2018-06-05 19:42:14 -07:00
// SPDX-License-Identifier: GPL-2.0
2005-04-16 15:20:36 -07:00
/*
2005-11-02 14:58:39 +11:00
* Copyright ( c ) 2000 - 2002 , 2005 Silicon Graphics , Inc .
* All Rights Reserved .
2005-04-16 15:20:36 -07:00
*/
# include "xfs.h"
2005-11-02 14:38:42 +11:00
# include "xfs_fs.h"
2013-10-23 10:36:05 +11:00
# include "xfs_format.h"
2013-10-23 10:50:10 +11:00
# include "xfs_log_format.h"
2013-10-23 10:36:05 +11:00
# include "xfs_shared.h"
2013-10-23 10:50:10 +11:00
# include "xfs_trans_resv.h"
2005-11-02 14:38:42 +11:00
# include "xfs_bit.h"
2005-04-16 15:20:36 -07:00
# include "xfs_sb.h"
# include "xfs_mount.h"
2016-08-03 11:15:38 +10:00
# include "xfs_defer.h"
2005-11-02 14:38:42 +11:00
# include "xfs_inode.h"
2005-04-16 15:20:36 -07:00
# include "xfs_btree.h"
2016-08-03 11:33:43 +10:00
# include "xfs_rmap.h"
2013-10-23 10:51:50 +11:00
# include "xfs_alloc_btree.h"
2005-04-16 15:20:36 -07:00
# include "xfs_alloc.h"
2012-04-29 10:39:43 +00:00
# include "xfs_extent_busy.h"
2017-10-31 12:04:49 -07:00
# include "xfs_errortag.h"
2005-04-16 15:20:36 -07:00
# include "xfs_error.h"
2013-04-03 16:11:13 +11:00
# include "xfs_cksum.h"
2009-12-14 23:14:59 +00:00
# include "xfs_trace.h"
2013-10-23 10:50:10 +11:00
# include "xfs_trans.h"
2013-04-03 16:11:13 +11:00
# include "xfs_buf_item.h"
2013-10-23 10:50:10 +11:00
# include "xfs_log.h"
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
# include "xfs_ag_resv.h"
2018-05-07 17:38:47 -07:00
# include "xfs_bmap.h"
extern kmem_zone_t * xfs_bmap_free_item_zone ;
2005-04-16 15:20:36 -07:00
2012-03-22 05:15:07 +00:00
struct workqueue_struct * xfs_alloc_wq ;
2005-04-16 15:20:36 -07:00
# define XFS_ABSDIFF(a,b) (((a) <= (b)) ? ((b) - (a)) : ((a) - (b)))
# define XFSA_FIXUP_BNO_OK 1
# define XFSA_FIXUP_CNT_OK 2
STATIC int xfs_alloc_ag_vextent_exact ( xfs_alloc_arg_t * ) ;
STATIC int xfs_alloc_ag_vextent_near ( xfs_alloc_arg_t * ) ;
STATIC int xfs_alloc_ag_vextent_size ( xfs_alloc_arg_t * ) ;
STATIC int xfs_alloc_ag_vextent_small ( xfs_alloc_arg_t * ,
2011-04-24 19:06:15 +00:00
xfs_btree_cur_t * , xfs_agblock_t * , xfs_extlen_t * , int * ) ;
2005-04-16 15:20:36 -07:00
2018-03-06 17:08:32 -08:00
/*
* Size of the AGFL . For CRC - enabled filesystes we steal a couple of slots in
* the beginning of the block for a proper header with the location information
* and CRC .
*/
unsigned int
xfs_agfl_size (
struct xfs_mount * mp )
{
unsigned int size = mp - > m_sb . sb_sectsize ;
if ( xfs_sb_version_hascrc ( & mp - > m_sb ) )
size - = sizeof ( struct xfs_agfl ) ;
return size / sizeof ( xfs_agblock_t ) ;
}
2016-10-03 09:11:17 -07:00
unsigned int
xfs_refc_block (
struct xfs_mount * mp )
{
if ( xfs_sb_version_hasrmapbt ( & mp - > m_sb ) )
return XFS_RMAP_BLOCK ( mp ) + 1 ;
if ( xfs_sb_version_hasfinobt ( & mp - > m_sb ) )
return XFS_FIBT_BLOCK ( mp ) + 1 ;
return XFS_IBT_BLOCK ( mp ) + 1 ;
}
2016-08-03 11:31:47 +10:00
xfs_extlen_t
xfs_prealloc_blocks (
struct xfs_mount * mp )
{
2016-10-03 09:11:17 -07:00
if ( xfs_sb_version_hasreflink ( & mp - > m_sb ) )
return xfs_refc_block ( mp ) + 1 ;
2016-08-03 11:31:47 +10:00
if ( xfs_sb_version_hasrmapbt ( & mp - > m_sb ) )
return XFS_RMAP_BLOCK ( mp ) + 1 ;
if ( xfs_sb_version_hasfinobt ( & mp - > m_sb ) )
return XFS_FIBT_BLOCK ( mp ) + 1 ;
return XFS_IBT_BLOCK ( mp ) + 1 ;
}
2016-08-03 11:38:24 +10:00
/*
* In order to avoid ENOSPC - related deadlock caused by out - of - order locking of
* AGF buffer ( PV 947395 ) , we place constraints on the relationship among
* actual allocations for data blocks , freelist blocks , and potential file data
* bmap btree blocks . However , these restrictions may result in no actual space
* allocated for a delayed extent , for example , a data block in a certain AG is
* allocated but there is no additional block for the additional bmap btree
* block due to a split of the bmap btree of the file . The result of this may
* lead to an infinite loop when the file gets flushed to disk and all delayed
* extents need to be actually allocated . To get around this , we explicitly set
* aside a few blocks which will not be reserved in delayed allocation .
*
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
* We need to reserve 4 fsbs _per AG_ for the freelist and 4 more to handle a
* potential split of the file ' s bmap btree .
2016-08-03 11:38:24 +10:00
*/
unsigned int
xfs_alloc_set_aside (
struct xfs_mount * mp )
{
2017-01-09 13:36:30 -08:00
return mp - > m_sb . sb_agcount * ( XFS_ALLOC_AGFL_RESERVE + 4 ) ;
2016-08-03 11:38:24 +10:00
}
/*
* When deciding how much space to allocate out of an AG , we limit the
* allocation maximum size to the size the AG . However , we cannot use all the
* blocks in the AG - some are permanently used by metadata . These
* blocks are generally :
* - the AG superblock , AGF , AGI and AGFL
* - the AGF ( bno and cnt ) and AGI btree root blocks , and optionally
* the AGI free inode and rmap btree root blocks .
* - blocks on the AGFL according to xfs_alloc_set_aside ( ) limits
* - the rmapbt root block
*
* The AG headers are sector sized , so the amount of space they take up is
* dependent on filesystem geometry . The others are all single blocks .
*/
unsigned int
xfs_alloc_ag_max_usable (
struct xfs_mount * mp )
{
unsigned int blocks ;
blocks = XFS_BB_TO_FSB ( mp , XFS_FSS_TO_BB ( mp , 4 ) ) ; /* ag headers */
blocks + = XFS_ALLOC_AGFL_RESERVE ;
blocks + = 3 ; /* AGF, AGI btree root blocks */
if ( xfs_sb_version_hasfinobt ( & mp - > m_sb ) )
blocks + + ; /* finobt root block */
if ( xfs_sb_version_hasrmapbt ( & mp - > m_sb ) )
blocks + + ; /* rmap root block */
2016-10-03 09:11:24 -07:00
if ( xfs_sb_version_hasreflink ( & mp - > m_sb ) )
blocks + + ; /* refcount root block */
2016-08-03 11:38:24 +10:00
return mp - > m_sb . sb_agblocks - blocks ;
}
2008-10-30 16:56:09 +11:00
/*
* Lookup the record equal to [ bno , len ] in the btree given by cur .
*/
STATIC int /* error */
xfs_alloc_lookup_eq (
struct xfs_btree_cur * cur , /* btree cursor */
xfs_agblock_t bno , /* starting block of extent */
xfs_extlen_t len , /* length of extent */
int * stat ) /* success/failure */
{
cur - > bc_rec . a . ar_startblock = bno ;
cur - > bc_rec . a . ar_blockcount = len ;
return xfs_btree_lookup ( cur , XFS_LOOKUP_EQ , stat ) ;
}
/*
* Lookup the first record greater than or equal to [ bno , len ]
* in the btree given by cur .
*/
2012-03-22 05:15:12 +00:00
int /* error */
2008-10-30 16:56:09 +11:00
xfs_alloc_lookup_ge (
struct xfs_btree_cur * cur , /* btree cursor */
xfs_agblock_t bno , /* starting block of extent */
xfs_extlen_t len , /* length of extent */
int * stat ) /* success/failure */
{
cur - > bc_rec . a . ar_startblock = bno ;
cur - > bc_rec . a . ar_blockcount = len ;
return xfs_btree_lookup ( cur , XFS_LOOKUP_GE , stat ) ;
}
/*
* Lookup the first record less than or equal to [ bno , len ]
* in the btree given by cur .
*/
2018-01-16 18:52:12 -08:00
int /* error */
2008-10-30 16:56:09 +11:00
xfs_alloc_lookup_le (
struct xfs_btree_cur * cur , /* btree cursor */
xfs_agblock_t bno , /* starting block of extent */
xfs_extlen_t len , /* length of extent */
int * stat ) /* success/failure */
{
cur - > bc_rec . a . ar_startblock = bno ;
cur - > bc_rec . a . ar_blockcount = len ;
return xfs_btree_lookup ( cur , XFS_LOOKUP_LE , stat ) ;
}
2008-10-30 16:56:32 +11:00
/*
* Update the record referred to by cur to the value given
* by [ bno , len ] .
* This either works ( return 0 ) or gets an EFSCORRUPTED error .
*/
STATIC int /* error */
xfs_alloc_update (
struct xfs_btree_cur * cur , /* btree cursor */
xfs_agblock_t bno , /* starting block of extent */
xfs_extlen_t len ) /* length of extent */
{
union xfs_btree_rec rec ;
rec . alloc . ar_startblock = cpu_to_be32 ( bno ) ;
rec . alloc . ar_blockcount = cpu_to_be32 ( len ) ;
return xfs_btree_update ( cur , & rec ) ;
}
2008-10-30 16:56:09 +11:00
2008-10-30 16:58:11 +11:00
/*
* Get the data from the pointed - to record .
*/
2011-01-07 13:02:04 +00:00
int /* error */
2008-10-30 16:58:11 +11:00
xfs_alloc_get_rec (
struct xfs_btree_cur * cur , /* btree cursor */
xfs_agblock_t * bno , /* output: starting block of extent */
xfs_extlen_t * len , /* output: length of extent */
int * stat ) /* output: success/failure */
{
2018-06-05 19:42:13 -07:00
struct xfs_mount * mp = cur - > bc_mp ;
xfs_agnumber_t agno = cur - > bc_private . a . agno ;
2008-10-30 16:58:11 +11:00
union xfs_btree_rec * rec ;
int error ;
error = xfs_btree_get_rec ( cur , & rec , stat ) ;
2018-06-03 16:10:14 -07:00
if ( error | | ! ( * stat ) )
return error ;
* bno = be32_to_cpu ( rec - > alloc . ar_startblock ) ;
* len = be32_to_cpu ( rec - > alloc . ar_blockcount ) ;
2018-07-11 22:26:36 -07:00
if ( * len = = 0 )
goto out_bad_rec ;
2018-06-05 19:42:13 -07:00
/* check for valid extent range, including overflow */
if ( ! xfs_verify_agbno ( mp , agno , * bno ) )
goto out_bad_rec ;
if ( * bno > * bno + * len )
goto out_bad_rec ;
if ( ! xfs_verify_agbno ( mp , agno , * bno + * len - 1 ) )
goto out_bad_rec ;
return 0 ;
out_bad_rec :
xfs_warn ( mp ,
" %s Freespace BTree record corruption in AG %d detected! " ,
cur - > bc_btnum = = XFS_BTNUM_BNO ? " Block " : " Size " , agno ) ;
xfs_warn ( mp ,
" start block 0x%x block count 0x%x " , * bno , * len ) ;
return - EFSCORRUPTED ;
2008-10-30 16:58:11 +11:00
}
2005-04-16 15:20:36 -07:00
/*
* Compute aligned version of the found extent .
* Takes alignment and min length into account .
*/
2017-02-07 14:06:57 -08:00
STATIC bool
2005-04-16 15:20:36 -07:00
xfs_alloc_compute_aligned (
2011-03-04 12:59:54 +00:00
xfs_alloc_arg_t * args , /* allocation argument structure */
2005-04-16 15:20:36 -07:00
xfs_agblock_t foundbno , /* starting block in found extent */
xfs_extlen_t foundlen , /* length in found extent */
xfs_agblock_t * resbno , /* result block number */
2017-02-07 14:06:57 -08:00
xfs_extlen_t * reslen , /* result length */
unsigned * busy_gen )
2005-04-16 15:20:36 -07:00
{
2017-02-07 14:06:57 -08:00
xfs_agblock_t bno = foundbno ;
xfs_extlen_t len = foundlen ;
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
xfs_extlen_t diff ;
2017-02-07 14:06:57 -08:00
bool busy ;
2005-04-16 15:20:36 -07:00
2011-04-24 19:06:15 +00:00
/* Trim busy sections out of found extent */
2017-02-07 14:06:57 -08:00
busy = xfs_extent_busy_trim ( args , & bno , & len , busy_gen ) ;
2011-04-24 19:06:15 +00:00
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
/*
* If we have a largish extent that happens to start before min_agbno ,
* see if we can shift it into range . . .
*/
if ( bno < args - > min_agbno & & bno + len > args - > min_agbno ) {
diff = args - > min_agbno - bno ;
if ( len > diff ) {
bno + = diff ;
len - = diff ;
}
}
2011-04-24 19:06:15 +00:00
if ( args - > alignment > 1 & & len > = args - > minlen ) {
xfs_agblock_t aligned_bno = roundup ( bno , args - > alignment ) ;
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
diff = aligned_bno - bno ;
2011-04-24 19:06:15 +00:00
* resbno = aligned_bno ;
* reslen = diff > = len ? 0 : len - diff ;
2005-04-16 15:20:36 -07:00
} else {
2011-04-24 19:06:15 +00:00
* resbno = bno ;
* reslen = len ;
2005-04-16 15:20:36 -07:00
}
2017-02-07 14:06:57 -08:00
return busy ;
2005-04-16 15:20:36 -07:00
}
/*
* Compute best start block and diff for " near " allocations .
* freelen > = wantlen already checked by caller .
*/
STATIC xfs_extlen_t /* difference value (absolute) */
xfs_alloc_compute_diff (
xfs_agblock_t wantbno , /* target starting block */
xfs_extlen_t wantlen , /* target length */
xfs_extlen_t alignment , /* target alignment */
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
int datatype , /* are we allocating data? */
2005-04-16 15:20:36 -07:00
xfs_agblock_t freebno , /* freespace's starting block */
xfs_extlen_t freelen , /* freespace's length */
xfs_agblock_t * newbnop ) /* result: best start block from free */
{
xfs_agblock_t freeend ; /* end of freespace extent */
xfs_agblock_t newbno1 ; /* return block number */
xfs_agblock_t newbno2 ; /* other new block number */
xfs_extlen_t newlen1 = 0 ; /* length with newbno1 */
xfs_extlen_t newlen2 = 0 ; /* length with newbno2 */
xfs_agblock_t wantend ; /* end of target extent */
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
bool userdata = xfs_alloc_is_userdata ( datatype ) ;
2005-04-16 15:20:36 -07:00
ASSERT ( freelen > = wantlen ) ;
freeend = freebno + freelen ;
wantend = wantbno + wantlen ;
2013-04-11 22:09:56 +02:00
/*
* We want to allocate from the start of a free extent if it is past
* the desired block or if we are allocating user data and the free
* extent is before desired block . The second case is there to allow
* for contiguous allocation from the remaining free space if the file
* grows in the short term .
*/
if ( freebno > = wantbno | | ( userdata & & freeend < wantend ) ) {
2005-04-16 15:20:36 -07:00
if ( ( newbno1 = roundup ( freebno , alignment ) ) > = freeend )
newbno1 = NULLAGBLOCK ;
} else if ( freeend > = wantend & & alignment > 1 ) {
newbno1 = roundup ( wantbno , alignment ) ;
newbno2 = newbno1 - alignment ;
if ( newbno1 > = freeend )
newbno1 = NULLAGBLOCK ;
else
newlen1 = XFS_EXTLEN_MIN ( wantlen , freeend - newbno1 ) ;
if ( newbno2 < freebno )
newbno2 = NULLAGBLOCK ;
else
newlen2 = XFS_EXTLEN_MIN ( wantlen , freeend - newbno2 ) ;
if ( newbno1 ! = NULLAGBLOCK & & newbno2 ! = NULLAGBLOCK ) {
if ( newlen1 < newlen2 | |
( newlen1 = = newlen2 & &
XFS_ABSDIFF ( newbno1 , wantbno ) >
XFS_ABSDIFF ( newbno2 , wantbno ) ) )
newbno1 = newbno2 ;
} else if ( newbno2 ! = NULLAGBLOCK )
newbno1 = newbno2 ;
} else if ( freeend > = wantend ) {
newbno1 = wantbno ;
} else if ( alignment > 1 ) {
newbno1 = roundup ( freeend - wantlen , alignment ) ;
if ( newbno1 > freeend - wantlen & &
newbno1 - alignment > = freebno )
newbno1 - = alignment ;
else if ( newbno1 > = freeend )
newbno1 = NULLAGBLOCK ;
} else
newbno1 = freeend - wantlen ;
* newbnop = newbno1 ;
return newbno1 = = NULLAGBLOCK ? 0 : XFS_ABSDIFF ( newbno1 , wantbno ) ;
}
/*
* Fix up the length , based on mod and prod .
* len should be k * prod + mod for some k .
* If len is too small it is returned unchanged .
* If len hits maxlen it is left alone .
*/
STATIC void
xfs_alloc_fix_len (
xfs_alloc_arg_t * args ) /* allocation argument structure */
{
xfs_extlen_t k ;
xfs_extlen_t rlen ;
ASSERT ( args - > mod < args - > prod ) ;
rlen = args - > len ;
ASSERT ( rlen > = args - > minlen ) ;
ASSERT ( rlen < = args - > maxlen ) ;
if ( args - > prod < = 1 | | rlen < args - > mod | | rlen = = args - > maxlen | |
( args - > mod = = 0 & & rlen < args - > prod ) )
return ;
k = rlen % args - > prod ;
if ( k = = args - > mod )
return ;
2014-06-06 16:06:37 +10:00
if ( k > args - > mod )
rlen = rlen - ( k - args - > mod ) ;
else
rlen = rlen - args - > prod + ( args - > mod - k ) ;
2015-02-24 10:16:04 +11:00
/* casts to (int) catch length underflows */
2014-06-06 16:06:37 +10:00
if ( ( int ) rlen < ( int ) args - > minlen )
return ;
ASSERT ( rlen > = args - > minlen & & rlen < = args - > maxlen ) ;
ASSERT ( rlen % args - > prod = = args - > mod ) ;
2017-01-09 13:44:30 -08:00
ASSERT ( args - > pag - > pagf_freeblks + args - > pag - > pagf_flcount > =
rlen + args - > minleft ) ;
2005-04-16 15:20:36 -07:00
args - > len = rlen ;
}
/*
* Update the two btrees , logically removing from freespace the extent
* starting at rbno , rlen blocks . The extent is contained within the
* actual ( current ) free extent fbno for flen blocks .
* Flags are passed in indicating whether the cursors are set to the
* relevant records .
