167ce4cbfa
xfs will not allow combining other panic masks with
XFS_PTAG_VERIFIER_ERROR.
# sysctl fs.xfs.panic_mask=511
sysctl: setting key "fs.xfs.panic_mask": Invalid argument
fs.xfs.panic_mask = 511
Update to the maximum value that can be set to allow the full range of
masks. Do this using a mask of possible values to prevent this happening
again as suggested by Darrick.
Fixes: d519da41e2
("xfs: Introduce XFS_PTAG_VERIFIER_ERROR panic mask")
Signed-off-by: Donald Douwsma <ddouwsma@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
544 lines
21 KiB
ReStructuredText
544 lines
21 KiB
ReStructuredText
.. SPDX-License-Identifier: GPL-2.0
|
|
|
|
======================
|
|
The SGI XFS Filesystem
|
|
======================
|
|
|
|
XFS is a high performance journaling filesystem which originated
|
|
on the SGI IRIX platform. It is completely multi-threaded, can
|
|
support large files and large filesystems, extended attributes,
|
|
variable block sizes, is extent based, and makes extensive use of
|
|
Btrees (directories, extents, free space) to aid both performance
|
|
and scalability.
|
|
|
|
Refer to the documentation at https://xfs.wiki.kernel.org/
|
|
for further details. This implementation is on-disk compatible
|
|
with the IRIX version of XFS.
|
|
|
|
|
|
Mount Options
|
|
=============
|
|
|
|
When mounting an XFS filesystem, the following options are accepted.
|
|
|
|
allocsize=size
|
|
Sets the buffered I/O end-of-file preallocation size when
|
|
doing delayed allocation writeout (default size is 64KiB).
|
|
Valid values for this option are page size (typically 4KiB)
|
|
through to 1GiB, inclusive, in power-of-2 increments.
|
|
|
|
The default behaviour is for dynamic end-of-file
|
|
preallocation size, which uses a set of heuristics to
|
|
optimise the preallocation size based on the current
|
|
allocation patterns within the file and the access patterns
|
|
to the file. Specifying a fixed ``allocsize`` value turns off
|
|
the dynamic behaviour.
|
|
|
|
attr2 or noattr2
|
|
The options enable/disable an "opportunistic" improvement to
|
|
be made in the way inline extended attributes are stored
|
|
on-disk. When the new form is used for the first time when
|
|
``attr2`` is selected (either when setting or removing extended
|
|
attributes) the on-disk superblock feature bit field will be
|
|
updated to reflect this format being in use.
|
|
|
|
The default behaviour is determined by the on-disk feature
|
|
bit indicating that ``attr2`` behaviour is active. If either
|
|
mount option is set, then that becomes the new default used
|
|
by the filesystem.
|
|
|
|
CRC enabled filesystems always use the ``attr2`` format, and so
|
|
will reject the ``noattr2`` mount option if it is set.
|
|
|
|
discard or nodiscard (default)
|
|
Enable/disable the issuing of commands to let the block
|
|
device reclaim space freed by the filesystem. This is
|
|
useful for SSD devices, thinly provisioned LUNs and virtual
|
|
machine images, but may have a performance impact.
|
|
|
|
Note: It is currently recommended that you use the ``fstrim``
|
|
application to ``discard`` unused blocks rather than the ``discard``
|
|
mount option because the performance impact of this option
|
|
is quite severe.
|
|
|
|
grpid/bsdgroups or nogrpid/sysvgroups (default)
|
|
These options define what group ID a newly created file
|
|
gets. When ``grpid`` is set, it takes the group ID of the
|
|
directory in which it is created; otherwise it takes the
|
|
``fsgid`` of the current process, unless the directory has the
|
|
``setgid`` bit set, in which case it takes the ``gid`` from the
|
|
parent directory, and also gets the ``setgid`` bit set if it is
|
|
a directory itself.
|
|
|
|
filestreams
|
|
Make the data allocator use the filestreams allocation mode
|
|
across the entire filesystem rather than just on directories
|
|
configured to use it.
|
|
|
|
ikeep or noikeep (default)
|
|
When ``ikeep`` is specified, XFS does not delete empty inode
|
|
clusters and keeps them around on disk. When ``noikeep`` is
|
|
specified, empty inode clusters are returned to the free
|
|
space pool.
