2005-04-16 16:20:36 -06:00
|
|
|
/*
|
2006-06-08 22:48:12 -06:00
|
|
|
* Copyright (c) 2000-2006 Silicon Graphics, Inc.
|
2005-11-01 20:58:39 -07:00
|
|
|
* All Rights Reserved.
|
2005-04-16 16:20:36 -06:00
|
|
|
*
|
2005-11-01 20:58:39 -07:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License as
|
2005-04-16 16:20:36 -06:00
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*
|
2005-11-01 20:58:39 -07:00
|
|
|
* This program is distributed in the hope that it would be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2005-04-16 16:20:36 -06:00
|
|
|
*
|
2005-11-01 20:58:39 -07:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write the Free Software Foundation,
|
|
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
|
|
|
#include "xfs.h"
|
|
|
|
#include "xfs_fs.h"
|
2013-10-22 17:36:05 -06:00
|
|
|
#include "xfs_shared.h"
|
2013-10-22 17:50:10 -06:00
|
|
|
#include "xfs_format.h"
|
|
|
|
#include "xfs_log_format.h"
|
|
|
|
#include "xfs_trans_resv.h"
|
2005-04-16 16:20:36 -06:00
|
|
|
#include "xfs_mount.h"
|
|
|
|
#include "xfs_inode.h"
|
2005-11-01 20:38:42 -07:00
|
|
|
#include "xfs_btree.h"
|
2013-10-22 17:51:50 -06:00
|
|
|
#include "xfs_bmap_btree.h"
|
2005-04-16 16:20:36 -06:00
|
|
|
#include "xfs_bmap.h"
|
2013-08-12 04:49:42 -06:00
|
|
|
#include "xfs_bmap_util.h"
|
2005-04-16 16:20:36 -06:00
|
|
|
#include "xfs_error.h"
|
2013-10-22 17:51:50 -06:00
|
|
|
#include "xfs_trans.h"
|
2005-04-16 16:20:36 -06:00
|
|
|
#include "xfs_trans_space.h"
|
|
|
|
#include "xfs_iomap.h"
|
2009-12-14 16:14:59 -07:00
|
|
|
#include "xfs_trace.h"
|
2012-11-06 07:50:38 -07:00
|
|
|
#include "xfs_icache.h"
|
2013-10-22 17:51:50 -06:00
|
|
|
#include "xfs_quota.h"
|
2013-03-18 08:51:47 -06:00
|
|
|
#include "xfs_dquot_item.h"
|
|
|
|
#include "xfs_dquot.h"
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
|
|
|
#define XFS_WRITEIO_ALIGN(mp,off) (((off) >> mp->m_writeio_log) \
|
|
|
|
<< mp->m_writeio_log)
|
|
|
|
#define XFS_WRITE_IMAPS XFS_BMAP_MAX_NMAP
|
|
|
|
|
2006-01-10 21:28:28 -07:00
|
|
|
STATIC int
|
|
|
|
xfs_iomap_eof_align_last_fsb(
|
|
|
|
xfs_mount_t *mp,
|
2007-10-11 01:34:33 -06:00
|
|
|
xfs_inode_t *ip,
|
2006-01-10 21:28:28 -07:00
|
|
|
xfs_extlen_t extsize,
|
|
|
|
xfs_fileoff_t *last_fsb)
|
|
|
|
{
|
2011-12-18 13:00:05 -07:00
|
|
|
xfs_extlen_t align = 0;
|
2006-01-10 21:28:28 -07:00
|
|
|
int eof, error;
|
|
|
|
|
2011-12-18 13:00:05 -07:00
|
|
|
if (!XFS_IS_REALTIME_INODE(ip)) {
|
|
|
|
/*
|
|
|
|
* Round up the allocation request to a stripe unit
|
|
|
|
* (m_dalign) boundary if the file size is >= stripe unit
|
|
|
|
* size, and we are allocating past the allocation eof.
|
|
|
|
*
|
|
|
|
* If mounted with the "-o swalloc" option the alignment is
|
|
|
|
* increased from the strip unit size to the stripe width.
|
|
|
|
*/
|
|
|
|
if (mp->m_swidth && (mp->m_flags & XFS_MOUNT_SWALLOC))
|
|
|
|
align = mp->m_swidth;
|
|
|
|
else if (mp->m_dalign)
|
|
|
|
align = mp->m_dalign;
|
|
|
|
|
2014-12-03 15:30:51 -07:00
|
|
|
if (align && XFS_ISIZE(ip) < XFS_FSB_TO_B(mp, align))
|
|
|
|
align = 0;
|
2011-12-18 13:00:05 -07:00
|
|
|
}
|
2006-01-10 21:28:28 -07:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Always round up the allocation request to an extent boundary
|
|
|
|
* (when file on a real-time subvolume or has di_extsize hint).