*/
STATIC int /* error code */
xfs_alloc_fixup_trees (
xfs_btree_cur_t * cnt_cur , /* cursor for by-size btree */
xfs_btree_cur_t * bno_cur , /* cursor for by-block btree */
xfs_agblock_t fbno , /* starting block of free extent */
xfs_extlen_t flen , /* length of free extent */
xfs_agblock_t rbno , /* starting block of returned extent */
xfs_extlen_t rlen , /* length of returned extent */
int flags ) /* flags, XFSA_FIXUP_... */
{
int error ; /* error code */
int i ; /* operation results */
xfs_agblock_t nfbno1 ; /* first new free startblock */
xfs_agblock_t nfbno2 ; /* second new free startblock */
xfs_extlen_t nflen1 = 0 ; /* first new free length */
xfs_extlen_t nflen2 = 0 ; /* second new free length */
2015-02-23 22:39:13 +11:00
struct xfs_mount * mp ;
mp = cnt_cur - > bc_mp ;
2005-04-16 15:20:36 -07:00
/*
* Look up the record in the by - size tree if necessary .
*/
if ( flags & XFSA_FIXUP_CNT_OK ) {
# ifdef DEBUG
if ( ( error = xfs_alloc_get_rec ( cnt_cur , & nfbno1 , & nflen1 , & i ) ) )
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp ,
2005-04-16 15:20:36 -07:00
i = = 1 & & nfbno1 = = fbno & & nflen1 = = flen ) ;
# endif
} else {
if ( ( error = xfs_alloc_lookup_eq ( cnt_cur , fbno , flen , & i ) ) )
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp , i = = 1 ) ;
2005-04-16 15:20:36 -07:00
}
/*
* Look up the record in the by - block tree if necessary .
*/
if ( flags & XFSA_FIXUP_BNO_OK ) {
# ifdef DEBUG
if ( ( error = xfs_alloc_get_rec ( bno_cur , & nfbno1 , & nflen1 , & i ) ) )
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp ,
2005-04-16 15:20:36 -07:00
i = = 1 & & nfbno1 = = fbno & & nflen1 = = flen ) ;
# endif
} else {
if ( ( error = xfs_alloc_lookup_eq ( bno_cur , fbno , flen , & i ) ) )
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp , i = = 1 ) ;
2005-04-16 15:20:36 -07:00
}
2008-10-30 17:14:34 +11:00
2005-04-16 15:20:36 -07:00
# ifdef DEBUG
2008-10-30 17:14:34 +11:00
if ( bno_cur - > bc_nlevels = = 1 & & cnt_cur - > bc_nlevels = = 1 ) {
struct xfs_btree_block * bnoblock ;
struct xfs_btree_block * cntblock ;
bnoblock = XFS_BUF_TO_BLOCK ( bno_cur - > bc_bufs [ 0 ] ) ;
cntblock = XFS_BUF_TO_BLOCK ( cnt_cur - > bc_bufs [ 0 ] ) ;
2005-04-16 15:20:36 -07:00
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp ,
2008-10-30 17:14:34 +11:00
bnoblock - > bb_numrecs = = cntblock - > bb_numrecs ) ;
2005-04-16 15:20:36 -07:00
}
# endif
2008-10-30 17:14:34 +11:00
2005-04-16 15:20:36 -07:00
/*
* Deal with all four cases : the allocated record is contained
* within the freespace record , so we can have new freespace
* at either ( or both ) end , or no freespace remaining .
*/
if ( rbno = = fbno & & rlen = = flen )
nfbno1 = nfbno2 = NULLAGBLOCK ;
else if ( rbno = = fbno ) {
nfbno1 = rbno + rlen ;
nflen1 = flen - rlen ;
nfbno2 = NULLAGBLOCK ;
} else if ( rbno + rlen = = fbno + flen ) {
nfbno1 = fbno ;
nflen1 = flen - rlen ;
nfbno2 = NULLAGBLOCK ;
} else {
nfbno1 = fbno ;
nflen1 = rbno - fbno ;
nfbno2 = rbno + rlen ;
nflen2 = ( fbno + flen ) - nfbno2 ;
}
/*
* Delete the entry from the by - size btree .
*/
2008-10-30 16:58:01 +11:00
if ( ( error = xfs_btree_delete ( cnt_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp , i = = 1 ) ;
2005-04-16 15:20:36 -07:00
/*
* Add new by - size btree entry ( s ) .
*/
if ( nfbno1 ! = NULLAGBLOCK ) {
if ( ( error = xfs_alloc_lookup_eq ( cnt_cur , nfbno1 , nflen1 , & i ) ) )
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp , i = = 0 ) ;
2008-10-30 16:57:40 +11:00
if ( ( error = xfs_btree_insert ( cnt_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp , i = = 1 ) ;
2005-04-16 15:20:36 -07:00
}
if ( nfbno2 ! = NULLAGBLOCK ) {
if ( ( error = xfs_alloc_lookup_eq ( cnt_cur , nfbno2 , nflen2 , & i ) ) )
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp , i = = 0 ) ;
2008-10-30 16:57:40 +11:00
if ( ( error = xfs_btree_insert ( cnt_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp , i = = 1 ) ;
2005-04-16 15:20:36 -07:00
}
/*
* Fix up the by - block btree entry ( s ) .
*/
if ( nfbno1 = = NULLAGBLOCK ) {
/*
* No remaining freespace , just delete the by - block tree entry .
*/
2008-10-30 16:58:01 +11:00
if ( ( error = xfs_btree_delete ( bno_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp , i = = 1 ) ;
2005-04-16 15:20:36 -07:00
} else {
/*
* Update the by - block entry to start later | be shorter .
*/
if ( ( error = xfs_alloc_update ( bno_cur , nfbno1 , nflen1 ) ) )
return error ;
}
if ( nfbno2 ! = NULLAGBLOCK ) {
/*
* 2 resulting free entries , need to add one .
*/
if ( ( error = xfs_alloc_lookup_eq ( bno_cur , nfbno2 , nflen2 , & i ) ) )
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp , i = = 0 ) ;
2008-10-30 16:57:40 +11:00
if ( ( error = xfs_btree_insert ( bno_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
return error ;
2015-02-23 22:39:13 +11:00
XFS_WANT_CORRUPTED_RETURN ( mp , i = = 1 ) ;
2005-04-16 15:20:36 -07:00
}
return 0 ;
}
2018-01-08 10:51:03 -08:00
static xfs_failaddr_t
2012-11-14 17:52:32 +11:00
xfs_agfl_verify (
2012-11-12 22:54:06 +11:00
struct xfs_buf * bp )
{
struct xfs_mount * mp = bp - > b_target - > bt_mount ;
struct xfs_agfl * agfl = XFS_BUF_TO_AGFL ( bp ) ;
int i ;
2018-01-08 10:51:08 -08:00
/*
* There is no verification of non - crc AGFLs because mkfs does not
* initialise the AGFL to zero or NULL . Hence the only valid part of the
* AGFL is what the AGF says is active . We can ' t get to the AGF , so we
* can ' t verify just those entries are valid .
*/
if ( ! xfs_sb_version_hascrc ( & mp - > m_sb ) )
return NULL ;
2015-07-29 11:53:31 +10:00
if ( ! uuid_equal ( & agfl - > agfl_uuid , & mp - > m_sb . sb_meta_uuid ) )
2018-01-08 10:51:03 -08:00
return __this_address ;
2013-04-03 16:11:14 +11:00
if ( be32_to_cpu ( agfl - > agfl_magicnum ) ! = XFS_AGFL_MAGIC )
2018-01-08 10:51:03 -08:00
return __this_address ;
2013-04-03 16:11:14 +11:00
/*
* during growfs operations , the perag is not fully initialised ,
* so we can ' t use it for any useful checking . growfs ensures we can ' t
* use it by using uncached buffers that don ' t have the perag attached
* so we can detect and avoid this problem .
*/
if ( bp - > b_pag & & be32_to_cpu ( agfl - > agfl_seqno ) ! = bp - > b_pag - > pag_agno )
2018-01-08 10:51:03 -08:00
return __this_address ;
2013-04-03 16:11:14 +11:00
2018-03-06 17:08:32 -08:00
for ( i = 0 ; i < xfs_agfl_size ( mp ) ; i + + ) {
2013-04-03 16:11:14 +11:00
if ( be32_to_cpu ( agfl - > agfl_bno [ i ] ) ! = NULLAGBLOCK & &
2012-11-12 22:54:06 +11:00
be32_to_cpu ( agfl - > agfl_bno [ i ] ) > = mp - > m_sb . sb_agblocks )
2018-01-08 10:51:03 -08:00
return __this_address ;
2012-11-12 22:54:06 +11:00
}
2015-10-12 15:59:25 +11:00
2018-01-08 10:51:03 -08:00
if ( ! xfs_log_check_lsn ( mp , be64_to_cpu ( XFS_BUF_TO_AGFL ( bp ) - > agfl_lsn ) ) )
return __this_address ;
return NULL ;
2013-04-03 16:11:14 +11:00
}
static void
xfs_agfl_read_verify (
struct xfs_buf * bp )
{
struct xfs_mount * mp = bp - > b_target - > bt_mount ;
2018-01-08 10:51:03 -08:00
xfs_failaddr_t fa ;
2013-04-03 16:11:14 +11:00
/*
* There is no verification of non - crc AGFLs because mkfs does not
* initialise the AGFL to zero or NULL . Hence the only valid part of the
* AGFL is what the AGF says is active . We can ' t get to the AGF , so we
* can ' t verify just those entries are valid .
*/
if ( ! xfs_sb_version_hascrc ( & mp - > m_sb ) )
return ;
2014-02-27 15:23:10 +11:00
if ( ! xfs_buf_verify_cksum ( bp , XFS_AGFL_CRC_OFF ) )
2018-01-08 10:51:03 -08:00
xfs_verifier_error ( bp , - EFSBADCRC , __this_address ) ;
else {
fa = xfs_agfl_verify ( bp ) ;
if ( fa )
xfs_verifier_error ( bp , - EFSCORRUPTED , fa ) ;
}
2012-11-14 17:52:32 +11:00
}
2012-11-14 17:54:40 +11:00
static void
2012-11-14 17:52:32 +11:00
xfs_agfl_write_verify (
struct xfs_buf * bp )
{
2018-01-24 13:38:48 -08:00
struct xfs_mount * mp = bp - > b_target - > bt_mount ;
struct xfs_buf_log_item * bip = bp - > b_log_item ;
2018-01-08 10:51:03 -08:00
xfs_failaddr_t fa ;
2012-11-14 17:52:32 +11:00
2013-04-03 16:11:14 +11:00
/* no verification of non-crc AGFLs */
if ( ! xfs_sb_version_hascrc ( & mp - > m_sb ) )
return ;
2018-01-08 10:51:03 -08:00
fa = xfs_agfl_verify ( bp ) ;
if ( fa ) {
xfs_verifier_error ( bp , - EFSCORRUPTED , fa ) ;
2013-04-03 16:11:14 +11:00
return ;
}
if ( bip )
XFS_BUF_TO_AGFL ( bp ) - > agfl_lsn = cpu_to_be64 ( bip - > bli_item . li_lsn ) ;
2014-02-27 15:18:23 +11:00
xfs_buf_update_cksum ( bp , XFS_AGFL_CRC_OFF ) ;
2012-11-12 22:54:06 +11:00
}
2012-11-14 17:54:40 +11:00
const struct xfs_buf_ops xfs_agfl_buf_ops = {
2016-01-04 16:10:19 +11:00
. name = " xfs_agfl " ,
2012-11-14 17:54:40 +11:00
. verify_read = xfs_agfl_read_verify ,
. verify_write = xfs_agfl_write_verify ,
2018-01-08 10:51:08 -08:00
. verify_struct = xfs_agfl_verify ,
2012-11-14 17:54:40 +11:00
} ;
2005-04-16 15:20:36 -07:00
/*
* Read in the allocation group free block array .
*/
2017-06-16 11:00:07 -07:00
int /* error */
2005-04-16 15:20:36 -07:00
xfs_alloc_read_agfl (
xfs_mount_t * mp , /* mount point structure */
xfs_trans_t * tp , /* transaction pointer */
xfs_agnumber_t agno , /* allocation group number */
xfs_buf_t * * bpp ) /* buffer for the ag free block array */
{
xfs_buf_t * bp ; /* return value */
int error ;
ASSERT ( agno ! = NULLAGNUMBER ) ;
error = xfs_trans_read_buf (
mp , tp , mp - > m_ddev_targp ,
XFS_AG_DADDR ( mp , agno , XFS_AGFL_DADDR ( mp ) ) ,
2012-11-14 17:54:40 +11:00
XFS_FSS_TO_BB ( mp , 1 ) , 0 , & bp , & xfs_agfl_buf_ops ) ;
2005-04-16 15:20:36 -07:00
if ( error )
return error ;
2011-10-10 16:52:45 +00:00
xfs_buf_set_ref ( bp , XFS_AGFL_REF ) ;
2005-04-16 15:20:36 -07:00
* bpp = bp ;
return 0 ;
}
2011-03-04 12:59:55 +00:00
STATIC int
xfs_alloc_update_counters (
struct xfs_trans * tp ,
struct xfs_perag * pag ,
struct xfs_buf * agbp ,
long len )
{
struct xfs_agf * agf = XFS_BUF_TO_AGF ( agbp ) ;
pag - > pagf_freeblks + = len ;
be32_add_cpu ( & agf - > agf_freeblks , len ) ;
xfs_trans_agblocks_delta ( tp , len ) ;
if ( unlikely ( be32_to_cpu ( agf - > agf_freeblks ) >
be32_to_cpu ( agf - > agf_length ) ) )
2014-06-25 14:58:08 +10:00
return - EFSCORRUPTED ;
2011-03-04 12:59:55 +00:00
xfs_alloc_log_agf ( tp , agbp , XFS_AGF_FREEBLKS ) ;
return 0 ;
}
2005-04-16 15:20:36 -07:00
/*
* Allocation group level functions .
*/
/*
* Allocate a variable extent in the allocation group agno .
* Type and bno are used to determine where in the allocation group the
* extent will start .
* Extent ' s length ( returned in * len ) will be between minlen and maxlen ,
* and of the form k * prod + mod unless there ' s nothing that large .
* Return the starting a . g . block , or NULLAGBLOCK if we can ' t do it .
*/
STATIC int /* error */
xfs_alloc_ag_vextent (
xfs_alloc_arg_t * args ) /* argument structure for allocation */
{
int error = 0 ;
ASSERT ( args - > minlen > 0 ) ;
ASSERT ( args - > maxlen > 0 ) ;
ASSERT ( args - > minlen < = args - > maxlen ) ;
ASSERT ( args - > mod < args - > prod ) ;
ASSERT ( args - > alignment > 0 ) ;
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
2005-04-16 15:20:36 -07:00
/*
* Branch to correct routine based on the type .
*/
args - > wasfromfl = 0 ;
switch ( args - > type ) {
case XFS_ALLOCTYPE_THIS_AG :
error = xfs_alloc_ag_vextent_size ( args ) ;
break ;
case XFS_ALLOCTYPE_NEAR_BNO :
error = xfs_alloc_ag_vextent_near ( args ) ;
break ;
case XFS_ALLOCTYPE_THIS_BNO :
error = xfs_alloc_ag_vextent_exact ( args ) ;
break ;
default :
ASSERT ( 0 ) ;
/* NOTREACHED */
}
2011-03-04 12:59:55 +00:00
if ( error | | args - > agbno = = NULLAGBLOCK )
2005-04-16 15:20:36 -07:00
return error ;
2011-03-04 12:59:55 +00:00
ASSERT ( args - > len > = args - > minlen ) ;
ASSERT ( args - > len < = args - > maxlen ) ;
2018-03-09 14:02:32 -08:00
ASSERT ( ! args - > wasfromfl | | args - > resv ! = XFS_AG_RESV_AGFL ) ;
2011-03-04 12:59:55 +00:00
ASSERT ( args - > agbno % args - > alignment = = 0 ) ;
2016-08-03 11:33:43 +10:00
/* if not file data, insert new block into the reverse map btree */
2017-12-07 19:07:27 -08:00
if ( ! xfs_rmap_should_skip_owner_update ( & args - > oinfo ) ) {
2016-08-03 11:33:43 +10:00
error = xfs_rmap_alloc ( args - > tp , args - > agbp , args - > agno ,
args - > agbno , args - > len , & args - > oinfo ) ;
if ( error )
return error ;
}
2011-03-04 12:59:55 +00:00
if ( ! args - > wasfromfl ) {
error = xfs_alloc_update_counters ( args - > tp , args - > pag ,
args - > agbp ,
- ( ( long ) ( args - > len ) ) ) ;
if ( error )
return error ;
2012-04-29 10:41:10 +00:00
ASSERT ( ! xfs_extent_busy_search ( args - > mp , args - > agno ,
2011-04-24 19:06:15 +00:00
args - > agbno , args - > len ) ) ;
2005-04-16 15:20:36 -07:00
}
2011-03-04 12:59:55 +00:00
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
xfs_ag_resv_alloc_extent ( args - > pag , args - > resv , args ) ;
2011-03-04 12:59:55 +00:00
2015-10-12 18:21:22 +11:00
XFS_STATS_INC ( args - > mp , xs_allocx ) ;
XFS_STATS_ADD ( args - > mp , xs_allocb , args - > len ) ;
2011-03-04 12:59:55 +00:00
return error ;
2005-04-16 15:20:36 -07:00
}
/*
* Allocate a variable extent at exactly agno / bno .
* Extent ' s length ( returned in * len ) will be between minlen and maxlen ,
* and of the form k * prod + mod unless there ' s nothing that large .
* Return the starting a . g . block ( bno ) , or NULLAGBLOCK if we can ' t do it .
*/
STATIC int /* error */
xfs_alloc_ag_vextent_exact (
xfs_alloc_arg_t * args ) /* allocation argument structure */
{
xfs_btree_cur_t * bno_cur ; /* by block-number btree cursor */
xfs_btree_cur_t * cnt_cur ; /* by count btree cursor */
int error ;
xfs_agblock_t fbno ; /* start block of found extent */
xfs_extlen_t flen ; /* length of found extent */
2017-02-07 14:06:57 -08:00
xfs_agblock_t tbno ; /* start block of busy extent */
xfs_extlen_t tlen ; /* length of busy extent */
xfs_agblock_t tend ; /* end block of busy extent */
2005-04-16 15:20:36 -07:00
int i ; /* success/failure of operation */
2017-02-07 14:06:57 -08:00
unsigned busy_gen ;
2005-04-16 15:20:36 -07:00
ASSERT ( args - > alignment = = 1 ) ;
2010-12-10 15:03:57 +00:00
2005-04-16 15:20:36 -07:00
/*
* Allocate / initialize a cursor for the by - number freespace btree .
*/
2008-10-30 16:53:59 +11:00
bno_cur = xfs_allocbt_init_cursor ( args - > mp , args - > tp , args - > agbp ,
2010-12-10 15:03:57 +00:00
args - > agno , XFS_BTNUM_BNO ) ;
2005-04-16 15:20:36 -07:00
/*
* Lookup bno and minlen in the btree ( minlen is irrelevant , really ) .
* Look for the closest free block < = bno , it must contain bno
* if any free block does .
*/
2010-12-10 15:03:57 +00:00
error = xfs_alloc_lookup_le ( bno_cur , args - > agbno , args - > minlen , & i ) ;
if ( error )
2005-04-16 15:20:36 -07:00
goto error0 ;
2010-12-10 15:03:57 +00:00
if ( ! i )
goto not_found ;
2005-04-16 15:20:36 -07:00
/*
* Grab the freespace record .
