layout leases on dest before proceeding . The loop
* is needed because we cannot call the blocking break_layout ( ) with the
* src iolock held , and therefore have to back out both locks .
*/
static int
xfs_iolock_two_inodes_and_break_layout (
struct inode * src ,
struct inode * dest )
{
int error ;
retry :
if ( src < dest ) {
2018-01-18 14:07:53 -08:00
inode_lock_shared ( src ) ;
2018-01-18 13:55:20 -08:00
inode_lock_nested ( dest , I_MUTEX_NONDIR2 ) ;
} else {
/* src >= dest */
inode_lock ( dest ) ;
}
error = break_layout ( dest , false ) ;
if ( error = = - EWOULDBLOCK ) {
inode_unlock ( dest ) ;
if ( src < dest )
2018-01-18 14:07:53 -08:00
inode_unlock_shared ( src ) ;
2018-01-18 13:55:20 -08:00
error = break_layout ( dest , true ) ;
if ( error )
return error ;
goto retry ;
}
if ( error ) {
inode_unlock ( dest ) ;
if ( src < dest )
2018-01-18 14:07:53 -08:00
inode_unlock_shared ( src ) ;
2018-01-18 13:55:20 -08:00
return error ;
}
if ( src > dest )
2018-01-18 14:07:53 -08:00
inode_lock_shared_nested ( src , I_MUTEX_NONDIR2 ) ;
2018-01-18 13:55:20 -08:00
return 0 ;
}
2018-10-05 19:04:22 +10:00
/* Unlock both inodes after they've been prepped for a range clone. */
2018-10-30 10:47:26 +11:00
void
2018-10-05 19:04:22 +10:00
xfs_reflink_remap_unlock (
struct file * file_in ,
struct file * file_out )
{
struct inode * inode_in = file_inode ( file_in ) ;
struct xfs_inode * src = XFS_I ( inode_in ) ;
struct inode * inode_out = file_inode ( file_out ) ;
struct xfs_inode * dest = XFS_I ( inode_out ) ;
bool same_inode = ( inode_in = = inode_out ) ;
xfs_iunlock ( dest , XFS_MMAPLOCK_EXCL ) ;
if ( ! same_inode )
xfs_iunlock ( src , XFS_MMAPLOCK_SHARED ) ;
inode_unlock ( inode_out ) ;
if ( ! same_inode )
inode_unlock_shared ( inode_in ) ;
}
2018-10-05 19:04:27 +10:00
/*
* If we ' re reflinking to a point past the destination file ' s EOF , we must
* zero any speculative post - EOF preallocations that sit between the old EOF
* and the destination file offset .
*/
static int
xfs_reflink_zero_posteof (
struct xfs_inode * ip ,
loff_t pos )
{
loff_t isize = i_size_read ( VFS_I ( ip ) ) ;
if ( pos < = isize )
return 0 ;
trace_xfs_zero_eof ( ip , isize , pos - isize ) ;
return iomap_zero_range ( VFS_I ( ip ) , isize , pos - isize , NULL ,
& xfs_iomap_ops ) ;
}
2016-10-03 09:11:40 -07:00
/*
2018-10-05 19:04:22 +10:00
* Prepare two files for range cloning . Upon a successful return both inodes
2018-10-06 11:44:39 +10:00
* will have the iolock and mmaplock held , the page cache of the out file will
* be truncated , and any leases on the out file will have been broken . This
* function borrows heavily from xfs_file_aio_write_checks .
2018-10-06 11:44:19 +10:00
*
* The VFS allows partial EOF blocks to " match " for dedupe even though it hasn ' t
* checked that the bytes beyond EOF physically match . Hence we cannot use the
* EOF block in the source dedupe range because it ' s not a complete block match ,
2018-10-06 11:44:39 +10:00
* hence can introduce a corruption into the file that has it ' s block replaced .
2018-10-06 11:44:19 +10:00
*
2018-10-06 11:44:39 +10:00
* In similar fashion , the VFS file cloning also allows partial EOF blocks to be
* " block aligned " for the purposes of cloning entire files . However , if the
* source file range includes the EOF block and it lands within the existing EOF
* of the destination file , then we can expose stale data from beyond the source
* file EOF in the destination file .