|
|
|
|
*/
|
|
|
|
if (extsize) {
|
2014-12-03 15:30:51 -07:00
|
|
|
if (align)
|
|
|
|
align = roundup_64(align, extsize);
|
2006-01-10 21:28:28 -07:00
|
|
|
else
|
|
|
|
align = extsize;
|
|
|
|
}
|
|
|
|
|
2014-12-03 15:30:51 -07:00
|
|
|
if (align) {
|
|
|
|
xfs_fileoff_t new_last_fsb = roundup_64(*last_fsb, align);
|
2007-10-11 01:34:33 -06:00
|
|
|
error = xfs_bmap_eof(ip, new_last_fsb, XFS_DATA_FORK, &eof);
|
2006-01-10 21:28:28 -07:00
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
if (eof)
|
|
|
|
*last_fsb = new_last_fsb;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-09-27 19:03:20 -06:00
|
|
|
STATIC int
|
2011-03-06 16:06:35 -07:00
|
|
|
xfs_alert_fsblock_zero(
|
2006-09-27 19:03:20 -06:00
|
|
|
xfs_inode_t *ip,
|
|
|
|
xfs_bmbt_irec_t *imap)
|
|
|
|
{
|
2011-03-06 16:02:35 -07:00
|
|
|
xfs_alert_tag(ip->i_mount, XFS_PTAG_FSBLOCK_ZERO,
|
2006-09-27 19:03:20 -06:00
|
|
|
"Access to block zero in inode %llu "
|
|
|
|
"start_block: %llx start_off: %llx "
|
2013-10-11 19:59:05 -06:00
|
|
|
"blkcnt: %llx extent-state: %x",
|
2006-09-27 19:03:20 -06:00
|
|
|
(unsigned long long)ip->i_ino,
|
|
|
|
(unsigned long long)imap->br_startblock,
|
|
|
|
(unsigned long long)imap->br_startoff,
|
|
|
|
(unsigned long long)imap->br_blockcount,
|
|
|
|
imap->br_state);
|
2014-06-24 22:58:08 -06:00
|
|
|
return -EFSCORRUPTED;
|
2006-09-27 19:03:20 -06:00
|
|
|
}
|
|
|
|
|
2010-12-10 01:42:20 -07:00
|
|
|
int
|
2005-04-16 16:20:36 -06:00
|
|
|
xfs_iomap_write_direct(
|
|
|
|
xfs_inode_t *ip,
|
2005-05-05 14:33:40 -06:00
|
|
|
xfs_off_t offset,
|
2005-04-16 16:20:36 -06:00
|
|
|
size_t count,
|
2010-06-23 19:42:19 -06:00
|
|
|
xfs_bmbt_irec_t *imap,
|
2010-12-10 01:42:19 -07:00
|
|
|
int nmaps)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
xfs_mount_t *mp = ip->i_mount;
|
|
|
|
xfs_fileoff_t offset_fsb;
|
|
|
|
xfs_fileoff_t last_fsb;
|
2006-01-10 21:28:28 -07:00
|
|
|
xfs_filblks_t count_fsb, resaligned;
|
2005-04-16 16:20:36 -06:00
|
|
|
xfs_fsblock_t firstfsb;
|
2006-01-10 21:28:28 -07:00
|
|
|
xfs_extlen_t extsz, temp;
|
2005-11-01 21:00:01 -07:00
|
|
|
int nimaps;
|
2005-06-20 23:48:47 -06:00
|
|
|
int quota_flag;
|
2005-04-16 16:20:36 -06:00
|
|
|
int rt;
|
|
|
|
xfs_trans_t *tp;
|
|
|
|
xfs_bmap_free_t free_list;
|
2006-01-10 21:28:28 -07:00
|
|
|
uint qblocks, resblks, resrtextents;
|
|
|
|
int error;
|
2015-10-11 22:34:20 -06:00
|
|
|
int lockmode;
|
xfs: Don't use unwritten extents for DAX
DAX has a page fault serialisation problem with block allocation.
Because it allows concurrent page faults and does not have a page
lock to serialise faults to the same page, it can get two concurrent
faults to the page that race.
When two read faults race, this isn't a huge problem as the data
underlying the page is not changing and so "detect and drop" works
just fine. The issues are to do with write faults.
When two write faults occur, we serialise block allocation in
get_blocks() so only one faul will allocate the extent. It will,
however, be marked as an unwritten extent, and that is where the
problem lies - the DAX fault code cannot differentiate between a
block that was just allocated and a block that was preallocated and
needs zeroing. The result is that both write faults end up zeroing
the block and attempting to convert it back to written.