*/
2010-12-10 15:03:57 +00:00
error = xfs_alloc_get_rec ( bno_cur , & fbno , & flen , & i ) ;
if ( error )
2005-04-16 15:20:36 -07:00
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
ASSERT ( fbno < = args - > agbno ) ;
2010-12-10 15:03:57 +00:00
2005-04-16 15:20:36 -07:00
/*
2011-04-24 19:06:15 +00:00
* Check for overlapping busy extents .
2005-04-16 15:20:36 -07:00
*/
2017-02-07 14:06:57 -08:00
tbno = fbno ;
tlen = flen ;
xfs_extent_busy_trim ( args , & tbno , & tlen , & busy_gen ) ;
2011-04-24 19:06:15 +00:00
/*
* Give up if the start of the extent is busy , or the freespace isn ' t
* long enough for the minimum request .
*/
if ( tbno > args - > agbno )
goto not_found ;
if ( tlen < args - > minlen )
goto not_found ;
tend = tbno + tlen ;
if ( tend < args - > agbno + args - > minlen )
2010-12-10 15:03:57 +00:00
goto not_found ;
2005-04-16 15:20:36 -07:00
/*
* End of extent will be smaller of the freespace end and the
* maximal requested end .
2010-12-10 15:03:57 +00:00
*
2005-04-16 15:20:36 -07:00
* Fix the length according to mod and prod if given .
*/
2011-06-09 16:47:49 +00:00
args - > len = XFS_AGBLOCK_MIN ( tend , args - > agbno + args - > maxlen )
- args - > agbno ;
2005-04-16 15:20:36 -07:00
xfs_alloc_fix_len ( args ) ;
2011-06-09 16:47:49 +00:00
ASSERT ( args - > agbno + args - > len < = tend ) ;
2010-12-10 15:03:57 +00:00
2005-04-16 15:20:36 -07:00
/*
2011-06-09 16:47:49 +00:00
* We are allocating agbno for args - > len
2005-04-16 15:20:36 -07:00
* Allocate / initialize a cursor for the by - size btree .
*/
2008-10-30 16:53:59 +11:00
cnt_cur = xfs_allocbt_init_cursor ( args - > mp , args - > tp , args - > agbp ,
args - > agno , XFS_BTNUM_CNT ) ;
2005-04-16 15:20:36 -07:00
ASSERT ( args - > agbno + args - > len < =
2005-11-02 15:11:25 +11:00
be32_to_cpu ( XFS_BUF_TO_AGF ( args - > agbp ) - > agf_length ) ) ;
2010-12-10 15:03:57 +00:00
error = xfs_alloc_fixup_trees ( cnt_cur , bno_cur , fbno , flen , args - > agbno ,
args - > len , XFSA_FIXUP_BNO_OK ) ;
if ( error ) {
2005-04-16 15:20:36 -07:00
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_ERROR ) ;
goto error0 ;
}
2010-12-10 15:03:57 +00:00
2005-04-16 15:20:36 -07:00
xfs_btree_del_cursor ( bno_cur , XFS_BTREE_NOERROR ) ;
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_NOERROR ) ;
2009-12-14 23:14:59 +00:00
2005-04-16 15:20:36 -07:00
args - > wasfromfl = 0 ;
2010-12-10 15:03:57 +00:00
trace_xfs_alloc_exact_done ( args ) ;
return 0 ;
not_found :
/* Didn't find it, return null. */
xfs_btree_del_cursor ( bno_cur , XFS_BTREE_NOERROR ) ;
args - > agbno = NULLAGBLOCK ;
trace_xfs_alloc_exact_notfound ( args ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
error0 :
xfs_btree_del_cursor ( bno_cur , XFS_BTREE_ERROR ) ;
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_exact_error ( args ) ;
2005-04-16 15:20:36 -07:00
return error ;
}
2010-12-10 15:04:11 +00:00
/*
* Search the btree in a given direction via the search cursor and compare
* the records found against the good extent we ' ve already found .
*/
STATIC int
xfs_alloc_find_best_extent (
struct xfs_alloc_arg * args , /* allocation argument structure */
struct xfs_btree_cur * * gcur , /* good cursor */
struct xfs_btree_cur * * scur , /* searching cursor */
xfs_agblock_t gdiff , /* difference for search comparison */
xfs_agblock_t * sbno , /* extent found by search */
2011-04-24 19:06:15 +00:00
xfs_extlen_t * slen , /* extent length */
xfs_agblock_t * sbnoa , /* aligned extent found by search */
xfs_extlen_t * slena , /* aligned extent length */
2010-12-10 15:04:11 +00:00
int dir ) /* 0 = search right, 1 = search left */
{
xfs_agblock_t new ;
xfs_agblock_t sdiff ;
int error ;
int i ;
2017-02-07 14:06:57 -08:00
unsigned busy_gen ;
2010-12-10 15:04:11 +00:00
/* The good extent is perfect, no need to search. */
if ( ! gdiff )
goto out_use_good ;
/*
* Look until we find a better one , run out of space or run off the end .
*/
do {
error = xfs_alloc_get_rec ( * scur , sbno , slen , & i ) ;
if ( error )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , i = = 1 , error0 ) ;
2017-02-07 14:06:57 -08:00
xfs_alloc_compute_aligned ( args , * sbno , * slen ,
sbnoa , slena , & busy_gen ) ;
2010-12-10 15:04:11 +00:00
/*
* The good extent is closer than this one .
*/
if ( ! dir ) {
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
if ( * sbnoa > args - > max_agbno )
goto out_use_good ;
2011-04-24 19:06:15 +00:00
if ( * sbnoa > = args - > agbno + gdiff )
2010-12-10 15:04:11 +00:00
goto out_use_good ;
} else {
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
if ( * sbnoa < args - > min_agbno )
goto out_use_good ;
2011-04-24 19:06:15 +00:00
if ( * sbnoa < = args - > agbno - gdiff )
2010-12-10 15:04:11 +00:00
goto out_use_good ;
}
/*
* Same distance , compare length and pick the best .
*/
if ( * slena > = args - > minlen ) {
args - > len = XFS_EXTLEN_MIN ( * slena , args - > maxlen ) ;
xfs_alloc_fix_len ( args ) ;
sdiff = xfs_alloc_compute_diff ( args - > agbno , args - > len ,
2013-04-11 22:09:56 +02:00
args - > alignment ,
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
args - > datatype , * sbnoa ,
2011-04-24 19:06:15 +00:00
* slena , & new ) ;
2010-12-10 15:04:11 +00:00
/*
* Choose closer size and invalidate other cursor .
*/
if ( sdiff < gdiff )
goto out_use_search ;
goto out_use_good ;
}
if ( ! dir )
error = xfs_btree_increment ( * scur , 0 , & i ) ;
else
error = xfs_btree_decrement ( * scur , 0 , & i ) ;
if ( error )
goto error0 ;
} while ( i ) ;
out_use_good :
xfs_btree_del_cursor ( * scur , XFS_BTREE_NOERROR ) ;
* scur = NULL ;
return 0 ;
out_use_search :
xfs_btree_del_cursor ( * gcur , XFS_BTREE_NOERROR ) ;
* gcur = NULL ;
return 0 ;
error0 :
/* caller invalidates cursors */
return error ;
}
2005-04-16 15:20:36 -07:00
/*
* Allocate a variable extent near bno in the allocation group agno .
* Extent ' s length ( returned in len ) will be between minlen and maxlen ,
* and of the form k * prod + mod unless there ' s nothing that large .
* Return the starting a . g . block , or NULLAGBLOCK if we can ' t do it .
*/
STATIC int /* error */
xfs_alloc_ag_vextent_near (
xfs_alloc_arg_t * args ) /* allocation argument structure */
{
xfs_btree_cur_t * bno_cur_gt ; /* cursor for bno btree, right side */
xfs_btree_cur_t * bno_cur_lt ; /* cursor for bno btree, left side */
xfs_btree_cur_t * cnt_cur ; /* cursor for count btree */
xfs_agblock_t gtbno ; /* start bno of right side entry */
xfs_agblock_t gtbnoa ; /* aligned ... */
xfs_extlen_t gtdiff ; /* difference to right side entry */
xfs_extlen_t gtlen ; /* length of right side entry */
2011-04-24 19:06:15 +00:00
xfs_extlen_t gtlena ; /* aligned ... */
2005-04-16 15:20:36 -07:00
xfs_agblock_t gtnew ; /* useful start bno of right side */
int error ; /* error code */
int i ; /* result code, temporary */
int j ; /* result code, temporary */
xfs_agblock_t ltbno ; /* start bno of left side entry */
xfs_agblock_t ltbnoa ; /* aligned ... */
xfs_extlen_t ltdiff ; /* difference to left side entry */
xfs_extlen_t ltlen ; /* length of left side entry */
2011-04-24 19:06:15 +00:00
xfs_extlen_t ltlena ; /* aligned ... */
2005-04-16 15:20:36 -07:00
xfs_agblock_t ltnew ; /* useful start bno of left side */
xfs_extlen_t rlen ; /* length of returned extent */
2017-02-07 14:06:57 -08:00
bool busy ;
unsigned busy_gen ;
2013-08-12 20:49:50 +10:00
# ifdef DEBUG
2005-04-16 15:20:36 -07:00
/*
* Randomly don ' t execute the first algorithm .
*/
int dofirst ; /* set to do first algorithm */
2013-03-04 21:58:20 +09:00
dofirst = prandom_u32 ( ) & 1 ;
2005-04-16 15:20:36 -07:00
# endif
2011-04-24 19:06:15 +00:00
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
/* handle unitialized agbno range so caller doesn't have to */
if ( ! args - > min_agbno & & ! args - > max_agbno )
args - > max_agbno = args - > mp - > m_sb . sb_agblocks - 1 ;
ASSERT ( args - > min_agbno < = args - > max_agbno ) ;
/* clamp agbno to the range if it's outside */
if ( args - > agbno < args - > min_agbno )
args - > agbno = args - > min_agbno ;
if ( args - > agbno > args - > max_agbno )
args - > agbno = args - > max_agbno ;
2011-04-24 19:06:15 +00:00
restart :
bno_cur_lt = NULL ;
bno_cur_gt = NULL ;
ltlen = 0 ;
gtlena = 0 ;
ltlena = 0 ;
2017-02-07 14:06:57 -08:00
busy = false ;
2011-04-24 19:06:15 +00:00
2005-04-16 15:20:36 -07:00
/*
* Get a cursor for the by - size btree .
*/
2008-10-30 16:53:59 +11:00
cnt_cur = xfs_allocbt_init_cursor ( args - > mp , args - > tp , args - > agbp ,
args - > agno , XFS_BTNUM_CNT ) ;
2011-04-24 19:06:15 +00:00
2005-04-16 15:20:36 -07:00
/*
* See if there are any free extents as big as maxlen .
*/
if ( ( error = xfs_alloc_lookup_ge ( cnt_cur , 0 , args - > maxlen , & i ) ) )
goto error0 ;
/*
* If none , then pick up the last entry in the tree unless the
* tree is empty .
*/
if ( ! i ) {
if ( ( error = xfs_alloc_ag_vextent_small ( args , cnt_cur , & ltbno ,
& ltlen , & i ) ) )
goto error0 ;
if ( i = = 0 | | ltlen = = 0 ) {
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_NOERROR ) ;
2011-04-24 19:06:15 +00:00
trace_xfs_alloc_near_noentry ( args ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
}
ASSERT ( i = = 1 ) ;
}
args - > wasfromfl = 0 ;
2011-04-24 19:06:15 +00:00
2005-04-16 15:20:36 -07:00
/*
* First algorithm .
* If the requested extent is large wrt the freespaces available
* in this a . g . , then the cursor will be pointing to a btree entry
* near the right edge of the tree . If it ' s in the last btree leaf
* block , then we just examine all the entries in that block
* that are big enough , and pick the best one .
* This is written as a while loop so we can break out of it ,
* but we never loop back to the top .
*/
while ( xfs_btree_islastblock ( cnt_cur , 0 ) ) {
xfs_extlen_t bdiff ;
int besti = 0 ;
xfs_extlen_t blen = 0 ;
xfs_agblock_t bnew = 0 ;
2013-08-12 20:49:50 +10:00
# ifdef DEBUG
if ( dofirst )
2005-04-16 15:20:36 -07:00
break ;
# endif
/*
* Start from the entry that lookup found , sequence through
* all larger free blocks . If we ' re actually pointing at a
* record smaller than maxlen , go to the start of this block ,
* and skip all those smaller than minlen .
*/
if ( ltlen | | args - > alignment > 1 ) {
cnt_cur - > bc_ptrs [ 0 ] = 1 ;
do {
if ( ( error = xfs_alloc_get_rec ( cnt_cur , & ltbno ,
& ltlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
if ( ltlen > = args - > minlen )
break ;
2008-10-30 16:55:45 +11:00
if ( ( error = xfs_btree_increment ( cnt_cur , 0 , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
} while ( i ) ;
ASSERT ( ltlen > = args - > minlen ) ;
if ( ! i )
break ;
}
i = cnt_cur - > bc_ptrs [ 0 ] ;
for ( j = 1 , blen = 0 , bdiff = 0 ;
! error & & j & & ( blen < args - > maxlen | | bdiff > 0 ) ;
2008-10-30 16:55:45 +11:00
error = xfs_btree_increment ( cnt_cur , 0 , & j ) ) {
2005-04-16 15:20:36 -07:00
/*
* For each entry , decide if it ' s better than
* the previous best entry .
*/
if ( ( error = xfs_alloc_get_rec ( cnt_cur , & ltbno , & ltlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , i = = 1 , error0 ) ;
2017-02-07 14:06:57 -08:00
busy = xfs_alloc_compute_aligned ( args , ltbno , ltlen ,
& ltbnoa , & ltlena , & busy_gen ) ;
2008-04-17 16:49:49 +10:00
if ( ltlena < args - > minlen )
2005-04-16 15:20:36 -07:00
continue ;
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
if ( ltbnoa < args - > min_agbno | | ltbnoa > args - > max_agbno )
continue ;
2005-04-16 15:20:36 -07:00
args - > len = XFS_EXTLEN_MIN ( ltlena , args - > maxlen ) ;
xfs_alloc_fix_len ( args ) ;
ASSERT ( args - > len > = args - > minlen ) ;
if ( args - > len < blen )
continue ;
ltdiff = xfs_alloc_compute_diff ( args - > agbno , args - > len ,
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
args - > alignment , args - > datatype , ltbnoa ,
2013-04-11 22:09:56 +02:00
ltlena , & ltnew ) ;
2005-04-16 15:20:36 -07:00
if ( ltnew ! = NULLAGBLOCK & &
( args - > len > blen | | ltdiff < bdiff ) ) {
bdiff = ltdiff ;
bnew = ltnew ;
blen = args - > len ;
besti = cnt_cur - > bc_ptrs [ 0 ] ;
}
}
/*
* It didn ' t work . We COULD be in a case where
* there ' s a good record somewhere , so try again .
*/
if ( blen = = 0 )
break ;
/*
* Point at the best entry , and retrieve it again .
*/
cnt_cur - > bc_ptrs [ 0 ] = besti ;
if ( ( error = xfs_alloc_get_rec ( cnt_cur , & ltbno , & ltlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , i = = 1 , error0 ) ;
2010-07-20 17:54:45 +10:00
ASSERT ( ltbno + ltlen < = be32_to_cpu ( XFS_BUF_TO_AGF ( args - > agbp ) - > agf_length ) ) ;
2005-04-16 15:20:36 -07:00
args - > len = blen ;
2017-01-09 13:44:30 -08:00
2005-04-16 15:20:36 -07:00
/*
* We are allocating starting at bnew for blen blocks .
*/
args - > agbno = bnew ;
ASSERT ( bnew > = ltbno ) ;
2010-07-20 17:54:45 +10:00
ASSERT ( bnew + blen < = ltbno + ltlen ) ;
2005-04-16 15:20:36 -07:00
/*
* Set up a cursor for the by - bno tree .
*/
2008-10-30 16:53:59 +11:00
bno_cur_lt = xfs_allocbt_init_cursor ( args - > mp , args - > tp ,
args - > agbp , args - > agno , XFS_BTNUM_BNO ) ;
2005-04-16 15:20:36 -07:00
/*
* Fix up the btree entries .
*/
if ( ( error = xfs_alloc_fixup_trees ( cnt_cur , bno_cur_lt , ltbno ,
ltlen , bnew , blen , XFSA_FIXUP_CNT_OK ) ) )
goto error0 ;
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_NOERROR ) ;
xfs_btree_del_cursor ( bno_cur_lt , XFS_BTREE_NOERROR ) ;
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_near_first ( args ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
}
/*
* Second algorithm .
* Search in the by - bno tree to the left and to the right
* simultaneously , until in each case we find a space big enough ,
* or run into the edge of the tree . When we run into the edge ,
* we deallocate that cursor .
* If both searches succeed , we compare the two spaces and pick
* the better one .
* With alignment , it ' s possible for both to fail ; the upper
* level algorithm that picks allocation groups for allocations
* is not supposed to do this .
*/
/*
* Allocate and initialize the cursor for the leftward search .
*/
2008-10-30 16:53:59 +11:00
bno_cur_lt = xfs_allocbt_init_cursor ( args - > mp , args - > tp , args - > agbp ,
args - > agno , XFS_BTNUM_BNO ) ;
2005-04-16 15:20:36 -07:00
/*
* Lookup < = bno to find the leftward search ' s starting point .
*/
if ( ( error = xfs_alloc_lookup_le ( bno_cur_lt , args - > agbno , args - > maxlen , & i ) ) )
goto error0 ;
if ( ! i ) {
/*
* Didn ' t find anything ; use this cursor for the rightward
* search .
*/
bno_cur_gt = bno_cur_lt ;
bno_cur_lt = NULL ;
}
/*
* Found something . Duplicate the cursor for the rightward search .
*/
else if ( ( error = xfs_btree_dup_cursor ( bno_cur_lt , & bno_cur_gt ) ) )
goto error0 ;
/*
* Increment the cursor , so we will point at the entry just right
* of the leftward entry if any , or to the leftmost entry .
*/
2008-10-30 16:55:45 +11:00
if ( ( error = xfs_btree_increment ( bno_cur_gt , 0 , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
if ( ! i ) {
/*
* It failed , there are no rightward entries .
*/
xfs_btree_del_cursor ( bno_cur_gt , XFS_BTREE_NOERROR ) ;
bno_cur_gt = NULL ;
}
/*
* Loop going left with the leftward cursor , right with the
* rightward cursor , until either both directions give up or
* we find an entry at least as big as minlen .
*/
do {
if ( bno_cur_lt ) {
if ( ( error = xfs_alloc_get_rec ( bno_cur_lt , & ltbno , & ltlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , i = = 1 , error0 ) ;
2017-02-07 14:06:57 -08:00
busy | = xfs_alloc_compute_aligned ( args , ltbno , ltlen ,
& ltbnoa , & ltlena , & busy_gen ) ;
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
if ( ltlena > = args - > minlen & & ltbnoa > = args - > min_agbno )
2005-04-16 15:20:36 -07:00
break ;
2008-10-30 16:55:58 +11:00
if ( ( error = xfs_btree_decrement ( bno_cur_lt , 0 , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
if ( ! i | | ltbnoa < args - > min_agbno ) {
2005-04-16 15:20:36 -07:00
xfs_btree_del_cursor ( bno_cur_lt ,
XFS_BTREE_NOERROR ) ;
bno_cur_lt = NULL ;
}
}
if ( bno_cur_gt ) {
if ( ( error = xfs_alloc_get_rec ( bno_cur_gt , & gtbno , & gtlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , i = = 1 , error0 ) ;
2017-02-07 14:06:57 -08:00
busy | = xfs_alloc_compute_aligned ( args , gtbno , gtlen ,
& gtbnoa , & gtlena , & busy_gen ) ;
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
if ( gtlena > = args - > minlen & & gtbnoa < = args - > max_agbno )
2005-04-16 15:20:36 -07:00
break ;
2008-10-30 16:55:45 +11:00
if ( ( error = xfs_btree_increment ( bno_cur_gt , 0 , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
if ( ! i | | gtbnoa > args - > max_agbno ) {
2005-04-16 15:20:36 -07:00
xfs_btree_del_cursor ( bno_cur_gt ,
XFS_BTREE_NOERROR ) ;
bno_cur_gt = NULL ;
}
}
} while ( bno_cur_lt | | bno_cur_gt ) ;
2010-12-10 15:04:11 +00:00
2005-04-16 15:20:36 -07:00
/*
* Got both cursors still active , need to find better entry .