*
* XFS doesn ' t support partial block sharing , so in both cases we have check
* these cases ourselves . For dedupe , we can simply round the length to dedupe
* down to the previous whole block and ignore the partial EOF block . While this
* means we can ' t dedupe the last block of a file , this is an acceptible
* tradeoff for simplicity on implementation .
*
* For cloning , we want to share the partial EOF block if it is also the new EOF
* block of the destination file . If the partial EOF block lies inside the
* existing destination EOF , then we have to abort the clone to avoid exposing
* stale data in the destination file . Hence we reject these clone attempts with
* - EINVAL in this case .
2016-10-03 09:11:40 -07:00
*/
2018-10-30 10:47:26 +11:00
int
2018-10-05 19:04:22 +10:00
xfs_reflink_remap_prep (
2016-10-20 15:50:07 +11:00
struct file * file_in ,
loff_t pos_in ,
struct file * file_out ,
loff_t pos_out ,
2018-10-30 10:41:49 +11:00
loff_t * len ,
2018-10-30 10:41:28 +11:00
unsigned int remap_flags )
2016-10-03 09:11:40 -07:00
{
2016-10-20 15:50:07 +11:00
struct inode * inode_in = file_inode ( file_in ) ;
struct xfs_inode * src = XFS_I ( inode_in ) ;
struct inode * inode_out = file_inode ( file_out ) ;
struct xfs_inode * dest = XFS_I ( inode_out ) ;
bool same_inode = ( inode_in = = inode_out ) ;
ssize_t ret ;
2016-10-03 09:11:40 -07:00
2016-10-20 15:50:07 +11:00
/* Lock both files against IO */
2018-01-18 13:55:20 -08:00
ret = xfs_iolock_two_inodes_and_break_layout ( inode_in , inode_out ) ;
if ( ret )
return ret ;
2016-11-30 14:33:25 +11:00
if ( same_inode )
2016-10-20 15:50:07 +11:00
xfs_ilock ( src , XFS_MMAPLOCK_EXCL ) ;
2016-11-30 14:33:25 +11:00
else
2018-01-18 14:07:53 -08:00
xfs_lock_two_inodes ( src , XFS_MMAPLOCK_SHARED , dest ,
2018-01-26 15:27:33 -08:00
XFS_MMAPLOCK_EXCL ) ;
2016-10-20 15:50:07 +11:00
2016-12-09 16:18:30 -08:00
/* Check file eligibility and prepare for block sharing. */
2016-10-20 15:50:07 +11:00
ret = - EINVAL ;
2016-10-03 09:11:40 -07:00
/* Don't reflink realtime inodes */
if ( XFS_IS_REALTIME_INODE ( src ) | | XFS_IS_REALTIME_INODE ( dest ) )
2016-10-20 15:50:07 +11:00
goto out_unlock ;
/* Don't share DAX file data for now. */
if ( IS_DAX ( inode_in ) | | IS_DAX ( inode_out ) )
goto out_unlock ;
2018-10-30 10:41:08 +11:00
ret = generic_remap_file_range_prep ( file_in , pos_in , file_out , pos_out ,
2018-10-30 10:41:28 +11:00
len , remap_flags ) ;
2018-10-30 10:42:24 +11:00
if ( ret < 0 | | * len = = 0 )
2016-10-20 15:50:07 +11:00
goto out_unlock ;
2018-01-19 08:56:04 -08:00
/* Attach dquots to dest inode before changing block map */
2018-05-04 15:30:21 -07:00
ret = xfs_qm_dqattach ( dest ) ;
2018-01-19 08:56:04 -08:00
if ( ret )
goto out_unlock ;
2017-12-10 18:03:54 -08:00
/*
2018-10-05 19:04:27 +10:00
* Zero existing post - eof speculative preallocations in the destination
* file .