The problem is that the first fault can zero and convert before the
second fault starts zeroing, resulting in the zeroing for the second
fault overwriting the data that the first fault wrote with zeros.
The second fault then attempts to convert the unwritten extent,
which is then a no-op because it's already written. Data loss occurs
as a result of this race.
Because there is no sane locking construct in the page fault code
that we can use for serialisation across the page faults, we need to
ensure block allocation and zeroing occurs atomically in the
filesystem. This means we can still take concurrent page faults and
the only time they will serialise is in the filesystem
mapping/allocation callback. The page fault code will always see
written, initialised extents, so we will be able to remove the
unwritten extent handling from the DAX code when all filesystems are
converted.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-11-02 18:37:00 -07:00
|
|
|
int bmapi_flags = XFS_BMAPI_PREALLOC;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2006-01-10 21:28:28 -07:00
|
|
|
rt = XFS_IS_REALTIME_INODE(ip);
|
2007-06-18 00:50:37 -06:00
|
|
|
extsz = xfs_get_extsz_hint(ip);
|
2015-10-11 22:34:20 -06:00
|
|
|
lockmode = XFS_ILOCK_SHARED; /* locked by caller */
|
|
|
|
|
|
|
|
ASSERT(xfs_isilocked(ip, lockmode));
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2007-06-18 00:50:37 -06:00
|
|
|
offset_fsb = XFS_B_TO_FSBT(mp, offset);
|
|
|
|
last_fsb = XFS_B_TO_FSB(mp, ((xfs_ufsize_t)(offset + count)));
|
2011-12-18 13:00:11 -07:00
|
|
|
if ((offset + count) > XFS_ISIZE(ip)) {
|
2015-10-11 22:34:20 -06:00
|
|
|
/*
|
|
|
|
* Assert that the in-core extent list is present since this can
|
|
|
|
* call xfs_iread_extents() and we only have the ilock shared.
|
|
|
|
* This should be safe because the lock was held around a bmapi
|
|
|
|
* call in the caller and we only need it to access the in-core
|
|
|
|
* list.
|
|
|
|
*/
|
|
|
|
ASSERT(XFS_IFORK_PTR(ip, XFS_DATA_FORK)->if_flags &
|
|
|
|
XFS_IFEXTENTS);
|
2008-12-21 23:56:49 -07:00
|
|
|
error = xfs_iomap_eof_align_last_fsb(mp, ip, extsz, &last_fsb);
|
2006-01-10 21:28:28 -07:00
|
|
|
if (error)
|
2015-10-11 22:34:20 -06:00
|
|
|
goto out_unlock;
|
2005-04-16 16:20:36 -06:00
|
|
|
} else {
|
2010-12-10 01:42:19 -07:00
|
|
|
if (nmaps && (imap->br_startblock == HOLESTARTBLOCK))
|
2006-01-10 21:28:28 -07:00
|
|
|
last_fsb = MIN(last_fsb, (xfs_fileoff_t)
|
2010-06-23 19:42:19 -06:00
|
|
|
imap->br_blockcount +
|
|
|
|
imap->br_startoff);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2006-01-10 21:28:28 -07:00
|
|
|
count_fsb = last_fsb - offset_fsb;
|
|
|
|
ASSERT(count_fsb > 0);
|
|
|
|
|
|
|
|
resaligned = count_fsb;
|
|
|
|
if (unlikely(extsz)) {
|
|
|
|
if ((temp = do_mod(offset_fsb, extsz)))
|
|
|
|
resaligned += temp;
|
|
|
|
if ((temp = do_mod(resaligned, extsz)))
|
|
|
|
resaligned += extsz - temp;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (unlikely(rt)) {
|
|
|
|
resrtextents = qblocks = resaligned;
|
|
|
|
resrtextents /= mp->m_sb.sb_rextsize;
|
2007-06-18 00:50:27 -06:00
|
|
|
resblks = XFS_DIOSTRAT_SPACE_RES(mp, 0);
|
|
|
|
quota_flag = XFS_QMOPT_RES_RTBLKS;
|
|
|
|
} else {
|
|
|
|
resrtextents = 0;
|
2006-01-10 21:28:28 -07:00
|
|
|
resblks = qblocks = XFS_DIOSTRAT_SPACE_RES(mp, resaligned);
|
2007-06-18 00:50:27 -06:00
|
|
|
quota_flag = XFS_QMOPT_RES_REGBLKS;
|
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-10-11 22:34:20 -06:00
|
|
|
/*
|
|
|
|
* Drop the shared lock acquired by the caller, attach the dquot if
|
|
|
|
* necessary and move on to transaction setup.
|
|
|
|
*/
|
|
|
|
xfs_iunlock(ip, lockmode);
|
|
|
|
error = xfs_qm_dqattach(ip, 0);
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
/*
|
2005-06-20 23:48:47 -06:00
|
|
|
* Allocate and setup the transaction
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
|
|
|
tp = xfs_trans_alloc(mp, XFS_TRANS_DIOSTRAT);
|
xfs: Don't use unwritten extents for DAX
DAX has a page fault serialisation problem with block allocation.