*/
if ( bno_cur_lt & & bno_cur_gt ) {
if ( ltlena > = args - > minlen ) {
/*
2010-12-10 15:04:11 +00:00
* Left side is good , look for a right side entry .
2005-04-16 15:20:36 -07:00
*/
args - > len = XFS_EXTLEN_MIN ( ltlena , args - > maxlen ) ;
xfs_alloc_fix_len ( args ) ;
2010-12-10 15:04:11 +00:00
ltdiff = xfs_alloc_compute_diff ( args - > agbno , args - > len ,
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
args - > alignment , args - > datatype , ltbnoa ,
2013-04-11 22:09:56 +02:00
ltlena , & ltnew ) ;
2010-12-10 15:04:11 +00:00
error = xfs_alloc_find_best_extent ( args ,
& bno_cur_lt , & bno_cur_gt ,
2011-04-24 19:06:15 +00:00
ltdiff , & gtbno , & gtlen ,
& gtbnoa , & gtlena ,
2010-12-10 15:04:11 +00:00
0 /* search right */ ) ;
} else {
ASSERT ( gtlena > = args - > minlen ) ;
2005-04-16 15:20:36 -07:00
/*
2010-12-10 15:04:11 +00:00
* Right side is good , look for a left side entry .
2005-04-16 15:20:36 -07:00
*/
args - > len = XFS_EXTLEN_MIN ( gtlena , args - > maxlen ) ;
xfs_alloc_fix_len ( args ) ;
2010-12-10 15:04:11 +00:00
gtdiff = xfs_alloc_compute_diff ( args - > agbno , args - > len ,
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
args - > alignment , args - > datatype , gtbnoa ,
2013-04-11 22:09:56 +02:00
gtlena , & gtnew ) ;
2010-12-10 15:04:11 +00:00
error = xfs_alloc_find_best_extent ( args ,
& bno_cur_gt , & bno_cur_lt ,
2011-04-24 19:06:15 +00:00
gtdiff , & ltbno , & ltlen ,
& ltbnoa , & ltlena ,
2010-12-10 15:04:11 +00:00
1 /* search left */ ) ;
2005-04-16 15:20:36 -07:00
}
2010-12-10 15:04:11 +00:00
if ( error )
goto error0 ;
2005-04-16 15:20:36 -07:00
}
2010-12-10 15:04:11 +00:00
2005-04-16 15:20:36 -07:00
/*
* If we couldn ' t get anything , give up .
*/
if ( bno_cur_lt = = NULL & & bno_cur_gt = = NULL ) {
2012-07-12 07:40:42 +10:00
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_NOERROR ) ;
2017-02-07 14:06:57 -08:00
if ( busy ) {
2011-04-24 19:06:15 +00:00
trace_xfs_alloc_near_busy ( args ) ;
2017-02-07 14:06:57 -08:00
xfs_extent_busy_flush ( args - > mp , args - > pag , busy_gen ) ;
2011-04-24 19:06:15 +00:00
goto restart ;
}
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_size_neither ( args ) ;
2005-04-16 15:20:36 -07:00
args - > agbno = NULLAGBLOCK ;
return 0 ;
}
2010-12-10 15:04:11 +00:00
2005-04-16 15:20:36 -07:00
/*
* At this point we have selected a freespace entry , either to the
* left or to the right . If it ' s on the right , copy all the
* useful variables to the " left " set so we only have one
* copy of this code .
*/
if ( bno_cur_gt ) {
bno_cur_lt = bno_cur_gt ;
bno_cur_gt = NULL ;
ltbno = gtbno ;
ltbnoa = gtbnoa ;
ltlen = gtlen ;
ltlena = gtlena ;
j = 1 ;
} else
j = 0 ;
2010-12-10 15:04:11 +00:00
2005-04-16 15:20:36 -07:00
/*
* Fix up the length and compute the useful address .
*/
args - > len = XFS_EXTLEN_MIN ( ltlena , args - > maxlen ) ;
xfs_alloc_fix_len ( args ) ;
rlen = args - > len ;
2011-04-24 19:06:15 +00:00
( void ) xfs_alloc_compute_diff ( args - > agbno , rlen , args - > alignment ,
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
args - > datatype , ltbnoa , ltlena , & ltnew ) ;
2005-04-16 15:20:36 -07:00
ASSERT ( ltnew > = ltbno ) ;
2011-04-24 19:06:15 +00:00
ASSERT ( ltnew + rlen < = ltbnoa + ltlena ) ;
2005-11-02 15:11:25 +11:00
ASSERT ( ltnew + rlen < = be32_to_cpu ( XFS_BUF_TO_AGF ( args - > agbp ) - > agf_length ) ) ;
xfs: support min/max agbno args in block allocator
The block allocator supports various arguments to tweak block allocation
behavior and set allocation requirements. The sparse inode chunk feature
introduces a new requirement not supported by the current arguments.
Sparse inode allocations must convert or merge into an inode record that
describes a fixed length chunk (64 inodes x inodesize). Full inode chunk
allocations by definition always result in valid inode records. Sparse
chunk allocations are smaller and the associated records can refer to
blocks not owned by the inode chunk. This model can result in invalid
inode records in certain cases.
For example, if a sparse allocation occurs near the start of an AG, the
aligned inode record for that chunk might refer to agbno 0. If an
allocation occurs towards the end of the AG and the AG size is not
aligned, the inode record could refer to blocks beyond the end of the
AG. While neither of these scenarios directly result in corruption, they
both insert invalid inode records and at minimum cause repair to
complain, are unlikely to merge into full chunks over time and set land
mines for other areas of code.
To guarantee sparse inode chunk allocation creates valid inode records,
support the ability to specify an agbno range limit for
XFS_ALLOCTYPE_NEAR_BNO block allocations. The min/max agbno's are
specified in the allocation arguments and limit the block allocation
algorithms to that range. The starting 'agbno' hint is clamped to the
range if the specified agbno is out of range. If no sufficient extent is
available within the range, the allocation fails. For backwards
compatibility, the min/max fields can be initialized to 0 to disable
range limiting (e.g., equivalent to min=0,max=agsize).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-05-29 08:53:00 +10:00
ASSERT ( ltnew > = args - > min_agbno & & ltnew < = args - > max_agbno ) ;
2005-04-16 15:20:36 -07:00
args - > agbno = ltnew ;
2011-04-24 19:06:15 +00:00
2005-04-16 15:20:36 -07:00
if ( ( error = xfs_alloc_fixup_trees ( cnt_cur , bno_cur_lt , ltbno , ltlen ,
ltnew , rlen , XFSA_FIXUP_BNO_OK ) ) )
goto error0 ;
2009-12-14 23:14:59 +00:00
if ( j )
trace_xfs_alloc_near_greater ( args ) ;
else
trace_xfs_alloc_near_lesser ( args ) ;
2005-04-16 15:20:36 -07:00
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_NOERROR ) ;
xfs_btree_del_cursor ( bno_cur_lt , XFS_BTREE_NOERROR ) ;
return 0 ;
error0 :
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_near_error ( args ) ;
2005-04-16 15:20:36 -07:00
if ( cnt_cur ! = NULL )
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_ERROR ) ;
if ( bno_cur_lt ! = NULL )
xfs_btree_del_cursor ( bno_cur_lt , XFS_BTREE_ERROR ) ;
if ( bno_cur_gt ! = NULL )
xfs_btree_del_cursor ( bno_cur_gt , XFS_BTREE_ERROR ) ;
return error ;
}
/*
* Allocate a variable extent anywhere in the allocation group agno .
* Extent ' s length ( returned in len ) will be between minlen and maxlen ,
* and of the form k * prod + mod unless there ' s nothing that large .
* Return the starting a . g . block , or NULLAGBLOCK if we can ' t do it .
*/
STATIC int /* error */
xfs_alloc_ag_vextent_size (
xfs_alloc_arg_t * args ) /* allocation argument structure */
{
xfs_btree_cur_t * bno_cur ; /* cursor for bno btree */
xfs_btree_cur_t * cnt_cur ; /* cursor for cnt btree */
int error ; /* error result */
xfs_agblock_t fbno ; /* start of found freespace */
xfs_extlen_t flen ; /* length of found freespace */
int i ; /* temp status variable */
xfs_agblock_t rbno ; /* returned block number */
xfs_extlen_t rlen ; /* length of returned extent */
2017-02-07 14:06:57 -08:00
bool busy ;
unsigned busy_gen ;
2005-04-16 15:20:36 -07:00
2011-04-24 19:06:15 +00:00
restart :
2005-04-16 15:20:36 -07:00
/*
* Allocate and initialize a cursor for the by - size btree .
*/
2008-10-30 16:53:59 +11:00
cnt_cur = xfs_allocbt_init_cursor ( args - > mp , args - > tp , args - > agbp ,
args - > agno , XFS_BTNUM_CNT ) ;
2005-04-16 15:20:36 -07:00
bno_cur = NULL ;
2017-02-07 14:06:57 -08:00
busy = false ;
2011-04-24 19:06:15 +00:00
2005-04-16 15:20:36 -07:00
/*
* Look for an entry > = maxlen + alignment - 1 blocks .
*/
if ( ( error = xfs_alloc_lookup_ge ( cnt_cur , 0 ,
args - > maxlen + args - > alignment - 1 , & i ) ) )
goto error0 ;
2011-04-24 19:06:15 +00:00
2005-04-16 15:20:36 -07:00
/*
2017-02-07 14:06:57 -08:00
* If none then we have to settle for a smaller extent . In the case that
* there are no large extents , this will return the last entry in the
* tree unless the tree is empty . In the case that there are only busy
* large extents , this will return the largest small extent unless there
2011-04-24 19:06:15 +00:00
* are no smaller extents available .
2005-04-16 15:20:36 -07:00
*/
2017-02-07 14:06:57 -08:00
if ( ! i ) {
2011-04-24 19:06:15 +00:00
error = xfs_alloc_ag_vextent_small ( args , cnt_cur ,
& fbno , & flen , & i ) ;
if ( error )
2005-04-16 15:20:36 -07:00
goto error0 ;
if ( i = = 0 | | flen = = 0 ) {
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_NOERROR ) ;
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_size_noentry ( args ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
}
ASSERT ( i = = 1 ) ;
2017-02-07 14:06:57 -08:00
busy = xfs_alloc_compute_aligned ( args , fbno , flen , & rbno ,
& rlen , & busy_gen ) ;
2011-04-24 19:06:15 +00:00
} else {
/*
* Search for a non - busy extent that is large enough .
*/
for ( ; ; ) {
error = xfs_alloc_get_rec ( cnt_cur , & fbno , & flen , & i ) ;
if ( error )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , i = = 1 , error0 ) ;
2011-04-24 19:06:15 +00:00
2017-02-07 14:06:57 -08:00
busy = xfs_alloc_compute_aligned ( args , fbno , flen ,
& rbno , & rlen , & busy_gen ) ;
2011-04-24 19:06:15 +00:00
if ( rlen > = args - > maxlen )
break ;
error = xfs_btree_increment ( cnt_cur , 0 , & i ) ;
if ( error )
goto error0 ;
if ( i = = 0 ) {
/*
* Our only valid extents must have been busy .
* Make it unbusy by forcing the log out and
2017-02-07 14:06:57 -08:00
* retrying .
2011-04-24 19:06:15 +00:00
*/
xfs_btree_del_cursor ( cnt_cur ,
XFS_BTREE_NOERROR ) ;
trace_xfs_alloc_size_busy ( args ) ;
2017-02-07 14:06:57 -08:00
xfs_extent_busy_flush ( args - > mp ,
args - > pag , busy_gen ) ;
2011-04-24 19:06:15 +00:00
goto restart ;
}
}
2005-04-16 15:20:36 -07:00
}
2011-04-24 19:06:15 +00:00
2005-04-16 15:20:36 -07:00
/*
* In the first case above , we got the last entry in the
* by - size btree . Now we check to see if the space hits maxlen
* once aligned ; if not , we search left for something better .
* This can ' t happen in the second case above .
*/
rlen = XFS_EXTLEN_MIN ( args - > maxlen , rlen ) ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , rlen = = 0 | |
2005-04-16 15:20:36 -07:00
( rlen < = flen & & rbno + rlen < = fbno + flen ) , error0 ) ;
if ( rlen < args - > maxlen ) {
xfs_agblock_t bestfbno ;
xfs_extlen_t bestflen ;
xfs_agblock_t bestrbno ;
xfs_extlen_t bestrlen ;
bestrlen = rlen ;
bestrbno = rbno ;
bestflen = flen ;
bestfbno = fbno ;
for ( ; ; ) {
2008-10-30 16:55:58 +11:00
if ( ( error = xfs_btree_decrement ( cnt_cur , 0 , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
if ( i = = 0 )
break ;
if ( ( error = xfs_alloc_get_rec ( cnt_cur , & fbno , & flen ,
& i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
if ( flen < bestrlen )
break ;
2017-02-07 14:06:57 -08:00
busy = xfs_alloc_compute_aligned ( args , fbno , flen ,
& rbno , & rlen , & busy_gen ) ;
2005-04-16 15:20:36 -07:00
rlen = XFS_EXTLEN_MIN ( args - > maxlen , rlen ) ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , rlen = = 0 | |
2005-04-16 15:20:36 -07:00
( rlen < = flen & & rbno + rlen < = fbno + flen ) ,
error0 ) ;
if ( rlen > bestrlen ) {
bestrlen = rlen ;
bestrbno = rbno ;
bestflen = flen ;
bestfbno = fbno ;
if ( rlen = = args - > maxlen )
break ;
}
}
if ( ( error = xfs_alloc_lookup_eq ( cnt_cur , bestfbno , bestflen ,
& i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
rlen = bestrlen ;
rbno = bestrbno ;
flen = bestflen ;
fbno = bestfbno ;
}
args - > wasfromfl = 0 ;
/*
* Fix up the length .
*/
args - > len = rlen ;
2011-04-24 19:06:15 +00:00
if ( rlen < args - > minlen ) {
2017-02-07 14:06:57 -08:00
if ( busy ) {
2011-04-24 19:06:15 +00:00
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_NOERROR ) ;
trace_xfs_alloc_size_busy ( args ) ;
2017-02-07 14:06:57 -08:00
xfs_extent_busy_flush ( args - > mp , args - > pag , busy_gen ) ;
2011-04-24 19:06:15 +00:00
goto restart ;
}
goto out_nominleft ;
2005-04-16 15:20:36 -07:00
}
2011-04-24 19:06:15 +00:00
xfs_alloc_fix_len ( args ) ;
2005-04-16 15:20:36 -07:00
rlen = args - > len ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , rlen < = flen , error0 ) ;
2005-04-16 15:20:36 -07:00
/*
* Allocate and initialize a cursor for the by - block tree .
*/
2008-10-30 16:53:59 +11:00
bno_cur = xfs_allocbt_init_cursor ( args - > mp , args - > tp , args - > agbp ,
args - > agno , XFS_BTNUM_BNO ) ;
2005-04-16 15:20:36 -07:00
if ( ( error = xfs_alloc_fixup_trees ( cnt_cur , bno_cur , fbno , flen ,
rbno , rlen , XFSA_FIXUP_CNT_OK ) ) )
goto error0 ;
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_NOERROR ) ;
xfs_btree_del_cursor ( bno_cur , XFS_BTREE_NOERROR ) ;
cnt_cur = bno_cur = NULL ;
args - > len = rlen ;
args - > agbno = rbno ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp ,
2005-04-16 15:20:36 -07:00
args - > agbno + args - > len < =
2005-11-02 15:11:25 +11:00
be32_to_cpu ( XFS_BUF_TO_AGF ( args - > agbp ) - > agf_length ) ,
2005-04-16 15:20:36 -07:00
error0 ) ;
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_size_done ( args ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
error0 :
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_size_error ( args ) ;
2005-04-16 15:20:36 -07:00
if ( cnt_cur )
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_ERROR ) ;
if ( bno_cur )
xfs_btree_del_cursor ( bno_cur , XFS_BTREE_ERROR ) ;
return error ;
2011-04-24 19:06:15 +00:00
out_nominleft :
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_NOERROR ) ;
trace_xfs_alloc_size_nominleft ( args ) ;
args - > agbno = NULLAGBLOCK ;
return 0 ;
2005-04-16 15:20:36 -07:00
}
/*
* Deal with the case where only small freespaces remain .
* Either return the contents of the last freespace record ,
* or allocate space from the freelist if there is nothing in the tree .
*/
STATIC int /* error */
xfs_alloc_ag_vextent_small (
xfs_alloc_arg_t * args , /* allocation argument structure */
xfs_btree_cur_t * ccur , /* by-size cursor */
xfs_agblock_t * fbnop , /* result block number */
xfs_extlen_t * flenp , /* result length */
int * stat ) /* status: 0-freelist, 1-normal/none */
{
2016-08-17 11:12:57 +10:00
struct xfs_owner_info oinfo ;
2005-04-16 15:20:36 -07:00
int error ;
xfs_agblock_t fbno ;
xfs_extlen_t flen ;
int i ;
2008-10-30 16:55:58 +11:00
if ( ( error = xfs_btree_decrement ( ccur , 0 , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
if ( i ) {
if ( ( error = xfs_alloc_get_rec ( ccur , & fbno , & flen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
}
/*
* Nothing in the btree , try the freelist . Make sure
* to respect minleft even when pulling from the
* freelist .
*/
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
else if ( args - > minlen = = 1 & & args - > alignment = = 1 & &
2018-03-09 14:02:32 -08:00
args - > resv ! = XFS_AG_RESV_AGFL & &
2005-11-02 15:11:25 +11:00
( be32_to_cpu ( XFS_BUF_TO_AGF ( args - > agbp ) - > agf_flcount )
> args - > minleft ) ) {
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
error = xfs_alloc_get_freelist ( args - > tp , args - > agbp , & fbno , 0 ) ;
if ( error )
2005-04-16 15:20:36 -07:00
goto error0 ;
if ( fbno ! = NULLAGBLOCK ) {
2012-04-29 10:41:10 +00:00
xfs_extent_busy_reuse ( args - > mp , args - > agno , fbno , 1 ,
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
xfs_alloc_allow_busy_reuse ( args - > datatype ) ) ;
2011-04-24 19:06:16 +00:00
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
if ( xfs_alloc_is_userdata ( args - > datatype ) ) {
2005-04-16 15:20:36 -07:00
xfs_buf_t * bp ;
bp = xfs_btree_get_bufs ( args - > mp , args - > tp ,
args - > agno , fbno , 0 ) ;
2017-10-09 21:08:06 -07:00
if ( ! bp ) {
error = - EFSCORRUPTED ;
goto error0 ;
}
2005-04-16 15:20:36 -07:00
xfs_trans_binval ( args - > tp , bp ) ;
}
args - > len = 1 ;
args - > agbno = fbno ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( args - > mp ,
2005-04-16 15:20:36 -07:00
args - > agbno + args - > len < =
2005-11-02 15:11:25 +11:00
be32_to_cpu ( XFS_BUF_TO_AGF ( args - > agbp ) - > agf_length ) ,
2005-04-16 15:20:36 -07:00
error0 ) ;
args - > wasfromfl = 1 ;
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_small_freelist ( args ) ;
2016-08-17 11:12:57 +10:00
/*
* If we ' re feeding an AGFL block to something that
* doesn ' t live in the free space , we need to clear
2018-03-09 14:02:32 -08:00
* out the OWN_AG rmap .