2017-12-10 18:03:54 -08:00
*/
2018-10-05 19:04:27 +10:00
ret = xfs_reflink_zero_posteof ( dest , pos_out ) ;
if ( ret )
goto out_unlock ;
2017-12-10 18:03:54 -08:00
2016-12-09 16:18:30 -08:00
/* Set flags and remap blocks. */
2016-10-20 15:50:07 +11:00
ret = xfs_reflink_set_inode_flag ( src , dest ) ;
if ( ret )
goto out_unlock ;
2016-10-03 09:11:40 -07:00
2018-11-19 13:31:10 -08:00
/*
* If pos_out > EOF , we may have dirtied blocks between EOF and
* pos_out . In that case , we need to extend the flush and unmap to cover
* from EOF to the end of the copy length .
*/
if ( pos_out > XFS_ISIZE ( dest ) ) {
loff_t flen = * len + ( pos_out - XFS_ISIZE ( dest ) ) ;
ret = xfs_flush_unmap_range ( dest , XFS_ISIZE ( dest ) , flen ) ;
} else {
ret = xfs_flush_unmap_range ( dest , pos_out , * len ) ;
}
if ( ret )
goto out_unlock ;
2018-10-05 19:05:41 +10:00
2018-10-05 19:04:22 +10:00
return 1 ;
out_unlock :
xfs_reflink_remap_unlock ( file_in , file_out ) ;
return ret ;
}
2016-10-03 09:11:43 -07:00
/*
* The user wants to preemptively CoW all shared blocks in this file ,
* which enables us to turn off the reflink flag . Iterate all
* extents which are not prealloc / delalloc to see which ranges are
* mentioned in the refcount tree , then read those blocks into the
* pagecache , dirty them , fsync them back out , and then we can update
* the inode flag . What happens if we run out of memory ? : )
*/
STATIC int
xfs_reflink_dirty_extents (
struct xfs_inode * ip ,
xfs_fileoff_t fbno ,
xfs_filblks_t end ,
xfs_off_t isize )
{
struct xfs_mount * mp = ip - > i_mount ;
xfs_agnumber_t agno ;
xfs_agblock_t agbno ;
xfs_extlen_t aglen ;
xfs_agblock_t rbno ;
xfs_extlen_t rlen ;
xfs_off_t fpos ;
xfs_off_t flen ;
struct xfs_bmbt_irec map [ 2 ] ;
int nmaps ;
2016-10-10 16:49:18 +11:00
int error = 0 ;
2016-10-03 09:11:43 -07:00
while ( end - fbno > 0 ) {
nmaps = 1 ;
/*
* Look for extents in the file . Skip holes , delalloc , or
* unwritten extents ; they can ' t be reflinked .
*/
error = xfs_bmapi_read ( ip , fbno , end - fbno , map , & nmaps , 0 ) ;
if ( error )
goto out ;
if ( nmaps = = 0 )
break ;
2017-03-28 14:53:35 -07:00
if ( ! xfs_bmap_is_real_extent ( & map [ 0 ] ) )
2016-10-03 09:11:43 -07:00
goto next ;
map [ 1 ] = map [ 0 ] ;
while ( map [ 1 ] . br_blockcount ) {
agno = XFS_FSB_TO_AGNO ( mp , map [ 1 ] . br_startblock ) ;
agbno = XFS_FSB_TO_AGBNO ( mp , map [ 1 ] . br_startblock ) ;
aglen = map [ 1 ] . br_blockcount ;
2017-06-16 11:00:10 -07:00
error = xfs_reflink_find_shared ( mp , NULL , agno , agbno ,
aglen , & rbno , & rlen , true ) ;
2016-10-03 09:11:43 -07:00
if ( error )
goto out ;
if ( rbno = = NULLAGBLOCK )
break ;
/* Dirty the pages */
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