|
|
|
|
inode32 or inode64 (default)
|
|
When ``inode32`` is specified, it indicates that XFS limits
|
|
inode creation to locations which will not result in inode
|
|
numbers with more than 32 bits of significance.
|
|
|
|
When ``inode64`` is specified, it indicates that XFS is allowed
|
|
to create inodes at any location in the filesystem,
|
|
including those which will result in inode numbers occupying
|
|
more than 32 bits of significance.
|
|
|
|
``inode32`` is provided for backwards compatibility with older
|
|
systems and applications, since 64 bits inode numbers might
|
|
cause problems for some applications that cannot handle
|
|
large inode numbers. If applications are in use which do
|
|
not handle inode numbers bigger than 32 bits, the ``inode32``
|
|
option should be specified.
|
|
|
|
largeio or nolargeio (default)
|
|
If ``nolargeio`` is specified, the optimal I/O reported in
|
|
``st_blksize`` by **stat(2)** will be as small as possible to allow
|
|
user applications to avoid inefficient read/modify/write
|
|
I/O. This is typically the page size of the machine, as
|
|
this is the granularity of the page cache.
|
|
|
|
If ``largeio`` is specified, a filesystem that was created with a
|
|
``swidth`` specified will return the ``swidth`` value (in bytes)
|
|
in ``st_blksize``. If the filesystem does not have a ``swidth``
|
|
specified but does specify an ``allocsize`` then ``allocsize``
|
|
(in bytes) will be returned instead. Otherwise the behaviour
|
|
is the same as if ``nolargeio`` was specified.
|
|
|
|
logbufs=value
|
|
Set the number of in-memory log buffers. Valid numbers
|
|
range from 2-8 inclusive.
|
|
|
|
The default value is 8 buffers.
|
|
|
|
If the memory cost of 8 log buffers is too high on small
|
|
systems, then it may be reduced at some cost to performance
|
|
on metadata intensive workloads. The ``logbsize`` option below
|
|
controls the size of each buffer and so is also relevant to
|
|
this case.
|
|
|
|
logbsize=value
|
|
Set the size of each in-memory log buffer. The size may be
|
|
specified in bytes, or in kilobytes with a "k" suffix.
|
|
Valid sizes for version 1 and version 2 logs are 16384 (16k)
|
|
and 32768 (32k). Valid sizes for version 2 logs also
|
|
include 65536 (64k), 131072 (128k) and 262144 (256k). The
|
|
logbsize must be an integer multiple of the log
|
|
stripe unit configured at **mkfs(8)** time.
|
|
|
|
The default value for version 1 logs is 32768, while the
|
|
default value for version 2 logs is MAX(32768, log_sunit).
|
|
|
|
logdev=device and rtdev=device
|
|
Use an external log (metadata journal) and/or real-time device.
|
|
An XFS filesystem has up to three parts: a data section, a log
|
|
section, and a real-time section. The real-time section is
|
|
optional, and the log section can be separate from the data
|
|
section or contained within it.
|
|
|
|
noalign
|
|
Data allocations will not be aligned at stripe unit
|
|
boundaries. This is only relevant to filesystems created
|
|
with non-zero data alignment parameters (``sunit``, ``swidth``) by
|
|
**mkfs(8)**.
|
|
|
|
norecovery
|
|
The filesystem will be mounted without running log recovery.
|
|
If the filesystem was not cleanly unmounted, it is likely to
|
|
be inconsistent when mounted in ``norecovery`` mode.
|
|
Some files or directories may not be accessible because of this.
|
|
Filesystems mounted ``norecovery`` must be mounted read-only or
|
|
the mount will fail.
|
|
|
|
nouuid
|
|
Don't check for double mounted file systems using the file
|
|
system ``uuid``. This is useful to mount LVM snapshot volumes,
|
|
and often used in combination with ``norecovery`` for mounting
|
|
read-only snapshots.
|
|
|
|
noquota
|
|
Forcibly turns off all quota accounting and enforcement
|
|
within the filesystem.
|
|
|
|
uquota/usrquota/uqnoenforce/quota
|
|
User disk quota accounting enabled, and limits (optionally)
|
|
enforced. Refer to **xfs_quota(8)** for further details.