2016-08-17 11:12:57 +10:00
*/
xfs_rmap_ag_owner ( & oinfo , XFS_RMAP_OWN_AG ) ;
error = xfs_rmap_free ( args - > tp , args - > agbp , args - > agno ,
fbno , 1 , & oinfo ) ;
if ( error )
goto error0 ;
2005-04-16 15:20:36 -07:00
* stat = 0 ;
return 0 ;
}
/*
* Nothing in the freelist .
*/
else
flen = 0 ;
}
/*
* Can ' t allocate from the freelist for some reason .
*/
2006-09-28 11:03:44 +10:00
else {
fbno = NULLAGBLOCK ;
2005-04-16 15:20:36 -07:00
flen = 0 ;
2006-09-28 11:03:44 +10:00
}
2005-04-16 15:20:36 -07:00
/*
* Can ' t do the allocation , give up .
*/
if ( flen < args - > minlen ) {
args - > agbno = NULLAGBLOCK ;
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_small_notenough ( args ) ;
2005-04-16 15:20:36 -07:00
flen = 0 ;
}
* fbnop = fbno ;
* flenp = flen ;
* stat = 1 ;
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_small_done ( args ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
error0 :
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_small_error ( args ) ;
2005-04-16 15:20:36 -07:00
return error ;
}
/*
* Free the extent starting at agno / bno for length .
*/
2016-08-03 11:33:42 +10:00
STATIC int
2005-04-16 15:20:36 -07:00
xfs_free_ag_extent (
2016-08-03 11:33:42 +10:00
xfs_trans_t * tp ,
xfs_buf_t * agbp ,
xfs_agnumber_t agno ,
xfs_agblock_t bno ,
xfs_extlen_t len ,
struct xfs_owner_info * oinfo ,
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
enum xfs_ag_resv_type type )
2005-04-16 15:20:36 -07:00
{
xfs_btree_cur_t * bno_cur ; /* cursor for by-block btree */
xfs_btree_cur_t * cnt_cur ; /* cursor for by-size btree */
int error ; /* error return value */
xfs_agblock_t gtbno ; /* start of right neighbor block */
xfs_extlen_t gtlen ; /* length of right neighbor block */
int haveleft ; /* have a left neighbor block */
int haveright ; /* have a right neighbor block */
int i ; /* temp, result code */
xfs_agblock_t ltbno ; /* start of left neighbor block */
xfs_extlen_t ltlen ; /* length of left neighbor block */
xfs_mount_t * mp ; /* mount point struct for filesystem */
xfs_agblock_t nbno ; /* new starting block of freespace */
xfs_extlen_t nlen ; /* new length of freespace */
2011-03-04 12:59:55 +00:00
xfs_perag_t * pag ; /* per allocation group data */
2005-04-16 15:20:36 -07:00
2016-08-03 11:33:43 +10:00
bno_cur = cnt_cur = NULL ;
2005-04-16 15:20:36 -07:00
mp = tp - > t_mountp ;
2016-08-03 11:33:43 +10:00
2017-12-07 19:07:27 -08:00
if ( ! xfs_rmap_should_skip_owner_update ( oinfo ) ) {
2016-08-03 11:33:43 +10:00
error = xfs_rmap_free ( tp , agbp , agno , bno , len , oinfo ) ;
if ( error )
goto error0 ;
}
2005-04-16 15:20:36 -07:00
/*
* Allocate and initialize a cursor for the by - block btree .
*/
2008-10-30 16:53:59 +11:00
bno_cur = xfs_allocbt_init_cursor ( mp , tp , agbp , agno , XFS_BTNUM_BNO ) ;
2005-04-16 15:20:36 -07:00
/*
* Look for a neighboring block on the left ( lower block numbers )
* that is contiguous with this space .
*/
if ( ( error = xfs_alloc_lookup_le ( bno_cur , bno , len , & haveleft ) ) )
goto error0 ;
if ( haveleft ) {
/*
* There is a block to our left .
*/
if ( ( error = xfs_alloc_get_rec ( bno_cur , & ltbno , & ltlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
/*
* It ' s not contiguous , though .
*/
if ( ltbno + ltlen < bno )
haveleft = 0 ;
else {
/*
* If this failure happens the request to free this
* space was invalid , it ' s ( partly ) already free .
* Very bad .
*/
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp ,
ltbno + ltlen < = bno , error0 ) ;
2005-04-16 15:20:36 -07:00
}
}
/*
* Look for a neighboring block on the right ( higher block numbers )
* that is contiguous with this space .
*/
2008-10-30 16:55:45 +11:00
if ( ( error = xfs_btree_increment ( bno_cur , 0 , & haveright ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
if ( haveright ) {
/*
* There is a block to our right .
*/
if ( ( error = xfs_alloc_get_rec ( bno_cur , & gtbno , & gtlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
/*
* It ' s not contiguous , though .
*/
if ( bno + len < gtbno )
haveright = 0 ;
else {
/*
* If this failure happens the request to free this
* space was invalid , it ' s ( partly ) already free .
* Very bad .
*/
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , gtbno > = bno + len , error0 ) ;
2005-04-16 15:20:36 -07:00
}
}
/*
* Now allocate and initialize a cursor for the by - size tree .
*/
2008-10-30 16:53:59 +11:00
cnt_cur = xfs_allocbt_init_cursor ( mp , tp , agbp , agno , XFS_BTNUM_CNT ) ;
2005-04-16 15:20:36 -07:00
/*
* Have both left and right contiguous neighbors .
* Merge all three into a single free block .
*/
if ( haveleft & & haveright ) {
/*
* Delete the old by - size entry on the left .
*/
if ( ( error = xfs_alloc_lookup_eq ( cnt_cur , ltbno , ltlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2008-10-30 16:58:01 +11:00
if ( ( error = xfs_btree_delete ( cnt_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
/*
* Delete the old by - size entry on the right .
*/
if ( ( error = xfs_alloc_lookup_eq ( cnt_cur , gtbno , gtlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2008-10-30 16:58:01 +11:00
if ( ( error = xfs_btree_delete ( cnt_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
/*
* Delete the old by - block entry for the right block .
*/
2008-10-30 16:58:01 +11:00
if ( ( error = xfs_btree_delete ( bno_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
/*
* Move the by - block cursor back to the left neighbor .
*/
2008-10-30 16:55:58 +11:00
if ( ( error = xfs_btree_decrement ( bno_cur , 0 , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
# ifdef DEBUG
/*
* Check that this is the right record : delete didn ' t
* mangle the cursor .
*/
{
xfs_agblock_t xxbno ;
xfs_extlen_t xxlen ;
if ( ( error = xfs_alloc_get_rec ( bno_cur , & xxbno , & xxlen ,
& i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp ,
2005-04-16 15:20:36 -07:00
i = = 1 & & xxbno = = ltbno & & xxlen = = ltlen ,
error0 ) ;
}
# endif
/*
* Update remaining by - block entry to the new , joined block .
*/
nbno = ltbno ;
nlen = len + ltlen + gtlen ;
if ( ( error = xfs_alloc_update ( bno_cur , nbno , nlen ) ) )
goto error0 ;
}
/*
* Have only a left contiguous neighbor .
* Merge it together with the new freespace .
*/
else if ( haveleft ) {
/*
* Delete the old by - size entry on the left .
*/
if ( ( error = xfs_alloc_lookup_eq ( cnt_cur , ltbno , ltlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2008-10-30 16:58:01 +11:00
if ( ( error = xfs_btree_delete ( cnt_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
/*
* Back up the by - block cursor to the left neighbor , and
* update its length .
*/
2008-10-30 16:55:58 +11:00
if ( ( error = xfs_btree_decrement ( bno_cur , 0 , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
nbno = ltbno ;
nlen = len + ltlen ;
if ( ( error = xfs_alloc_update ( bno_cur , nbno , nlen ) ) )
goto error0 ;
}
/*
* Have only a right contiguous neighbor .
* Merge it together with the new freespace .
*/
else if ( haveright ) {
/*
* Delete the old by - size entry on the right .
*/
if ( ( error = xfs_alloc_lookup_eq ( cnt_cur , gtbno , gtlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2008-10-30 16:58:01 +11:00
if ( ( error = xfs_btree_delete ( cnt_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
/*
* Update the starting block and length of the right
* neighbor in the by - block tree .
*/
nbno = bno ;
nlen = len + gtlen ;
if ( ( error = xfs_alloc_update ( bno_cur , nbno , nlen ) ) )
goto error0 ;
}
/*
* No contiguous neighbors .
* Insert the new freespace into the by - block tree .
*/
else {
nbno = bno ;
nlen = len ;
2008-10-30 16:57:40 +11:00
if ( ( error = xfs_btree_insert ( bno_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
}
xfs_btree_del_cursor ( bno_cur , XFS_BTREE_NOERROR ) ;
bno_cur = NULL ;
/*
* In all cases we need to insert the new freespace in the by - size tree .
*/
if ( ( error = xfs_alloc_lookup_eq ( cnt_cur , nbno , nlen , & i ) ) )
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 0 , error0 ) ;
2008-10-30 16:57:40 +11:00
if ( ( error = xfs_btree_insert ( cnt_cur , & i ) ) )
2005-04-16 15:20:36 -07:00
goto error0 ;
2015-02-23 22:39:08 +11:00
XFS_WANT_CORRUPTED_GOTO ( mp , i = = 1 , error0 ) ;
2005-04-16 15:20:36 -07:00
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_NOERROR ) ;
cnt_cur = NULL ;
2011-03-04 12:59:55 +00:00
2005-04-16 15:20:36 -07:00
/*
* Update the freespace totals in the ag and superblock .
*/
2011-03-04 12:59:55 +00:00
pag = xfs_perag_get ( mp , agno ) ;
error = xfs_alloc_update_counters ( tp , pag , agbp , len ) ;
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
xfs_ag_resv_free_extent ( pag , type , tp , len ) ;
2011-03-04 12:59:55 +00:00
xfs_perag_put ( pag ) ;
if ( error )
goto error0 ;
2015-10-12 18:21:22 +11:00
XFS_STATS_INC ( mp , xs_freex ) ;
XFS_STATS_ADD ( mp , xs_freeb , len ) ;
2009-12-14 23:14:59 +00:00
2018-03-09 14:01:59 -08:00
trace_xfs_free_extent ( mp , agno , bno , len , type , haveleft , haveright ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
error0 :
2018-03-09 14:01:59 -08:00
trace_xfs_free_extent ( mp , agno , bno , len , type , - 1 , - 1 ) ;
2005-04-16 15:20:36 -07:00
if ( bno_cur )
xfs_btree_del_cursor ( bno_cur , XFS_BTREE_ERROR ) ;
if ( cnt_cur )
xfs_btree_del_cursor ( cnt_cur , XFS_BTREE_ERROR ) ;
return error ;
}
/*
* Visible ( exported ) allocation / free functions .
* Some of these are used just by xfs_alloc_btree . c and this file .
*/
/*
* Compute and fill in value of m_ag_maxlevels .
*/
void
xfs_alloc_compute_maxlevels (
xfs_mount_t * mp ) /* file system mount structure */
{
2018-04-06 10:09:42 -07:00
mp - > m_ag_maxlevels = xfs_btree_compute_maxlevels ( mp - > m_alloc_mnr ,
2016-06-21 11:53:28 +10:00
( mp - > m_sb . sb_agblocks + 1 ) / 2 ) ;
2005-04-16 15:20:36 -07:00
}
2009-03-16 08:29:46 +01:00
/*
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
* Find the length of the longest extent in an AG . The ' need ' parameter
* specifies how much space we ' re going to need for the AGFL and the
* ' reserved ' parameter tells us how many blocks in this AG are reserved for
* other callers .
2009-03-16 08:29:46 +01:00
*/
xfs_extlen_t
xfs_alloc_longest_free_extent (
2015-06-22 10:04:31 +10:00
struct xfs_perag * pag ,
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
xfs_extlen_t need ,
xfs_extlen_t reserved )
2009-03-16 08:29:46 +01:00
{
2015-06-22 10:04:31 +10:00
xfs_extlen_t delta = 0 ;
2009-03-16 08:29:46 +01:00
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
/*
* If the AGFL needs a recharge , we ' ll have to subtract that from the
* longest extent .
*/
2009-03-16 08:29:46 +01:00
if ( need > pag - > pagf_flcount )
delta = need - pag - > pagf_flcount ;
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
/*
* If we cannot maintain others ' reservations with space from the
* not - longest freesp extents , we ' ll have to subtract / that / from
* the longest extent too .
*/
if ( pag - > pagf_freeblks - pag - > pagf_longest < reserved )
delta + = reserved - ( pag - > pagf_freeblks - pag - > pagf_longest ) ;
/*
* If the longest extent is long enough to satisfy all the
* reservations and AGFL rules in place , we can return this extent .
*/
2009-03-16 08:29:46 +01:00
if ( pag - > pagf_longest > delta )
return pag - > pagf_longest - delta ;
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
/* Otherwise, let the caller try for 1 block if there's space. */
2009-03-16 08:29:46 +01:00
return pag - > pagf_flcount > 0 | | pag - > pagf_longest > 0 ;
}
2015-06-22 10:13:30 +10:00
unsigned int
xfs_alloc_min_freelist (
struct xfs_mount * mp ,
struct xfs_perag * pag )
{
unsigned int min_free ;
/* space needed by-bno freespace btree */
min_free = min_t ( unsigned int , pag - > pagf_levels [ XFS_BTNUM_BNOi ] + 1 ,
mp - > m_ag_maxlevels ) ;
/* space needed by-size freespace btree */
min_free + = min_t ( unsigned int , pag - > pagf_levels [ XFS_BTNUM_CNTi ] + 1 ,
mp - > m_ag_maxlevels ) ;
2016-08-03 11:38:24 +10:00
/* space needed reverse mapping used space btree */
if ( xfs_sb_version_hasrmapbt ( & mp - > m_sb ) )
min_free + = min_t ( unsigned int ,
pag - > pagf_levels [ XFS_BTNUM_RMAPi ] + 1 ,
mp - > m_rmap_maxlevels ) ;
2015-06-22 10:13:30 +10:00
return min_free ;
}
2015-06-22 10:04:42 +10:00
/*
* Check if the operation we are fixing up the freelist for should go ahead or
* not . If we are freeing blocks , we always allow it , otherwise the allocation
* is dependent on whether the size and shape of free space available will
* permit the requested allocation to take place .
*/
static bool
xfs_alloc_space_available (
struct xfs_alloc_arg * args ,
xfs_extlen_t min_free ,
int flags )
{
struct xfs_perag * pag = args - > pag ;
2017-01-09 13:39:35 -08:00
xfs_extlen_t alloc_len , longest ;
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
xfs_extlen_t reservation ; /* blocks that are still reserved */
2015-06-22 10:04:42 +10:00
int available ;
if ( flags & XFS_ALLOC_FLAG_FREEING )
return true ;
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
reservation = xfs_ag_resv_needed ( pag , args - > resv ) ;
2015-06-22 10:04:42 +10:00
/* do we have enough contiguous free space for the allocation? */
2017-01-09 13:39:35 -08:00
alloc_len = args - > minlen + ( args - > alignment - 1 ) + args - > minalignslop ;
2018-04-06 10:09:42 -07:00
longest = xfs_alloc_longest_free_extent ( pag , min_free , reservation ) ;
2017-01-09 13:39:35 -08:00
if ( longest < alloc_len )
2015-06-22 10:04:42 +10:00
return false ;
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
/* do we have enough free space remaining for the allocation? */
2015-06-22 10:04:42 +10:00
available = ( int ) ( pag - > pagf_freeblks + pag - > pagf_flcount -
2017-01-09 13:44:30 -08:00
reservation - min_free - args - > minleft ) ;
2017-01-09 13:39:35 -08:00
if ( available < ( int ) max ( args - > total , alloc_len ) )
2015-06-22 10:04:42 +10:00
return false ;
2017-01-09 13:44:30 -08:00
/*
* Clamp maxlen to the amount of free space available for the actual
* extent allocation .
*/
if ( available < ( int ) args - > maxlen & & ! ( flags & XFS_ALLOC_FLAG_CHECK ) ) {
args - > maxlen = available ;
ASSERT ( args - > maxlen > 0 ) ;
ASSERT ( args - > maxlen > = args - > minlen ) ;
}
2015-06-22 10:04:42 +10:00
return true ;
}
2018-05-07 17:38:46 -07:00
int
xfs_free_agfl_block (
struct xfs_trans * tp ,
xfs_agnumber_t agno ,
xfs_agblock_t agbno ,
struct xfs_buf * agbp ,
struct xfs_owner_info * oinfo )
{
int error ;
struct xfs_buf * bp ;
error = xfs_free_ag_extent ( tp , agbp , agno , agbno , 1 , oinfo ,
XFS_AG_RESV_AGFL ) ;
if ( error )
return error ;
bp = xfs_btree_get_bufs ( tp - > t_mountp , tp , agno , agbno , 0 ) ;
if ( ! bp )
return - EFSCORRUPTED ;
xfs_trans_binval ( tp , bp ) ;
return 0 ;
}
2018-03-15 10:51:58 -07:00
/*
* Check the agfl fields of the agf for inconsistency or corruption . The purpose
* is to detect an agfl header padding mismatch between current and early v5
* kernels . This problem manifests as a 1 - slot size difference between the
* on - disk flcount and the active [ first , last ] range of a wrapped agfl . This
* may also catch variants of agfl count corruption unrelated to padding . Either
* way , we ' ll reset the agfl and warn the user .
*
* Return true if a reset is required before the agfl can be used , false
* otherwise .
*/
static bool
xfs_agfl_needs_reset (
struct xfs_mount * mp ,
struct xfs_agf * agf )
{
uint32_t f = be32_to_cpu ( agf - > agf_flfirst ) ;
uint32_t l = be32_to_cpu ( agf - > agf_fllast ) ;
uint32_t c = be32_to_cpu ( agf - > agf_flcount ) ;
int agfl_size = xfs_agfl_size ( mp ) ;
int active ;
/* no agfl header on v4 supers */
if ( ! xfs_sb_version_hascrc ( & mp - > m_sb ) )
return false ;
/*
* The agf read verifier catches severe corruption of these fields .
* Repeat some sanity checks to cover a packed - > unpacked mismatch if
* the verifier allows it .
*/
if ( f > = agfl_size | | l > = agfl_size )
return true ;
if ( c > agfl_size )
return true ;
/*
* Check consistency between the on - disk count and the active range . An
* agfl padding mismatch manifests as an inconsistent flcount .
*/
if ( c & & l > = f )
active = l - f + 1 ;
else if ( c )
active = agfl_size - f + l + 1 ;
else
active = 0 ;
return active ! = c ;
}
/*
* Reset the agfl to an empty state . Ignore / drop any existing blocks since the
* agfl content cannot be trusted . Warn the user that a repair is required to
* recover leaked blocks .
*
* The purpose of this mechanism is to handle filesystems affected by the agfl
* header padding mismatch problem . A reset keeps the filesystem online with a
* relatively minor free space accounting inconsistency rather than suffer the
* inevitable crash from use of an invalid agfl block .