fpos = XFS_FSB_TO_B ( mp , map [ 1 ] . br_startoff +
( rbno - agbno ) ) ;
flen = XFS_FSB_TO_B ( mp , rlen ) ;
if ( fpos + flen > isize )
flen = isize - fpos ;
error = iomap_file_dirty ( VFS_I ( ip ) , fpos , flen ,
& xfs_iomap_ops ) ;
xfs_ilock ( ip , XFS_ILOCK_EXCL ) ;
if ( error )
goto out ;
map [ 1 ] . br_blockcount - = ( rbno - agbno + rlen ) ;
map [ 1 ] . br_startoff + = ( rbno - agbno + rlen ) ;
map [ 1 ] . br_startblock + = ( rbno - agbno + rlen ) ;
}
next :
fbno = map [ 0 ] . br_startoff + map [ 0 ] . br_blockcount ;
}
out :
return error ;
}
2017-06-16 11:00:11 -07:00
/* Does this inode need the reflink flag? */
2016-10-03 09:11:43 -07:00
int
2017-06-16 11:00:11 -07:00
xfs_reflink_inode_has_shared_extents (
struct xfs_trans * tp ,
struct xfs_inode * ip ,
bool * has_shared )
2016-10-03 09:11:43 -07:00
{
2017-06-16 11:00:11 -07:00
struct xfs_bmbt_irec got ;
struct xfs_mount * mp = ip - > i_mount ;
struct xfs_ifork * ifp ;
xfs_agnumber_t agno ;
xfs_agblock_t agbno ;
xfs_extlen_t aglen ;
xfs_agblock_t rbno ;
xfs_extlen_t rlen ;
2017-11-03 10:34:43 -07:00
struct xfs_iext_cursor icur ;
2017-06-16 11:00:11 -07:00
bool found ;
int error ;
2016-10-03 09:11:43 -07:00
2017-06-16 11:00:11 -07:00
ifp = XFS_IFORK_PTR ( ip , XFS_DATA_FORK ) ;
if ( ! ( ifp - > if_flags & XFS_IFEXTENTS ) ) {
error = xfs_iread_extents ( tp , ip , XFS_DATA_FORK ) ;
2016-10-03 09:11:43 -07:00
if ( error )
return error ;
2017-06-16 11:00:11 -07:00
}
2016-10-03 09:11:43 -07:00
2017-06-16 11:00:11 -07:00
* has_shared = false ;
2017-11-03 10:34:43 -07:00
found = xfs_iext_lookup_extent ( ip , ifp , 0 , & icur , & got ) ;
2017-06-16 11:00:11 -07:00
while ( found ) {
if ( isnullstartblock ( got . br_startblock ) | |
got . br_state ! = XFS_EXT_NORM )
goto next ;
agno = XFS_FSB_TO_AGNO ( mp , got . br_startblock ) ;
agbno = XFS_FSB_TO_AGBNO ( mp , got . br_startblock ) ;
aglen = got . br_blockcount ;
2016-10-03 09:11:43 -07:00
2017-06-16 11:00:11 -07:00
error = xfs_reflink_find_shared ( mp , tp , agno , agbno , aglen ,
2016-10-10 16:47:40 +11:00
& rbno , & rlen , false ) ;
if ( error )
return error ;
/* Is there still a shared block here? */
2017-06-16 11:00:11 -07:00
if ( rbno ! = NULLAGBLOCK ) {
* has_shared = true ;
2016-10-10 16:47:40 +11:00
return 0 ;
2017-06-16 11:00:11 -07:00
}
2016-10-03 09:11:43 -07:00
next :
2017-11-03 10:34:43 -07:00
found = xfs_iext_next_extent ( ifp , & icur , & got ) ;
2016-10-03 09:11:43 -07:00
}
2017-06-16 11:00:11 -07:00
return 0 ;
}
2018-05-09 07:49:10 -07:00
/*
* Clear the inode reflink flag if there are no shared extents .
*
* The caller is responsible for joining the inode to the transaction passed in .
* The inode will be joined to the transaction that is returned to the caller .