|
|
|
|
gquota/grpquota/gqnoenforce
|
|
Group disk quota accounting enabled and limits (optionally)
|
|
enforced. Refer to **xfs_quota(8)** for further details.
|
|
|
|
pquota/prjquota/pqnoenforce
|
|
Project disk quota accounting enabled and limits (optionally)
|
|
enforced. Refer to **xfs_quota(8)** for further details.
|
|
|
|
sunit=value and swidth=value
|
|
Used to specify the stripe unit and width for a RAID device
|
|
or a stripe volume. "value" must be specified in 512-byte
|
|
block units. These options are only relevant to filesystems
|
|
that were created with non-zero data alignment parameters.
|
|
|
|
The ``sunit`` and ``swidth`` parameters specified must be compatible
|
|
with the existing filesystem alignment characteristics. In
|
|
general, that means the only valid changes to ``sunit`` are
|
|
increasing it by a power-of-2 multiple. Valid ``swidth`` values
|
|
are any integer multiple of a valid ``sunit`` value.
|
|
|
|
Typically the only time these mount options are necessary if
|
|
after an underlying RAID device has had it's geometry
|
|
modified, such as adding a new disk to a RAID5 lun and
|
|
reshaping it.
|
|
|
|
swalloc
|
|
Data allocations will be rounded up to stripe width boundaries
|
|
when the current end of file is being extended and the file
|
|
size is larger than the stripe width size.
|
|
|
|
wsync
|
|
When specified, all filesystem namespace operations are
|
|
executed synchronously. This ensures that when the namespace
|
|
operation (create, unlink, etc) completes, the change to the
|
|
namespace is on stable storage. This is useful in HA setups
|
|
where failover must not result in clients seeing
|
|
inconsistent namespace presentation during or after a
|
|
failover event.
|
|
|
|
Deprecation of V4 Format
|
|
========================
|
|
|
|
The V4 filesystem format lacks certain features that are supported by
|
|
the V5 format, such as metadata checksumming, strengthened metadata
|
|
verification, and the ability to store timestamps past the year 2038.
|
|
Because of this, the V4 format is deprecated. All users should upgrade
|
|
by backing up their files, reformatting, and restoring from the backup.
|
|
|
|
Administrators and users can detect a V4 filesystem by running xfs_info
|
|
against a filesystem mountpoint and checking for a string containing
|
|
"crc=". If no such string is found, please upgrade xfsprogs to the
|
|
latest version and try again.
|
|
|
|
The deprecation will take place in two parts. Support for mounting V4
|
|
filesystems can now be disabled at kernel build time via Kconfig option.
|
|
The option will default to yes until September 2025, at which time it
|
|
will be changed to default to no. In September 2030, support will be
|
|
removed from the codebase entirely.
|
|
|
|
Note: Distributors may choose to withdraw V4 format support earlier than
|
|
the dates listed above.
|
|
|
|
Deprecated Mount Options
|
|
========================
|
|
|
|
=========================== ================
|
|
Name Removal Schedule
|
|
=========================== ================
|
|
Mounting with V4 filesystem September 2030
|
|
ikeep/noikeep September 2025
|
|
attr2/noattr2 September 2025
|
|
=========================== ================
|
|
|
|
|
|
Removed Mount Options
|
|
=====================
|
|
|
|
=========================== =======
|
|
Name Removed
|
|
=========================== =======
|
|
delaylog/nodelaylog v4.0
|
|
ihashsize v4.0
|
|
irixsgid v4.0
|
|
osyncisdsync/osyncisosync v4.0
|
|
barrier v4.19
|
|
nobarrier v4.19
|
|
=========================== =======
|
|
|
|
sysctls
|
|
=======
|
|
|
|
The following sysctls are available for the XFS filesystem:
|
|
|
|
fs.xfs.stats_clear (Min: 0 Default: 0 Max: 1)
|
|
Setting this to "1" clears accumulated XFS statistics
|
|
in /proc/fs/xfs/stat. It then immediately resets to "0".
|
|
|
|
fs.xfs.xfssyncd_centisecs (Min: 100 Default: 3000 Max: 720000)
|
|
The interval at which the filesystem flushes metadata
|
|
out to disk and runs internal cache cleanup routines.