*/
static void
xfs_agfl_reset (
struct xfs_trans * tp ,
struct xfs_buf * agbp ,
struct xfs_perag * pag )
{
struct xfs_mount * mp = tp - > t_mountp ;
struct xfs_agf * agf = XFS_BUF_TO_AGF ( agbp ) ;
ASSERT ( pag - > pagf_agflreset ) ;
trace_xfs_agfl_reset ( mp , agf , 0 , _RET_IP_ ) ;
xfs_warn ( mp ,
" WARNING: Reset corrupted AGFL on AG %u. %d blocks leaked. "
" Please unmount and run xfs_repair. " ,
pag - > pag_agno , pag - > pagf_flcount ) ;
agf - > agf_flfirst = 0 ;
agf - > agf_fllast = cpu_to_be32 ( xfs_agfl_size ( mp ) - 1 ) ;
agf - > agf_flcount = 0 ;
xfs_alloc_log_agf ( tp , agbp , XFS_AGF_FLFIRST | XFS_AGF_FLLAST |
XFS_AGF_FLCOUNT ) ;
pag - > pagf_flcount = 0 ;
pag - > pagf_agflreset = false ;
}
2018-05-07 17:38:47 -07:00
/*
* Defer an AGFL block free . This is effectively equivalent to
* xfs_bmap_add_free ( ) with some special handling particular to AGFL blocks .
*
* Deferring AGFL frees helps prevent log reservation overruns due to too many
* allocation operations in a transaction . AGFL frees are prone to this problem
* because for one they are always freed one at a time . Further , an immediate
* AGFL block free can cause a btree join and require another block free before
* the real allocation can proceed . Deferring the free disconnects freeing up
* the AGFL slot from freeing the block .
*/
STATIC void
xfs_defer_agfl_block (
2018-08-01 07:20:34 -07:00
struct xfs_trans * tp ,
2018-05-07 17:38:47 -07:00
xfs_agnumber_t agno ,
xfs_fsblock_t agbno ,
struct xfs_owner_info * oinfo )
{
2018-08-01 07:20:34 -07:00
struct xfs_mount * mp = tp - > t_mountp ;
2018-05-07 17:38:47 -07:00
struct xfs_extent_free_item * new ; /* new element */
ASSERT ( xfs_bmap_free_item_zone ! = NULL ) ;
ASSERT ( oinfo ! = NULL ) ;
new = kmem_zone_alloc ( xfs_bmap_free_item_zone , KM_SLEEP ) ;
new - > xefi_startblock = XFS_AGB_TO_FSB ( mp , agno , agbno ) ;
new - > xefi_blockcount = 1 ;
new - > xefi_oinfo = * oinfo ;
trace_xfs_agfl_free_defer ( mp , agno , 0 , agbno , 1 ) ;
2018-08-01 07:20:34 -07:00
xfs_defer_add ( tp , XFS_DEFER_OPS_TYPE_AGFL_FREE , & new - > xefi_list ) ;
2018-05-07 17:38:47 -07:00
}
2005-04-16 15:20:36 -07:00
/*
* Decide whether to use this allocation group for this allocation .
* If so , fix up the btree freelist ' s size .
*/
2016-01-04 16:10:42 +11:00
int /* error */
2005-04-16 15:20:36 -07:00
xfs_alloc_fix_freelist (
2015-06-22 10:13:19 +10:00
struct xfs_alloc_arg * args , /* allocation argument structure */
int flags ) /* XFS_ALLOC_FLAG_... */
2005-04-16 15:20:36 -07:00
{
2015-06-22 10:13:19 +10:00
struct xfs_mount * mp = args - > mp ;
struct xfs_perag * pag = args - > pag ;
struct xfs_trans * tp = args - > tp ;
struct xfs_buf * agbp = NULL ;
struct xfs_buf * agflbp = NULL ;
struct xfs_alloc_arg targs ; /* local allocation arguments */
xfs_agblock_t bno ; /* freelist block */
xfs_extlen_t need ; /* total blocks needed in freelist */
2015-08-25 10:05:13 +10:00
int error = 0 ;
2015-06-22 10:13:19 +10:00
2005-04-16 15:20:36 -07:00
if ( ! pag - > pagf_init ) {
2015-06-22 10:13:19 +10:00
error = xfs_alloc_read_agf ( mp , tp , args - > agno , flags , & agbp ) ;
if ( error )
goto out_no_agbp ;
2005-04-16 15:20:36 -07:00
if ( ! pag - > pagf_init ) {
2006-08-10 14:40:41 +10:00
ASSERT ( flags & XFS_ALLOC_FLAG_TRYLOCK ) ;
ASSERT ( ! ( flags & XFS_ALLOC_FLAG_FREEING ) ) ;
2015-06-22 10:13:19 +10:00
goto out_agbp_relse ;
2005-04-16 15:20:36 -07:00
}
2015-06-22 10:13:19 +10:00
}
2005-04-16 15:20:36 -07:00
2006-08-10 14:40:41 +10:00
/*
2015-06-22 10:13:19 +10:00
* If this is a metadata preferred pag and we are user data then try
* somewhere else if we are not being asked to try harder at this
* point
2005-04-16 15:20:36 -07:00
*/
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
if ( pag - > pagf_metadata & & xfs_alloc_is_userdata ( args - > datatype ) & &
2006-08-10 14:40:41 +10:00
( flags & XFS_ALLOC_FLAG_TRYLOCK ) ) {
ASSERT ( ! ( flags & XFS_ALLOC_FLAG_FREEING ) ) ;
2015-06-22 10:13:19 +10:00
goto out_agbp_relse ;
2005-04-16 15:20:36 -07:00
}
2015-06-22 10:13:30 +10:00
need = xfs_alloc_min_freelist ( mp , pag ) ;
2017-01-09 13:44:30 -08:00
if ( ! xfs_alloc_space_available ( args , need , flags |
XFS_ALLOC_FLAG_CHECK ) )
2015-06-22 10:13:19 +10:00
goto out_agbp_relse ;
2006-08-10 14:40:41 +10:00
2005-04-16 15:20:36 -07:00
/*
* Get the a . g . freespace buffer .
* Can fail if we ' re not blocking on locks , and it ' s held .
*/
2015-06-22 10:13:19 +10:00
if ( ! agbp ) {
error = xfs_alloc_read_agf ( mp , tp , args - > agno , flags , & agbp ) ;
if ( error )
goto out_no_agbp ;
if ( ! agbp ) {
2006-08-10 14:40:41 +10:00
ASSERT ( flags & XFS_ALLOC_FLAG_TRYLOCK ) ;
ASSERT ( ! ( flags & XFS_ALLOC_FLAG_FREEING ) ) ;
2015-06-22 10:13:19 +10:00
goto out_no_agbp ;
2006-08-10 14:40:41 +10:00
}
2005-04-16 15:20:36 -07:00
}
2015-06-22 10:04:31 +10:00
2018-03-15 10:51:58 -07:00
/* reset a padding mismatched agfl before final free space check */
if ( pag - > pagf_agflreset )
xfs_agfl_reset ( tp , agbp , pag ) ;
2015-06-22 10:04:31 +10:00
/* If there isn't enough total space or single-extent, reject it. */
2015-06-22 10:13:30 +10:00
need = xfs_alloc_min_freelist ( mp , pag ) ;
2015-06-22 10:13:19 +10:00
if ( ! xfs_alloc_space_available ( args , need , flags ) )
goto out_agbp_relse ;
2015-06-22 10:04:42 +10:00
2005-04-16 15:20:36 -07:00
/*
* Make the freelist shorter if it ' s too long .
2015-06-22 10:04:31 +10:00
*
2015-06-22 10:13:19 +10:00
* Note that from this point onwards , we will always release the agf and
* agfl buffers on error . This handles the case where we error out and
* the buffers are clean or may not have been joined to the transaction
* and hence need to be released manually . If they have been joined to
* the transaction , then xfs_trans_brelse ( ) will handle them
* appropriately based on the recursion count and dirty state of the
* buffer .
*
2015-06-22 10:04:31 +10:00
* XXX ( dgc ) : When we have lots of free space , does this buy us
* anything other than extra overhead when we need to put more blocks
* back on the free list ? Maybe we should only do this when space is
* getting low or the AGFL is more than half full ?
2016-08-03 12:19:53 +10:00
*
* The NOSHRINK flag prevents the AGFL from being shrunk if it ' s too
* big ; the NORMAP flag prevents AGFL expand / shrink operations from
* updating the rmapbt . Both flags are used in xfs_repair while we ' re
* rebuilding the rmapbt , and neither are used by the kernel . They ' re
* both required to ensure that rmaps are correctly recorded for the
* regenerated AGFL , bnobt , and cntbt . See repair / phase5 . c and
* repair / rmap . c in xfsprogs for details .
2005-04-16 15:20:36 -07:00
*/
2016-08-03 12:19:53 +10:00
memset ( & targs , 0 , sizeof ( targs ) ) ;
if ( flags & XFS_ALLOC_FLAG_NORMAP )
xfs_rmap_skip_owner_update ( & targs . oinfo ) ;
else
xfs_rmap_ag_owner ( & targs . oinfo , XFS_RMAP_OWN_AG ) ;
while ( ! ( flags & XFS_ALLOC_FLAG_NOSHRINK ) & & pag - > pagf_flcount > need ) {
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
error = xfs_alloc_get_freelist ( tp , agbp , & bno , 0 ) ;
if ( error )
2015-06-22 10:13:19 +10:00
goto out_agbp_relse ;
2018-05-07 17:38:46 -07:00
2018-08-01 07:20:35 -07:00
/* defer agfl frees */
xfs_defer_agfl_block ( tp , args - > agno , bno , & targs . oinfo ) ;
2005-04-16 15:20:36 -07:00
}
2015-06-22 10:04:31 +10:00
2005-04-16 15:20:36 -07:00
targs . tp = tp ;
targs . mp = mp ;
targs . agbp = agbp ;
targs . agno = args - > agno ;
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
targs . alignment = targs . minlen = targs . prod = 1 ;
2005-04-16 15:20:36 -07:00
targs . type = XFS_ALLOCTYPE_THIS_AG ;
targs . pag = pag ;
2015-06-22 10:04:31 +10:00
error = xfs_alloc_read_agfl ( mp , tp , targs . agno , & agflbp ) ;
if ( error )
2015-06-22 10:13:19 +10:00
goto out_agbp_relse ;
2015-06-22 10:04:31 +10:00
/* Make the freelist longer if it's too short. */
while ( pag - > pagf_flcount < need ) {
2005-04-16 15:20:36 -07:00
targs . agbno = 0 ;
2015-06-22 10:04:31 +10:00
targs . maxlen = need - pag - > pagf_flcount ;
2018-03-09 14:02:32 -08:00
targs . resv = XFS_AG_RESV_AGFL ;
2015-06-22 10:04:31 +10:00
/* Allocate as many blocks as possible at once. */
error = xfs_alloc_ag_vextent ( & targs ) ;
2015-06-22 10:13:19 +10:00
if ( error )
goto out_agflbp_relse ;
2005-04-16 15:20:36 -07:00
/*
* Stop if we run out . Won ' t happen if callers are obeying
* the restrictions correctly . Can happen for free calls
* on a completely full ag .
*/
2006-06-09 14:55:18 +10:00
if ( targs . agbno = = NULLAGBLOCK ) {
2006-08-10 14:40:41 +10:00
if ( flags & XFS_ALLOC_FLAG_FREEING )
break ;
2015-06-22 10:13:19 +10:00
goto out_agflbp_relse ;
2006-06-09 14:55:18 +10:00
}
2005-04-16 15:20:36 -07:00
/*
* Put each allocated block on the list .
*/
for ( bno = targs . agbno ; bno < targs . agbno + targs . len ; bno + + ) {
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
error = xfs_alloc_put_freelist ( tp , agbp ,
agflbp , bno , 0 ) ;
if ( error )
2015-06-22 10:13:19 +10:00
goto out_agflbp_relse ;
2005-04-16 15:20:36 -07:00
}
}
2006-05-08 19:51:58 +10:00
xfs_trans_brelse ( tp , agflbp ) ;
2005-04-16 15:20:36 -07:00
args - > agbp = agbp ;
return 0 ;
2015-06-22 10:13:19 +10:00
out_agflbp_relse :
xfs_trans_brelse ( tp , agflbp ) ;
out_agbp_relse :
if ( agbp )
xfs_trans_brelse ( tp , agbp ) ;
out_no_agbp :
args - > agbp = NULL ;
return error ;
2005-04-16 15:20:36 -07:00
}
/*
* Get a block from the freelist .
* Returns with the buffer for the block gotten .
*/
int /* error */
xfs_alloc_get_freelist (
xfs_trans_t * tp , /* transaction pointer */
xfs_buf_t * agbp , /* buffer containing the agf structure */
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
xfs_agblock_t * bnop , /* block address retrieved from freelist */
int btreeblk ) /* destination is a AGF btree */
2005-04-16 15:20:36 -07:00
{
xfs_agf_t * agf ; /* a.g. freespace structure */
xfs_buf_t * agflbp ; /* buffer for a.g. freelist structure */
xfs_agblock_t bno ; /* block number returned */
2013-04-03 16:11:14 +11:00
__be32 * agfl_bno ;
2005-04-16 15:20:36 -07:00
int error ;
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
int logflags ;
2013-04-03 16:11:14 +11:00
xfs_mount_t * mp = tp - > t_mountp ;
2005-04-16 15:20:36 -07:00
xfs_perag_t * pag ; /* per allocation group data */
/*
* Freelist is empty , give up .
*/
2013-04-03 16:11:14 +11:00
agf = XFS_BUF_TO_AGF ( agbp ) ;
2005-04-16 15:20:36 -07:00
if ( ! agf - > agf_flcount ) {
* bnop = NULLAGBLOCK ;
return 0 ;
}
/*
* Read the array of free blocks .
*/
2013-04-03 16:11:14 +11:00
error = xfs_alloc_read_agfl ( mp , tp , be32_to_cpu ( agf - > agf_seqno ) ,
& agflbp ) ;
if ( error )
2005-04-16 15:20:36 -07:00
return error ;
2013-04-03 16:11:14 +11:00
2005-04-16 15:20:36 -07:00
/*
* Get the block number and update the data structures .
*/
2013-04-03 16:11:14 +11:00
agfl_bno = XFS_BUF_TO_AGFL_BNO ( mp , agflbp ) ;
bno = be32_to_cpu ( agfl_bno [ be32_to_cpu ( agf - > agf_flfirst ) ] ) ;
2008-02-13 15:03:29 -08:00
be32_add_cpu ( & agf - > agf_flfirst , 1 ) ;
2005-04-16 15:20:36 -07:00
xfs_trans_brelse ( tp , agflbp ) ;
2018-03-06 17:08:32 -08:00
if ( be32_to_cpu ( agf - > agf_flfirst ) = = xfs_agfl_size ( mp ) )
2005-04-16 15:20:36 -07:00
agf - > agf_flfirst = 0 ;
2010-01-11 11:47:41 +00:00
pag = xfs_perag_get ( mp , be32_to_cpu ( agf - > agf_seqno ) ) ;
2018-03-15 10:51:58 -07:00
ASSERT ( ! pag - > pagf_agflreset ) ;
2008-02-13 15:03:29 -08:00
be32_add_cpu ( & agf - > agf_flcount , - 1 ) ;
2005-04-16 15:20:36 -07:00
xfs_trans_agflist_delta ( tp , - 1 ) ;
pag - > pagf_flcount - - ;
2010-01-11 11:47:41 +00:00
xfs_perag_put ( pag ) ;
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
logflags = XFS_AGF_FLFIRST | XFS_AGF_FLCOUNT ;
if ( btreeblk ) {
2008-02-13 15:03:29 -08:00
be32_add_cpu ( & agf - > agf_btreeblks , 1 ) ;
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
pag - > pagf_btreeblks + + ;
logflags | = XFS_AGF_BTREEBLKS ;
}
xfs_alloc_log_agf ( tp , agbp , logflags ) ;
2005-04-16 15:20:36 -07:00
* bnop = bno ;
return 0 ;
}
/*
* Log the given fields from the agf structure .
*/
void
xfs_alloc_log_agf (
xfs_trans_t * tp , /* transaction pointer */
xfs_buf_t * bp , /* buffer for a.g. freelist header */
int fields ) /* mask of fields to be logged (XFS_AGF_...) */
{
int first ; /* first byte offset */
int last ; /* last byte offset */
static const short offsets [ ] = {
offsetof ( xfs_agf_t , agf_magicnum ) ,
offsetof ( xfs_agf_t , agf_versionnum ) ,
offsetof ( xfs_agf_t , agf_seqno ) ,
offsetof ( xfs_agf_t , agf_length ) ,
offsetof ( xfs_agf_t , agf_roots [ 0 ] ) ,
offsetof ( xfs_agf_t , agf_levels [ 0 ] ) ,
offsetof ( xfs_agf_t , agf_flfirst ) ,
offsetof ( xfs_agf_t , agf_fllast ) ,
offsetof ( xfs_agf_t , agf_flcount ) ,
offsetof ( xfs_agf_t , agf_freeblks ) ,
offsetof ( xfs_agf_t , agf_longest ) ,
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
offsetof ( xfs_agf_t , agf_btreeblks ) ,
2013-04-03 16:11:13 +11:00
offsetof ( xfs_agf_t , agf_uuid ) ,
2016-08-17 08:31:49 +10:00
offsetof ( xfs_agf_t , agf_rmap_blocks ) ,
2016-10-03 09:11:19 -07:00
offsetof ( xfs_agf_t , agf_refcount_blocks ) ,
offsetof ( xfs_agf_t , agf_refcount_root ) ,
offsetof ( xfs_agf_t , agf_refcount_level ) ,
2016-08-26 15:59:31 +10:00
/* needed so that we don't log the whole rest of the structure: */
offsetof ( xfs_agf_t , agf_spare64 ) ,
2005-04-16 15:20:36 -07:00
sizeof ( xfs_agf_t )
} ;
2009-12-14 23:14:59 +00:00
trace_xfs_agf ( tp - > t_mountp , XFS_BUF_TO_AGF ( bp ) , fields , _RET_IP_ ) ;
2013-04-03 16:11:30 +11:00
xfs_trans_buf_set_type ( tp , bp , XFS_BLFT_AGF_BUF ) ;
2013-04-03 16:11:13 +11:00
2005-04-16 15:20:36 -07:00
xfs_btree_offsets ( fields , offsets , XFS_AGF_NUM_BITS , & first , & last ) ;
xfs_trans_log_buf ( tp , bp , ( uint ) first , ( uint ) last ) ;
}
/*
* Interface for inode allocation to force the pag data to be initialized .
*/
int /* error */
xfs_alloc_pagf_init (
xfs_mount_t * mp , /* file system mount structure */
xfs_trans_t * tp , /* transaction pointer */
xfs_agnumber_t agno , /* allocation group number */
int flags ) /* XFS_ALLOC_FLAGS_... */
{
xfs_buf_t * bp ;
int error ;
if ( ( error = xfs_alloc_read_agf ( mp , tp , agno , flags , & bp ) ) )
return error ;
if ( bp )
xfs_trans_brelse ( tp , bp ) ;
return 0 ;
}
/*
* Put the block on the freelist for the allocation group .