*/
2017-06-16 11:00:11 -07:00
int
xfs_reflink_clear_inode_flag (
struct xfs_inode * ip ,
struct xfs_trans * * tpp )
{
bool needs_flag ;
int error = 0 ;
ASSERT ( xfs_is_reflink_inode ( ip ) ) ;
error = xfs_reflink_inode_has_shared_extents ( * tpp , ip , & needs_flag ) ;
if ( error | | needs_flag )
return error ;
2016-10-03 09:11:43 -07:00
/*
* We didn ' t find any shared blocks so turn off the reflink flag .
* First , get rid of any leftover CoW mappings .
*/
2017-03-07 16:45:58 -08:00
error = xfs_reflink_cancel_cow_blocks ( ip , tpp , 0 , NULLFILEOFF , true ) ;
2016-10-03 09:11:43 -07:00
if ( error )
return error ;
/* Clear the inode flag. */
trace_xfs_reflink_unset_inode_flag ( ip ) ;
ip - > i_d . di_flags2 & = ~ XFS_DIFLAG2_REFLINK ;
2016-10-03 09:11:46 -07:00
xfs_inode_clear_cowblocks_tag ( ip ) ;
2016-10-03 09:11:43 -07:00
xfs_trans_log_inode ( * tpp , ip , XFS_ILOG_CORE ) ;
return error ;
}
/*
* Clear the inode reflink flag if there are no shared extents and the size
* hasn ' t changed .
*/
STATIC int
xfs_reflink_try_clear_inode_flag (
2016-10-10 16:49:01 +11:00
struct xfs_inode * ip )
2016-10-03 09:11:43 -07:00
{
struct xfs_mount * mp = ip - > i_mount ;
struct xfs_trans * tp ;
int error = 0 ;
/* Start a rolling transaction to remove the mappings */
error = xfs_trans_alloc ( mp , & M_RES ( mp ) - > tr_write , 0 , 0 , 0 , & tp ) ;
if ( error )
return error ;
xfs_ilock ( ip , XFS_ILOCK_EXCL ) ;
xfs_trans_ijoin ( tp , ip , 0 ) ;
error = xfs_reflink_clear_inode_flag ( ip , & tp ) ;
if ( error )
goto cancel ;
error = xfs_trans_commit ( tp ) ;
if ( error )
goto out ;
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
return 0 ;
cancel :
xfs_trans_cancel ( tp ) ;
out :
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
return error ;
}
/*
* Pre - COW all shared blocks within a given byte range of a file and turn off
* the reflink flag if we unshare all of the file ' s blocks .
*/
int
xfs_reflink_unshare (
struct xfs_inode * ip ,
xfs_off_t offset ,
xfs_off_t len )
{
struct xfs_mount * mp = ip - > i_mount ;
xfs_fileoff_t fbno ;
xfs_filblks_t end ;
xfs_off_t isize ;
int error ;
if ( ! xfs_is_reflink_inode ( ip ) )
return 0 ;
trace_xfs_reflink_unshare ( ip , offset , len ) ;
inode_dio_wait ( VFS_I ( ip ) ) ;
/* Try to CoW the selected ranges */
xfs_ilock ( ip , XFS_ILOCK_EXCL ) ;
2016-10-10 16:49:01 +11:00
fbno = XFS_B_TO_FSBT ( mp , offset ) ;
2016-10-03 09:11:43 -07:00
isize = i_size_read ( VFS_I ( ip ) ) ;
end = XFS_B_TO_FSB ( mp , offset + len ) ;
error = xfs_reflink_dirty_extents ( ip , fbno , end , isize ) ;
if ( error )
goto out_unlock ;
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
/* Wait for the IO to finish */
error = filemap_write_and_wait ( VFS_I ( ip ) - > i_mapping ) ;
if ( error )
goto out ;
2016-10-10 16:49:01 +11:00
/* Turn off the reflink flag if possible. */
error = xfs_reflink_try_clear_inode_flag ( ip ) ;
if ( error )
goto out ;
2016-10-03 09:11:43 -07:00
return 0 ;
out_unlock :
xfs_iunlock ( ip , XFS_ILOCK_EXCL ) ;
out :
trace_xfs_reflink_unshare_error ( ip , error , _RET_IP_ ) ;
return error ;
}