|
|
|
|
fs.xfs.filestream_centisecs (Min: 1 Default: 3000 Max: 360000)
|
|
The interval at which the filesystem ages filestreams cache
|
|
references and returns timed-out AGs back to the free stream
|
|
pool.
|
|
|
|
fs.xfs.speculative_prealloc_lifetime
|
|
(Units: seconds Min: 1 Default: 300 Max: 86400)
|
|
The interval at which the background scanning for inodes
|
|
with unused speculative preallocation runs. The scan
|
|
removes unused preallocation from clean inodes and releases
|
|
the unused space back to the free pool.
|
|
|
|
fs.xfs.speculative_cow_prealloc_lifetime
|
|
This is an alias for speculative_prealloc_lifetime.
|
|
|
|
fs.xfs.error_level (Min: 0 Default: 3 Max: 11)
|
|
A volume knob for error reporting when internal errors occur.
|
|
This will generate detailed messages & backtraces for filesystem
|
|
shutdowns, for example. Current threshold values are:
|
|
|
|
XFS_ERRLEVEL_OFF: 0
|
|
XFS_ERRLEVEL_LOW: 1
|
|
XFS_ERRLEVEL_HIGH: 5
|
|
|
|
fs.xfs.panic_mask (Min: 0 Default: 0 Max: 511)
|
|
Causes certain error conditions to call BUG(). Value is a bitmask;
|
|
OR together the tags which represent errors which should cause panics:
|
|
|
|
XFS_NO_PTAG 0
|
|
XFS_PTAG_IFLUSH 0x00000001
|
|
XFS_PTAG_LOGRES 0x00000002
|
|
XFS_PTAG_AILDELETE 0x00000004
|
|
XFS_PTAG_ERROR_REPORT 0x00000008
|
|
XFS_PTAG_SHUTDOWN_CORRUPT 0x00000010
|
|
XFS_PTAG_SHUTDOWN_IOERROR 0x00000020
|
|
XFS_PTAG_SHUTDOWN_LOGERROR 0x00000040
|
|
XFS_PTAG_FSBLOCK_ZERO 0x00000080
|
|
XFS_PTAG_VERIFIER_ERROR 0x00000100
|
|
|
|
This option is intended for debugging only.
|
|
|
|
fs.xfs.irix_symlink_mode (Min: 0 Default: 0 Max: 1)
|
|
Controls whether symlinks are created with mode 0777 (default)
|
|
or whether their mode is affected by the umask (irix mode).
|
|
|
|
fs.xfs.irix_sgid_inherit (Min: 0 Default: 0 Max: 1)
|
|
Controls files created in SGID directories.
|
|
If the group ID of the new file does not match the effective group
|
|
ID or one of the supplementary group IDs of the parent dir, the
|
|
ISGID bit is cleared if the irix_sgid_inherit compatibility sysctl
|
|
is set.
|
|
|
|
fs.xfs.inherit_sync (Min: 0 Default: 1 Max: 1)
|
|
Setting this to "1" will cause the "sync" flag set
|
|
by the **xfs_io(8)** chattr command on a directory to be
|
|
inherited by files in that directory.
|
|
|
|
fs.xfs.inherit_nodump (Min: 0 Default: 1 Max: 1)
|
|
Setting this to "1" will cause the "nodump" flag set
|
|
by the **xfs_io(8)** chattr command on a directory to be
|
|
inherited by files in that directory.
|
|
|
|
fs.xfs.inherit_noatime (Min: 0 Default: 1 Max: 1)
|
|
Setting this to "1" will cause the "noatime" flag set
|
|
by the **xfs_io(8)** chattr command on a directory to be
|
|
inherited by files in that directory.
|
|
|
|
fs.xfs.inherit_nosymlinks (Min: 0 Default: 1 Max: 1)
|
|
Setting this to "1" will cause the "nosymlinks" flag set
|
|
by the **xfs_io(8)** chattr command on a directory to be
|
|
inherited by files in that directory.