*/
int /* error */
xfs_alloc_put_freelist (
xfs_trans_t * tp , /* transaction pointer */
xfs_buf_t * agbp , /* buffer for a.g. freelist header */
xfs_buf_t * agflbp , /* buffer for a.g. free block array */
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
xfs_agblock_t bno , /* block being freed */
int btreeblk ) /* block came from a AGF btree */
2005-04-16 15:20:36 -07:00
{
xfs_agf_t * agf ; /* a.g. freespace structure */
2006-09-28 10:56:51 +10:00
__be32 * blockp ; /* pointer to array entry */
2005-04-16 15:20:36 -07:00
int error ;
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
int logflags ;
2005-04-16 15:20:36 -07:00
xfs_mount_t * mp ; /* mount structure */
xfs_perag_t * pag ; /* per allocation group data */
2013-04-03 16:11:14 +11:00
__be32 * agfl_bno ;
int startoff ;
2005-04-16 15:20:36 -07:00
agf = XFS_BUF_TO_AGF ( agbp ) ;
mp = tp - > t_mountp ;
if ( ! agflbp & & ( error = xfs_alloc_read_agfl ( mp , tp ,
2005-11-02 15:11:25 +11:00
be32_to_cpu ( agf - > agf_seqno ) , & agflbp ) ) )
2005-04-16 15:20:36 -07:00
return error ;
2008-02-13 15:03:29 -08:00
be32_add_cpu ( & agf - > agf_fllast , 1 ) ;
2018-03-06 17:08:32 -08:00
if ( be32_to_cpu ( agf - > agf_fllast ) = = xfs_agfl_size ( mp ) )
2005-04-16 15:20:36 -07:00
agf - > agf_fllast = 0 ;
2010-01-11 11:47:41 +00:00
pag = xfs_perag_get ( mp , be32_to_cpu ( agf - > agf_seqno ) ) ;
2018-03-15 10:51:58 -07:00
ASSERT ( ! pag - > pagf_agflreset ) ;
2008-02-13 15:03:29 -08:00
be32_add_cpu ( & agf - > agf_flcount , 1 ) ;
2005-04-16 15:20:36 -07:00
xfs_trans_agflist_delta ( tp , 1 ) ;
pag - > pagf_flcount + + ;
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
logflags = XFS_AGF_FLLAST | XFS_AGF_FLCOUNT ;
if ( btreeblk ) {
2008-02-13 15:03:29 -08:00
be32_add_cpu ( & agf - > agf_btreeblks , - 1 ) ;
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
pag - > pagf_btreeblks - - ;
logflags | = XFS_AGF_BTREEBLKS ;
}
2010-01-11 11:47:41 +00:00
xfs_perag_put ( pag ) ;
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
xfs_alloc_log_agf ( tp , agbp , logflags ) ;
2018-03-06 17:08:32 -08:00
ASSERT ( be32_to_cpu ( agf - > agf_flcount ) < = xfs_agfl_size ( mp ) ) ;
2013-04-03 16:11:14 +11:00
agfl_bno = XFS_BUF_TO_AGFL_BNO ( mp , agflbp ) ;
blockp = & agfl_bno [ be32_to_cpu ( agf - > agf_fllast ) ] ;
2006-09-28 10:56:51 +10:00
* blockp = cpu_to_be32 ( bno ) ;
2013-04-03 16:11:14 +11:00
startoff = ( char * ) blockp - ( char * ) agflbp - > b_addr ;
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
xfs_alloc_log_agf ( tp , agbp , logflags ) ;
2013-04-03 16:11:14 +11:00
2013-04-03 16:11:30 +11:00
xfs_trans_buf_set_type ( tp , agflbp , XFS_BLFT_AGFL_BUF ) ;
2013-04-03 16:11:14 +11:00
xfs_trans_log_buf ( tp , agflbp , startoff ,
startoff + sizeof ( xfs_agblock_t ) - 1 ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
}
2018-01-08 10:51:03 -08:00
static xfs_failaddr_t
2012-11-14 17:52:32 +11:00
xfs_agf_verify (
2018-01-08 10:51:08 -08:00
struct xfs_buf * bp )
{
struct xfs_mount * mp = bp - > b_target - > bt_mount ;
struct xfs_agf * agf = XFS_BUF_TO_AGF ( bp ) ;
2012-11-14 17:44:56 +11:00
2015-10-12 15:59:25 +11:00
if ( xfs_sb_version_hascrc ( & mp - > m_sb ) ) {
if ( ! uuid_equal ( & agf - > agf_uuid , & mp - > m_sb . sb_meta_uuid ) )
2018-01-08 10:51:03 -08:00
return __this_address ;
2015-10-12 15:59:25 +11:00
if ( ! xfs_log_check_lsn ( mp ,
be64_to_cpu ( XFS_BUF_TO_AGF ( bp ) - > agf_lsn ) ) )
2018-01-08 10:51:03 -08:00
return __this_address ;
2015-10-12 15:59:25 +11:00
}
2012-11-14 17:44:56 +11:00
2013-04-03 16:11:13 +11:00
if ( ! ( agf - > agf_magicnum = = cpu_to_be32 ( XFS_AGF_MAGIC ) & &
XFS_AGF_GOOD_VERSION ( be32_to_cpu ( agf - > agf_versionnum ) ) & &
be32_to_cpu ( agf - > agf_freeblks ) < = be32_to_cpu ( agf - > agf_length ) & &
2018-03-06 17:08:32 -08:00
be32_to_cpu ( agf - > agf_flfirst ) < xfs_agfl_size ( mp ) & &
be32_to_cpu ( agf - > agf_fllast ) < xfs_agfl_size ( mp ) & &
be32_to_cpu ( agf - > agf_flcount ) < = xfs_agfl_size ( mp ) ) )
2018-01-08 10:51:03 -08:00
return __this_address ;
2012-11-14 17:44:56 +11:00
2016-12-05 12:32:50 +11:00
if ( be32_to_cpu ( agf - > agf_levels [ XFS_BTNUM_BNO ] ) < 1 | |
be32_to_cpu ( agf - > agf_levels [ XFS_BTNUM_CNT ] ) < 1 | |
be32_to_cpu ( agf - > agf_levels [ XFS_BTNUM_BNO ] ) > XFS_BTREE_MAXLEVELS | |
2014-09-09 11:47:24 +10:00
be32_to_cpu ( agf - > agf_levels [ XFS_BTNUM_CNT ] ) > XFS_BTREE_MAXLEVELS )
2018-01-08 10:51:03 -08:00
return __this_address ;
2014-09-09 11:47:24 +10:00
2016-08-03 11:30:32 +10:00
if ( xfs_sb_version_hasrmapbt ( & mp - > m_sb ) & &
2016-12-05 12:32:50 +11:00
( be32_to_cpu ( agf - > agf_levels [ XFS_BTNUM_RMAP ] ) < 1 | |
be32_to_cpu ( agf - > agf_levels [ XFS_BTNUM_RMAP ] ) > XFS_BTREE_MAXLEVELS ) )
2018-01-08 10:51:03 -08:00
return __this_address ;
2016-08-03 11:30:32 +10:00
2012-11-14 17:44:56 +11:00
/*
* during growfs operations , the perag is not fully initialised ,
* so we can ' t use it for any useful checking . growfs ensures we can ' t
* use it by using uncached buffers that don ' t have the perag attached
* so we can detect and avoid this problem .
*/
2013-04-03 16:11:13 +11:00
if ( bp - > b_pag & & be32_to_cpu ( agf - > agf_seqno ) ! = bp - > b_pag - > pag_agno )
2018-01-08 10:51:03 -08:00
return __this_address ;
2012-11-14 17:44:56 +11:00
2013-04-03 16:11:13 +11:00
if ( xfs_sb_version_haslazysbcount ( & mp - > m_sb ) & &
be32_to_cpu ( agf - > agf_btreeblks ) > be32_to_cpu ( agf - > agf_length ) )
2018-01-08 10:51:03 -08:00
return __this_address ;
2013-04-03 16:11:13 +11:00
2016-10-03 09:11:16 -07:00
if ( xfs_sb_version_hasreflink ( & mp - > m_sb ) & &
2016-12-05 12:32:50 +11:00
( be32_to_cpu ( agf - > agf_refcount_level ) < 1 | |
be32_to_cpu ( agf - > agf_refcount_level ) > XFS_BTREE_MAXLEVELS ) )
2018-01-08 10:51:03 -08:00
return __this_address ;
2016-10-03 09:11:16 -07:00
2018-01-08 10:51:03 -08:00
return NULL ;
2012-11-14 17:44:56 +11:00
2012-11-14 17:52:32 +11:00
}
2012-11-14 17:54:40 +11:00
static void
xfs_agf_read_verify (
2012-11-14 17:52:32 +11:00
struct xfs_buf * bp )
{
2013-04-03 16:11:13 +11:00
struct xfs_mount * mp = bp - > b_target - > bt_mount ;
2018-01-08 10:51:03 -08:00
xfs_failaddr_t fa ;
2013-04-03 16:11:13 +11:00
2014-02-27 15:23:10 +11:00
if ( xfs_sb_version_hascrc ( & mp - > m_sb ) & &
! xfs_buf_verify_cksum ( bp , XFS_AGF_CRC_OFF ) )
2018-01-08 10:51:03 -08:00
xfs_verifier_error ( bp , - EFSBADCRC , __this_address ) ;
else {
2018-01-08 10:51:08 -08:00
fa = xfs_agf_verify ( bp ) ;
2018-01-08 10:51:03 -08:00
if ( XFS_TEST_ERROR ( fa , mp , XFS_ERRTAG_ALLOC_READ_AGF ) )
xfs_verifier_error ( bp , - EFSCORRUPTED , fa ) ;
}
2012-11-14 17:52:32 +11:00
}
2012-11-14 17:44:56 +11:00
2012-11-14 17:53:49 +11:00
static void
2012-11-14 17:54:40 +11:00
xfs_agf_write_verify (
2012-11-14 17:52:32 +11:00
struct xfs_buf * bp )
{
2018-01-24 13:38:48 -08:00
struct xfs_mount * mp = bp - > b_target - > bt_mount ;
struct xfs_buf_log_item * bip = bp - > b_log_item ;
2018-01-08 10:51:03 -08:00
xfs_failaddr_t fa ;
2013-04-03 16:11:13 +11:00
2018-01-08 10:51:08 -08:00
fa = xfs_agf_verify ( bp ) ;
2018-01-08 10:51:03 -08:00
if ( fa ) {
xfs_verifier_error ( bp , - EFSCORRUPTED , fa ) ;
2013-04-03 16:11:13 +11:00
return ;
}
if ( ! xfs_sb_version_hascrc ( & mp - > m_sb ) )
return ;
if ( bip )
XFS_BUF_TO_AGF ( bp ) - > agf_lsn = cpu_to_be64 ( bip - > bli_item . li_lsn ) ;
2014-02-27 15:18:23 +11:00
xfs_buf_update_cksum ( bp , XFS_AGF_CRC_OFF ) ;
2012-11-14 17:44:56 +11:00
}
2012-11-14 17:54:40 +11:00
const struct xfs_buf_ops xfs_agf_buf_ops = {
2016-01-04 16:10:19 +11:00
. name = " xfs_agf " ,
2012-11-14 17:54:40 +11:00
. verify_read = xfs_agf_read_verify ,
. verify_write = xfs_agf_write_verify ,
2018-01-08 10:51:08 -08:00
. verify_struct = xfs_agf_verify ,
2012-11-14 17:54:40 +11:00
} ;
2005-04-16 15:20:36 -07:00
/*
* Read in the allocation group header ( free / alloc section ) .
*/
int /* error */
2008-11-28 14:23:38 +11:00
xfs_read_agf (
struct xfs_mount * mp , /* mount point structure */
struct xfs_trans * tp , /* transaction pointer */
xfs_agnumber_t agno , /* allocation group number */
int flags , /* XFS_BUF_ */
struct xfs_buf * * bpp ) /* buffer for the ag freelist header */
2005-04-16 15:20:36 -07:00
{
int error ;
2013-11-01 15:27:19 +11:00
trace_xfs_read_agf ( mp , agno ) ;
2005-04-16 15:20:36 -07:00
ASSERT ( agno ! = NULLAGNUMBER ) ;
error = xfs_trans_read_buf (
mp , tp , mp - > m_ddev_targp ,
XFS_AG_DADDR ( mp , agno , XFS_AGF_DADDR ( mp ) ) ,
2012-11-14 17:54:40 +11:00
XFS_FSS_TO_BB ( mp , 1 ) , flags , bpp , & xfs_agf_buf_ops ) ;
2005-04-16 15:20:36 -07:00
if ( error )
return error ;
2008-11-28 14:23:38 +11:00
if ( ! * bpp )
2005-04-16 15:20:36 -07:00
return 0 ;
2008-11-28 14:23:38 +11:00
2011-07-22 23:39:51 +00:00
ASSERT ( ! ( * bpp ) - > b_error ) ;
2011-10-10 16:52:45 +00:00
xfs_buf_set_ref ( * bpp , XFS_AGF_REF ) ;
2008-11-28 14:23:38 +11:00
return 0 ;
}
/*
* Read in the allocation group header ( free / alloc section ) .
*/
int /* error */
xfs_alloc_read_agf (
struct xfs_mount * mp , /* mount point structure */
struct xfs_trans * tp , /* transaction pointer */
xfs_agnumber_t agno , /* allocation group number */
int flags , /* XFS_ALLOC_FLAG_... */
struct xfs_buf * * bpp ) /* buffer for the ag freelist header */
{
struct xfs_agf * agf ; /* ag freelist header */
struct xfs_perag * pag ; /* per allocation group data */
int error ;
2013-11-01 15:27:19 +11:00
trace_xfs_alloc_read_agf ( mp , agno ) ;
2008-11-28 14:23:38 +11:00
2013-11-01 15:27:19 +11:00
ASSERT ( agno ! = NULLAGNUMBER ) ;
2008-11-28 14:23:38 +11:00
error = xfs_read_agf ( mp , tp , agno ,
2010-01-19 09:56:44 +00:00
( flags & XFS_ALLOC_FLAG_TRYLOCK ) ? XBF_TRYLOCK : 0 ,
2008-11-28 14:23:38 +11:00
bpp ) ;
if ( error )
return error ;
if ( ! * bpp )
return 0 ;
2011-07-22 23:39:51 +00:00
ASSERT ( ! ( * bpp ) - > b_error ) ;
2008-11-28 14:23:38 +11:00
agf = XFS_BUF_TO_AGF ( * bpp ) ;
2010-01-11 11:47:41 +00:00
pag = xfs_perag_get ( mp , agno ) ;
2005-04-16 15:20:36 -07:00
if ( ! pag - > pagf_init ) {
2005-11-02 15:11:25 +11:00
pag - > pagf_freeblks = be32_to_cpu ( agf - > agf_freeblks ) ;
[XFS] Lazy Superblock Counters
When we have a couple of hundred transactions on the fly at once, they all
typically modify the on disk superblock in some way.
create/unclink/mkdir/rmdir modify inode counts, allocation/freeing modify
free block counts.
When these counts are modified in a transaction, they must eventually lock
the superblock buffer and apply the mods. The buffer then remains locked
until the transaction is committed into the incore log buffer. The result
of this is that with enough transactions on the fly the incore superblock
buffer becomes a bottleneck.
The result of contention on the incore superblock buffer is that
transaction rates fall - the more pressure that is put on the superblock
buffer, the slower things go.
The key to removing the contention is to not require the superblock fields
in question to be locked. We do that by not marking the superblock dirty
in the transaction. IOWs, we modify the incore superblock but do not
modify the cached superblock buffer. In short, we do not log superblock
modifications to critical fields in the superblock on every transaction.
In fact we only do it just before we write the superblock to disk every
sync period or just before unmount.
This creates an interesting problem - if we don't log or write out the
fields in every transaction, then how do the values get recovered after a
crash? the answer is simple - we keep enough duplicate, logged information
in other structures that we can reconstruct the correct count after log
recovery has been performed.
It is the AGF and AGI structures that contain the duplicate information;
after recovery, we walk every AGI and AGF and sum their individual
counters to get the correct value, and we do a transaction into the log to
correct them. An optimisation of this is that if we have a clean unmount
record, we know the value in the superblock is correct, so we can avoid
the summation walk under normal conditions and so mount/recovery times do
not change under normal operation.
One wrinkle that was discovered during development was that the blocks
used in the freespace btrees are never accounted for in the AGF counters.
This was once a valid optimisation to make; when the filesystem is full,
the free space btrees are empty and consume no space. Hence when it
matters, the "accounting" is correct. But that means the when we do the
AGF summations, we would not have a correct count and xfs_check would
complain. Hence a new counter was added to track the number of blocks used
by the free space btrees. This is an *on-disk format change*.
As a result of this, lazy superblock counters are a mkfs option and at the
moment on linux there is no way to convert an old filesystem. This is
possible - xfs_db can be used to twiddle the right bits and then
xfs_repair will do the format conversion for you. Similarly, you can
convert backwards as well. At some point we'll add functionality to
xfs_admin to do the bit twiddling easily....
SGI-PV: 964999
SGI-Modid: xfs-linux-melb:xfs-kern:28652a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
2007-05-24 15:26:31 +10:00
pag - > pagf_btreeblks = be32_to_cpu ( agf - > agf_btreeblks ) ;
2005-11-02 15:11:25 +11:00
pag - > pagf_flcount = be32_to_cpu ( agf - > agf_flcount ) ;
pag - > pagf_longest = be32_to_cpu ( agf - > agf_longest ) ;
2005-04-16 15:20:36 -07:00
pag - > pagf_levels [ XFS_BTNUM_BNOi ] =
2005-11-02 15:11:25 +11:00
be32_to_cpu ( agf - > agf_levels [ XFS_BTNUM_BNOi ] ) ;
2005-04-16 15:20:36 -07:00
pag - > pagf_levels [ XFS_BTNUM_CNTi ] =
2005-11-02 15:11:25 +11:00
be32_to_cpu ( agf - > agf_levels [ XFS_BTNUM_CNTi ] ) ;
2016-08-03 11:30:32 +10:00
pag - > pagf_levels [ XFS_BTNUM_RMAPi ] =
be32_to_cpu ( agf - > agf_levels [ XFS_BTNUM_RMAPi ] ) ;
2016-10-03 09:11:16 -07:00
pag - > pagf_refcount_level = be32_to_cpu ( agf - > agf_refcount_level ) ;
2005-04-16 15:20:36 -07:00
pag - > pagf_init = 1 ;
2018-03-15 10:51:58 -07:00
pag - > pagf_agflreset = xfs_agfl_needs_reset ( mp , agf ) ;
2005-04-16 15:20:36 -07:00
}
# ifdef DEBUG
else if ( ! XFS_FORCED_SHUTDOWN ( mp ) ) {
2005-11-02 15:11:25 +11:00
ASSERT ( pag - > pagf_freeblks = = be32_to_cpu ( agf - > agf_freeblks ) ) ;
2008-10-30 17:05:49 +11:00
ASSERT ( pag - > pagf_btreeblks = = be32_to_cpu ( agf - > agf_btreeblks ) ) ;
2005-11-02 15:11:25 +11:00
ASSERT ( pag - > pagf_flcount = = be32_to_cpu ( agf - > agf_flcount ) ) ;
ASSERT ( pag - > pagf_longest = = be32_to_cpu ( agf - > agf_longest ) ) ;
2005-04-16 15:20:36 -07:00
ASSERT ( pag - > pagf_levels [ XFS_BTNUM_BNOi ] = =
2005-11-02 15:11:25 +11:00
be32_to_cpu ( agf - > agf_levels [ XFS_BTNUM_BNOi ] ) ) ;
2005-04-16 15:20:36 -07:00
ASSERT ( pag - > pagf_levels [ XFS_BTNUM_CNTi ] = =
2005-11-02 15:11:25 +11:00
be32_to_cpu ( agf - > agf_levels [ XFS_BTNUM_CNTi ] ) ) ;
2005-04-16 15:20:36 -07:00
}
# endif
2010-01-11 11:47:41 +00:00
xfs_perag_put ( pag ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
}
/*
* Allocate an extent ( variable - size ) .
* Depending on the allocation type , we either look in a single allocation
* group or loop over the allocation groups to find the result .