|
|
|
|
fs.xfs.inherit_nodefrag (Min: 0 Default: 1 Max: 1)
|
|
Setting this to "1" will cause the "nodefrag" flag set
|
|
by the **xfs_io(8)** chattr command on a directory to be
|
|
inherited by files in that directory.
|
|
|
|
fs.xfs.rotorstep (Min: 1 Default: 1 Max: 256)
|
|
In "inode32" allocation mode, this option determines how many
|
|
files the allocator attempts to allocate in the same allocation
|
|
group before moving to the next allocation group. The intent
|
|
is to control the rate at which the allocator moves between
|
|
allocation groups when allocating extents for new files.
|
|
|
|
Deprecated Sysctls
|
|
==================
|
|
|
|
=========================================== ================
|
|
Name Removal Schedule
|
|
=========================================== ================
|
|
fs.xfs.irix_sgid_inherit September 2025
|
|
fs.xfs.irix_symlink_mode September 2025
|
|
fs.xfs.speculative_cow_prealloc_lifetime September 2025
|
|
=========================================== ================
|
|
|
|
|
|
Removed Sysctls
|
|
===============
|
|
|
|
============================= =======
|
|
Name Removed
|
|
============================= =======
|
|
fs.xfs.xfsbufd_centisec v4.0
|
|
fs.xfs.age_buffer_centisecs v4.0
|
|
============================= =======
|
|
|
|
Error handling
|
|
==============
|
|
|
|
XFS can act differently according to the type of error found during its
|
|
operation. The implementation introduces the following concepts to the error
|
|
handler:
|
|
|
|
-failure speed:
|
|
Defines how fast XFS should propagate an error upwards when a specific
|
|
error is found during the filesystem operation. It can propagate
|
|
immediately, after a defined number of retries, after a set time period,
|
|
or simply retry forever.
|
|
|
|
-error classes:
|
|
Specifies the subsystem the error configuration will apply to, such as
|
|
metadata IO or memory allocation. Different subsystems will have
|
|
different error handlers for which behaviour can be configured.
|
|
|
|
-error handlers:
|
|
Defines the behavior for a specific error.
|
|
|
|
The filesystem behavior during an error can be set via ``sysfs`` files. Each
|
|
error handler works independently - the first condition met by an error handler
|
|
for a specific class will cause the error to be propagated rather than reset and
|
|
retried.
|
|
|
|
The action taken by the filesystem when the error is propagated is context
|
|
dependent - it may cause a shut down in the case of an unrecoverable error,
|
|
it may be reported back to userspace, or it may even be ignored because
|
|
there's nothing useful we can with the error or anyone we can report it to (e.g.
|
|
during unmount).
|
|
|
|
The configuration files are organized into the following hierarchy for each
|
|
mounted filesystem:
|
|
|
|
/sys/fs/xfs/<dev>/error/<class>/<error>/
|
|
|
|
Where:
|
|
<dev>
|
|
The short device name of the mounted filesystem. This is the same device
|
|
name that shows up in XFS kernel error messages as "XFS(<dev>): ..."
|
|
|
|
<class>
|
|
The subsystem the error configuration belongs to. As of 4.9, the defined
|
|
classes are:
|
|
|
|
- "metadata": applies metadata buffer write IO
|
|
|
|
<error>
|
|
The individual error handler configurations.
|
|
|
|
|
|
Each filesystem has "global" error configuration options defined in their top
|
|
level directory:
|
|
|
|
/sys/fs/xfs/<dev>/error/
|
|
|
|
fail_at_unmount (Min: 0 Default: 1 Max: 1)
|
|
Defines the filesystem error behavior at unmount time.
|
|
|
|
If set to a value of 1, XFS will override all other error configurations
|
|
during unmount and replace them with "immediate fail" characteristics.
|
|
i.e. no retries, no retry timeout. This will always allow unmount to
|
|
succeed when there are persistent errors present.
|
|
|
|
If set to 0, the configured retry behaviour will continue until all
|
|
retries and/or timeouts have been exhausted. This will delay unmount
|
|
completion when there are persistent errors, and it may prevent the
|
|
filesystem from ever unmounting fully in the case of "retry forever"
|
|
handler configurations.
|
|
|
|
Note: there is no guarantee that fail_at_unmount can be set while an
|
|
unmount is in progress. It is possible that the ``sysfs`` entries are
|
|
removed by the unmounting filesystem before a "retry forever" error
|
|
handler configuration causes unmount to hang, and hence the filesystem
|
|
must be configured appropriately before unmount begins to prevent
|
|
unmount hangs.
|
|
|
|
Each filesystem has specific error class handlers that define the error
|
|
propagation behaviour for specific errors. There is also a "default" error
|
|
handler defined, which defines the behaviour for all errors that don't have
|
|
specific handlers defined. Where multiple retry constraints are configured for
|
|
a single error, the first retry configuration that expires will cause the error
|
|
to be propagated. The handler configurations are found in the directory:
|
|
|
|
/sys/fs/xfs/<dev>/error/<class>/<error>/
|
|
|
|
max_retries (Min: -1 Default: Varies Max: INTMAX)
|
|
Defines the allowed number of retries of a specific error before
|
|
the filesystem will propagate the error. The retry count for a given
|
|
error context (e.g. a specific metadata buffer) is reset every time
|
|
there is a successful completion of the operation.
|
|
|
|
Setting the value to "-1" will cause XFS to retry forever for this
|
|
specific error.
|
|
|
|
Setting the value to "0" will cause XFS to fail immediately when the
|
|
specific error is reported.
|
|
|
|
Setting the value to "N" (where 0 < N < Max) will make XFS retry the
|
|
operation "N" times before propagating the error.
|
|
|
|
retry_timeout_seconds (Min: -1 Default: Varies Max: 1 day)
|
|
Define the amount of time (in seconds) that the filesystem is
|
|
allowed to retry its operations when the specific error is
|
|
found.
|
|
|
|
Setting the value to "-1" will allow XFS to retry forever for this
|
|
specific error.
|
|
|
|
Setting the value to "0" will cause XFS to fail immediately when the
|
|
specific error is reported.
|
|
|
|
Setting the value to "N" (where 0 < N < Max) will allow XFS to retry the
|
|
operation for up to "N" seconds before propagating the error.
|
|
|
|
**Note:** The default behaviour for a specific error handler is dependent on both
|
|
the class and error context. For example, the default values for
|
|
"metadata/ENODEV" are "0" rather than "-1" so that this error handler defaults
|
|
to "fail immediately" behaviour. This is done because ENODEV is a fatal,
|
|
unrecoverable error no matter how many times the metadata IO is retried.
|
|
|
|
Workqueue Concurrency
|
|
=====================
|
|
|
|
XFS uses kernel workqueues to parallelize metadata update processes. This
|
|
enables it to take advantage of storage hardware that can service many IO
|
|
operations simultaneously. This interface exposes internal implementation
|
|
details of XFS, and as such is explicitly not part of any userspace API/ABI
|
|
guarantee the kernel may give userspace. These are undocumented features of
|
|
the generic workqueue implementation XFS uses for concurrency, and they are
|
|
provided here purely for diagnostic and tuning purposes and may change at any
|
|
time in the future.
|
|
|
|
The control knobs for a filesystem's workqueues are organized by task at hand
|
|
and the short name of the data device. They all can be found in:
|
|
|
|
/sys/bus/workqueue/devices/${task}!${device}
|
|
|
|
================ ===========
|
|
Task Description
|
|
================ ===========
|
|
xfs_iwalk-$pid Inode scans of the entire filesystem. Currently limited to
|
|
mount time quotacheck.
|
|
xfs-gc Background garbage collection of disk space that have been
|
|
speculatively allocated beyond EOF or for staging copy on
|
|
write operations.
|
|
================ ===========
|
|
|
|
For example, the knobs for the quotacheck workqueue for /dev/nvme0n1 would be
|
|
found in /sys/bus/workqueue/devices/xfs_iwalk-1111!nvme0n1/.
|
|
|
|
The interesting knobs for XFS workqueues are as follows:
|
|
|
|
============ ===========
|
|
Knob Description
|
|
============ ===========
|
|
max_active Maximum number of background threads that can be started to
|
|
run the work.
|
|
cpumask CPUs upon which the threads are allowed to run.
|
|
nice Relative priority of scheduling the threads. These are the
|
|
same nice levels that can be applied to userspace processes.
|
|
============ ===========
|