*/
int /* error */
2012-10-05 11:06:59 +10:00
xfs_alloc_vextent (
2018-07-11 22:26:30 -07:00
struct xfs_alloc_arg * args ) /* allocation argument structure */
2005-04-16 15:20:36 -07:00
{
2018-07-11 22:26:30 -07:00
xfs_agblock_t agsize ; /* allocation group size */
int error ;
int flags ; /* XFS_ALLOC_FLAG_... locking flags */
struct xfs_mount * mp ; /* mount structure pointer */
xfs_agnumber_t sagno ; /* starting allocation group number */
xfs_alloctype_t type ; /* input allocation type */
int bump_rotor = 0 ;
xfs_agnumber_t rotorstep = xfs_rotorstep ; /* inode32 agf stepper */
2005-04-16 15:20:36 -07:00
mp = args - > mp ;
type = args - > otype = args - > type ;
args - > agbno = NULLAGBLOCK ;
/*
* Just fix this up , for the case where the last a . g . is shorter
* ( or there ' s only one a . g . ) and the caller couldn ' t easily figure
* that out ( xfs_bmap_alloc ) .
*/
agsize = mp - > m_sb . sb_agblocks ;
if ( args - > maxlen > agsize )
args - > maxlen = agsize ;
if ( args - > alignment = = 0 )
args - > alignment = 1 ;
ASSERT ( XFS_FSB_TO_AGNO ( mp , args - > fsbno ) < mp - > m_sb . sb_agcount ) ;
ASSERT ( XFS_FSB_TO_AGBNO ( mp , args - > fsbno ) < agsize ) ;
ASSERT ( args - > minlen < = args - > maxlen ) ;
ASSERT ( args - > minlen < = agsize ) ;
ASSERT ( args - > mod < args - > prod ) ;
if ( XFS_FSB_TO_AGNO ( mp , args - > fsbno ) > = mp - > m_sb . sb_agcount | |
XFS_FSB_TO_AGBNO ( mp , args - > fsbno ) > = agsize | |
args - > minlen > args - > maxlen | | args - > minlen > agsize | |
args - > mod > = args - > prod ) {
args - > fsbno = NULLFSBLOCK ;
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_vextent_badargs ( args ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
}
switch ( type ) {
case XFS_ALLOCTYPE_THIS_AG :
case XFS_ALLOCTYPE_NEAR_BNO :
case XFS_ALLOCTYPE_THIS_BNO :
/*
* These three force us into a single a . g .
*/
args - > agno = XFS_FSB_TO_AGNO ( mp , args - > fsbno ) ;
2010-01-11 11:47:41 +00:00
args - > pag = xfs_perag_get ( mp , args - > agno ) ;
2005-04-16 15:20:36 -07:00
error = xfs_alloc_fix_freelist ( args , 0 ) ;
if ( error ) {
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_vextent_nofix ( args ) ;
2005-04-16 15:20:36 -07:00
goto error0 ;
}
if ( ! args - > agbp ) {
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_vextent_noagbp ( args ) ;
2005-04-16 15:20:36 -07:00
break ;
}
args - > agbno = XFS_FSB_TO_AGBNO ( mp , args - > fsbno ) ;
if ( ( error = xfs_alloc_ag_vextent ( args ) ) )
goto error0 ;
break ;
case XFS_ALLOCTYPE_START_BNO :
/*
* Try near allocation first , then anywhere - in - ag after
* the first a . g . fails .
*/
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
if ( ( args - > datatype & XFS_ALLOC_INITIAL_USER_DATA ) & &
2005-04-16 15:20:36 -07:00
( mp - > m_flags & XFS_MOUNT_32BITINODES ) ) {
args - > fsbno = XFS_AGB_TO_FSB ( mp ,
( ( mp - > m_agfrotor / rotorstep ) %
mp - > m_sb . sb_agcount ) , 0 ) ;
bump_rotor = 1 ;
}
args - > agbno = XFS_FSB_TO_AGBNO ( mp , args - > fsbno ) ;
args - > type = XFS_ALLOCTYPE_NEAR_BNO ;
/* FALLTHROUGH */
case XFS_ALLOCTYPE_FIRST_AG :
/*
* Rotate through the allocation groups looking for a winner .
*/
2017-02-17 08:21:15 -08:00
if ( type = = XFS_ALLOCTYPE_FIRST_AG ) {
2005-04-16 15:20:36 -07:00
/*
* Start with allocation group given by bno .
*/
args - > agno = XFS_FSB_TO_AGNO ( mp , args - > fsbno ) ;
args - > type = XFS_ALLOCTYPE_THIS_AG ;
sagno = 0 ;
flags = 0 ;
} else {
/*
* Start with the given allocation group .
*/
args - > agno = sagno = XFS_FSB_TO_AGNO ( mp , args - > fsbno ) ;
flags = XFS_ALLOC_FLAG_TRYLOCK ;
}
/*
* Loop over allocation groups twice ; first time with
* trylock set , second time without .
*/
for ( ; ; ) {
2010-01-11 11:47:41 +00:00
args - > pag = xfs_perag_get ( mp , args - > agno ) ;
2005-04-16 15:20:36 -07:00
error = xfs_alloc_fix_freelist ( args , flags ) ;
if ( error ) {
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_vextent_nofix ( args ) ;
2005-04-16 15:20:36 -07:00
goto error0 ;
}
/*
* If we get a buffer back then the allocation will fly .
*/
if ( args - > agbp ) {
if ( ( error = xfs_alloc_ag_vextent ( args ) ) )
goto error0 ;
break ;
}
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_vextent_loopfailed ( args ) ;
2005-04-16 15:20:36 -07:00
/*
* Didn ' t work , figure out the next iteration .
*/
if ( args - > agno = = sagno & &
type = = XFS_ALLOCTYPE_START_BNO )
args - > type = XFS_ALLOCTYPE_THIS_AG ;
2006-06-09 14:55:18 +10:00
/*
* For the first allocation , we can try any AG to get
* space . However , if we already have allocated a
* block , we don ' t want to try AGs whose number is below
* sagno . Otherwise , we may end up with out - of - order
* locking of AGF , which might cause deadlock .
*/
if ( + + ( args - > agno ) = = mp - > m_sb . sb_agcount ) {
2018-07-11 22:26:30 -07:00
if ( args - > tp - > t_firstblock ! = NULLFSBLOCK )
2006-06-09 14:55:18 +10:00
args - > agno = sagno ;
else
args - > agno = 0 ;
}
2005-04-16 15:20:36 -07:00
/*
* Reached the starting a . g . , must either be done
* or switch to non - trylock mode .
*/
if ( args - > agno = = sagno ) {
2017-01-09 13:36:19 -08:00
if ( flags = = 0 ) {
2005-04-16 15:20:36 -07:00
args - > agbno = NULLAGBLOCK ;
2009-12-14 23:14:59 +00:00
trace_xfs_alloc_vextent_allfailed ( args ) ;
2005-04-16 15:20:36 -07:00
break ;
}
2017-01-09 13:36:19 -08:00
flags = 0 ;
if ( type = = XFS_ALLOCTYPE_START_BNO ) {
args - > agbno = XFS_FSB_TO_AGBNO ( mp ,
args - > fsbno ) ;
args - > type = XFS_ALLOCTYPE_NEAR_BNO ;
2005-04-16 15:20:36 -07:00
}
}
2010-01-11 11:47:41 +00:00
xfs_perag_put ( args - > pag ) ;
2005-04-16 15:20:36 -07:00
}
2017-02-17 08:21:15 -08:00
if ( bump_rotor ) {
2005-04-16 15:20:36 -07:00
if ( args - > agno = = sagno )
mp - > m_agfrotor = ( mp - > m_agfrotor + 1 ) %
( mp - > m_sb . sb_agcount * rotorstep ) ;
else
mp - > m_agfrotor = ( args - > agno * rotorstep + 1 ) %
( mp - > m_sb . sb_agcount * rotorstep ) ;
}
break ;
default :
ASSERT ( 0 ) ;
/* NOTREACHED */
}
if ( args - > agbno = = NULLAGBLOCK )
args - > fsbno = NULLFSBLOCK ;
else {
args - > fsbno = XFS_AGB_TO_FSB ( mp , args - > agno , args - > agbno ) ;
# ifdef DEBUG
ASSERT ( args - > len > = args - > minlen ) ;
ASSERT ( args - > len < = args - > maxlen ) ;
ASSERT ( args - > agbno % args - > alignment = = 0 ) ;
XFS_AG_CHECK_DADDR ( mp , XFS_FSB_TO_DADDR ( mp , args - > fsbno ) ,
args - > len ) ;
# endif
2015-11-03 12:27:22 +11:00
/* Zero the extent if we were asked to do so */
xfs: remote attribute blocks aren't really userdata
When adding a new remote attribute, we write the attribute to the
new extent before the allocation transaction is committed. This
means we cannot reuse busy extents as that violates crash
consistency semantics. Hence we currently treat remote attribute
extent allocation like userdata because it has the same overwrite
ordering constraints as userdata.
Unfortunately, this also allows the allocator to incorrectly apply
extent size hints to the remote attribute extent allocation. This
results in interesting failures, such as transaction block
reservation overruns and in-memory inode attribute fork corruption.
To fix this, we need to separate the busy extent reuse configuration
from the userdata configuration. This changes the definition of
XFS_BMAPI_METADATA slightly - it now means that allocation is
metadata and reuse of busy extents is acceptible due to the metadata
ordering semantics of the journal. If this flag is not set, it
means the allocation is that has unordered data writeback, and hence
busy extent reuse is not allowed. It no longer implies the
allocation is for user data, just that the data write will not be
strictly ordered. This matches the semantics for both user data
and remote attribute block allocation.
As such, This patch changes the "userdata" field to a "datatype"
field, and adds a "no busy reuse" flag to the field.
When we detect an unordered data extent allocation, we immediately set
the no reuse flag. We then set the "user data" flags based on the
inode fork we are allocating the extent to. Hence we only set
userdata flags on data fork allocations now and consider attribute
fork remote extents to be an unordered metadata extent.
The result is that remote attribute extents now have the expected
allocation semantics, and the data fork allocation behaviour is
completely unchanged.
It should be noted that there may be other ways to fix this (e.g.
use ordered metadata buffers for the remote attribute extent data
write) but they are more invasive and difficult to validate both
from a design and implementation POV. Hence this patch takes the
simple, obvious route to fixing the problem...
Reported-and-tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-26 08:21:28 +10:00
if ( args - > datatype & XFS_ALLOC_USERDATA_ZERO ) {
2015-11-03 12:27:22 +11:00
error = xfs_zero_extent ( args - > ip , args - > fsbno , args - > len ) ;
if ( error )
goto error0 ;
}
2005-04-16 15:20:36 -07:00
}
2010-01-11 11:47:41 +00:00
xfs_perag_put ( args - > pag ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
error0 :
2010-01-11 11:47:41 +00:00
xfs_perag_put ( args - > pag ) ;
2005-04-16 15:20:36 -07:00
return error ;
}
2016-06-21 11:53:28 +10:00
/* Ensure that the freelist is at full capacity. */
int
xfs_free_extent_fix_freelist (
struct xfs_trans * tp ,
xfs_agnumber_t agno ,
struct xfs_buf * * agbp )
2005-04-16 15:20:36 -07:00
{
2016-06-21 11:53:28 +10:00
struct xfs_alloc_arg args ;
int error ;
2005-04-16 15:20:36 -07:00
2016-06-21 11:53:28 +10:00
memset ( & args , 0 , sizeof ( struct xfs_alloc_arg ) ) ;
2005-04-16 15:20:36 -07:00
args . tp = tp ;
args . mp = tp - > t_mountp ;
2016-06-21 11:53:28 +10:00
args . agno = agno ;
2011-04-08 12:45:07 +10:00
/*
* validate that the block number is legal - the enables us to detect
* and handle a silent filesystem corruption rather than crashing .
*/
if ( args . agno > = args . mp - > m_sb . sb_agcount )
2014-06-25 14:58:08 +10:00
return - EFSCORRUPTED ;
2011-04-08 12:45:07 +10:00
2010-01-11 11:47:41 +00:00
args . pag = xfs_perag_get ( args . mp , args . agno ) ;
2011-04-08 12:45:07 +10:00
ASSERT ( args . pag ) ;
error = xfs_alloc_fix_freelist ( & args , XFS_ALLOC_FLAG_FREEING ) ;
if ( error )
2016-06-21 11:53:28 +10:00
goto out ;
* agbp = args . agbp ;
out :
xfs_perag_put ( args . pag ) ;
return error ;
}
/*
* Free an extent .
* Just break up the extent address and hand off to xfs_free_ag_extent
* after fixing up the freelist .
*/
int /* error */
2018-05-09 08:45:04 -07:00
__xfs_free_extent (
2016-06-21 11:53:28 +10:00
struct xfs_trans * tp , /* transaction pointer */
xfs_fsblock_t bno , /* starting block number of extent */
2016-08-03 11:33:42 +10:00
xfs_extlen_t len , /* length of extent */
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
struct xfs_owner_info * oinfo , /* extent owner */
2018-05-09 08:45:04 -07:00
enum xfs_ag_resv_type type , /* block reservation type */
bool skip_discard )
2016-06-21 11:53:28 +10:00
{
struct xfs_mount * mp = tp - > t_mountp ;
struct xfs_buf * agbp ;
xfs_agnumber_t agno = XFS_FSB_TO_AGNO ( mp , bno ) ;
xfs_agblock_t agbno = XFS_FSB_TO_AGBNO ( mp , bno ) ;
int error ;
2018-05-09 08:45:04 -07:00
unsigned int busy_flags = 0 ;
2016-06-21 11:53:28 +10:00
ASSERT ( len ! = 0 ) ;
2018-03-09 14:02:32 -08:00
ASSERT ( type ! = XFS_AG_RESV_AGFL ) ;
2016-06-21 11:53:28 +10:00
2016-08-03 11:26:33 +10:00
if ( XFS_TEST_ERROR ( false , mp ,
2017-06-20 17:54:47 -07:00
XFS_ERRTAG_FREE_EXTENT ) )
2016-08-03 11:26:33 +10:00
return - EIO ;
2016-06-21 11:53:28 +10:00
error = xfs_free_extent_fix_freelist ( tp , agno , & agbp ) ;
if ( error )
return error ;
XFS_WANT_CORRUPTED_GOTO ( mp , agbno < mp - > m_sb . sb_agblocks , err ) ;
2011-04-08 12:45:07 +10:00
/* validate the extent size is legal now we have the agf locked */
2016-06-21 11:53:28 +10:00
XFS_WANT_CORRUPTED_GOTO ( mp ,
agbno + len < = be32_to_cpu ( XFS_BUF_TO_AGF ( agbp ) - > agf_length ) ,
err ) ;
2011-04-08 12:45:07 +10:00
xfs: set up per-AG free space reservations
One unfortunate quirk of the reference count and reverse mapping
btrees -- they can expand in size when blocks are written to *other*
allocation groups if, say, one large extent becomes a lot of tiny
extents. Since we don't want to start throwing errors in the middle
of CoWing, we need to reserve some blocks to handle future expansion.
The transaction block reservation counters aren't sufficient here
because we have to have a reserve of blocks in every AG, not just
somewhere in the filesystem.
Therefore, create two per-AG block reservation pools. One feeds the
AGFL so that rmapbt expansion always succeeds, and the other feeds all
other metadata so that refcountbt expansion never fails.
Use the count of how many reserved blocks we need to have on hand to
create a virtual reservation in the AG. Through selective clamping of
the maximum length of allocation requests and of the length of the
longest free extent, we can make it look like there's less free space
in the AG unless the reservation owner is asking for blocks.
In other words, play some accounting tricks in-core to make sure that
we always have blocks available. On the plus side, there's nothing to
clean up if we crash, which is contrast to the strategy that the rough
draft used (actually removing extents from the freespace btrees).
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-09-19 10:30:52 +10:00
error = xfs_free_ag_extent ( tp , agbp , agno , agbno , len , oinfo , type ) ;
2016-06-21 11:53:28 +10:00
if ( error )
goto err ;
2018-05-09 08:45:04 -07:00
if ( skip_discard )
busy_flags | = XFS_EXTENT_BUSY_SKIP_DISCARD ;
xfs_extent_busy_insert ( tp , agno , agbno , len , busy_flags ) ;
2016-06-21 11:53:28 +10:00
return 0 ;
err :
xfs_trans_brelse ( tp , agbp ) ;
2005-04-16 15:20:36 -07:00
return error ;
}
2017-03-28 14:56:35 -07:00
struct xfs_alloc_query_range_info {
xfs_alloc_query_range_fn fn ;
void * priv ;
} ;
/* Format btree record and pass to our callback. */
STATIC int
xfs_alloc_query_range_helper (
struct xfs_btree_cur * cur ,
union xfs_btree_rec * rec ,
void * priv )
{
struct xfs_alloc_query_range_info * query = priv ;
struct xfs_alloc_rec_incore irec ;
irec . ar_startblock = be32_to_cpu ( rec - > alloc . ar_startblock ) ;
irec . ar_blockcount = be32_to_cpu ( rec - > alloc . ar_blockcount ) ;
return query - > fn ( cur , & irec , query - > priv ) ;
}
/* Find all free space within a given range of blocks. */
int
xfs_alloc_query_range (
struct xfs_btree_cur * cur ,
struct xfs_alloc_rec_incore * low_rec ,
struct xfs_alloc_rec_incore * high_rec ,
xfs_alloc_query_range_fn fn ,
void * priv )
{
union xfs_btree_irec low_brec ;
union xfs_btree_irec high_brec ;
struct xfs_alloc_query_range_info query ;
ASSERT ( cur - > bc_btnum = = XFS_BTNUM_BNO ) ;
low_brec . a = * low_rec ;
high_brec . a = * high_rec ;
query . priv = priv ;
query . fn = fn ;
return xfs_btree_query_range ( cur , & low_brec , & high_brec ,
xfs_alloc_query_range_helper , & query ) ;
}
2017-03-28 14:56:35 -07:00
/* Find all free space records. */
int
xfs_alloc_query_all (
struct xfs_btree_cur * cur ,
xfs_alloc_query_range_fn fn ,
void * priv )
{
struct xfs_alloc_query_range_info query ;
ASSERT ( cur - > bc_btnum = = XFS_BTNUM_BNO ) ;
query . priv = priv ;
query . fn = fn ;
return xfs_btree_query_all ( cur , xfs_alloc_query_range_helper , & query ) ;
}
2017-10-17 21:37:32 -07:00
2018-01-16 18:52:12 -08:00
/* Is there a record covering a given extent? */
int
xfs_alloc_has_record (
struct xfs_btree_cur * cur ,
xfs_agblock_t bno ,
xfs_extlen_t len ,
bool * exists )
{
union xfs_btree_irec low ;
union xfs_btree_irec high ;
memset ( & low , 0 , sizeof ( low ) ) ;
low . a . ar_startblock = bno ;
memset ( & high , 0xFF , sizeof ( high ) ) ;
high . a . ar_startblock = bno + len - 1 ;
return xfs_btree_has_record ( cur , & low , & high , exists ) ;
}
2018-05-14 06:34:34 -07:00
/*
* Walk all the blocks in the AGFL . The @ walk_fn can return any negative
* error code or XFS_BTREE_QUERY_RANGE_ABORT .
*/
int
xfs_agfl_walk (
struct xfs_mount * mp ,
struct xfs_agf * agf ,
struct xfs_buf * agflbp ,
xfs_agfl_walk_fn walk_fn ,
void * priv )
{
__be32 * agfl_bno ;
unsigned int i ;
int error ;
agfl_bno = XFS_BUF_TO_AGFL_BNO ( mp , agflbp ) ;
i = be32_to_cpu ( agf - > agf_flfirst ) ;
/* Nothing to walk in an empty AGFL. */
if ( agf - > agf_flcount = = cpu_to_be32 ( 0 ) )
return 0 ;
/* Otherwise, walk from first to last, wrapping as needed. */
for ( ; ; ) {
error = walk_fn ( mp , be32_to_cpu ( agfl_bno [ i ] ) , priv ) ;
if ( error )
return error ;
if ( i = = be32_to_cpu ( agf - > agf_fllast ) )
break ;
if ( + + i = = xfs_agfl_size ( mp ) )
i = 0 ;
}
return 0 ;
}