Because it allows concurrent page faults and does not have a page
lock to serialise faults to the same page, it can get two concurrent
faults to the page that race.
When two read faults race, this isn't a huge problem as the data
underlying the page is not changing and so "detect and drop" works
just fine. The issues are to do with write faults.
When two write faults occur, we serialise block allocation in
get_blocks() so only one faul will allocate the extent. It will,
however, be marked as an unwritten extent, and that is where the
problem lies - the DAX fault code cannot differentiate between a
block that was just allocated and a block that was preallocated and
needs zeroing. The result is that both write faults end up zeroing
the block and attempting to convert it back to written.
The problem is that the first fault can zero and convert before the
second fault starts zeroing, resulting in the zeroing for the second
fault overwriting the data that the first fault wrote with zeros.
The second fault then attempts to convert the unwritten extent,
which is then a no-op because it's already written. Data loss occurs
as a result of this race.
Because there is no sane locking construct in the page fault code
that we can use for serialisation across the page faults, we need to
ensure block allocation and zeroing occurs atomically in the
filesystem. This means we can still take concurrent page faults and
the only time they will serialise is in the filesystem
mapping/allocation callback. The page fault code will always see
written, initialised extents, so we will be able to remove the
unwritten extent handling from the DAX code when all filesystems are
converted.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-11-02 18:37:00 -07:00
|
|
|
|
|
|
|
/*
|
|
|
|
* For DAX, we do not allocate unwritten extents, but instead we zero
|
|
|
|
* the block before we commit the transaction. Ideally we'd like to do
|
|
|
|
* this outside the transaction context, but if we commit and then crash
|
|
|
|
* we may not have zeroed the blocks and this will be exposed on
|
|
|
|
* recovery of the allocation. Hence we must zero before commit.
|
2016-01-03 22:22:45 -07:00
|
|
|
*
|
xfs: Don't use unwritten extents for DAX
DAX has a page fault serialisation problem with block allocation.
Because it allows concurrent page faults and does not have a page
lock to serialise faults to the same page, it can get two concurrent
faults to the page that race.
When two read faults race, this isn't a huge problem as the data
underlying the page is not changing and so "detect and drop" works
just fine. The issues are to do with write faults.
When two write faults occur, we serialise block allocation in
get_blocks() so only one faul will allocate the extent. It will,
however, be marked as an unwritten extent, and that is where the
problem lies - the DAX fault code cannot differentiate between a
block that was just allocated and a block that was preallocated and
needs zeroing. The result is that both write faults end up zeroing
the block and attempting to convert it back to written.
The problem is that the first fault can zero and convert before the
second fault starts zeroing, resulting in the zeroing for the second
fault overwriting the data that the first fault wrote with zeros.
The second fault then attempts to convert the unwritten extent,
which is then a no-op because it's already written. Data loss occurs
as a result of this race.
Because there is no sane locking construct in the page fault code
that we can use for serialisation across the page faults, we need to
ensure block allocation and zeroing occurs atomically in the
filesystem. This means we can still take concurrent page faults and
the only time they will serialise is in the filesystem
mapping/allocation callback. The page fault code will always see
written, initialised extents, so we will be able to remove the
unwritten extent handling from the DAX code when all filesystems are
converted.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-11-02 18:37:00 -07:00
|
|
|
* Further, if we are mapping unwritten extents here, we need to zero
|
|
|
|
* and convert them to written so that we don't need an unwritten extent
|
|
|
|
* callback for DAX. This also means that we need to be able to dip into
|
2016-01-03 22:22:45 -07:00
|
|
|
* the reserve block pool for bmbt block allocation if there is no space
|
|
|
|
* left but we need to do unwritten extent conversion.
|
xfs: Don't use unwritten extents for DAX
DAX has a page fault serialisation problem with block allocation.
Because it allows concurrent page faults and does not have a page
lock to serialise faults to the same page, it can get two concurrent
faults to the page that race.
When two read faults race, this isn't a huge problem as the data
underlying the page is not changing and so "detect and drop" works
just fine. The issues are to do with write faults.
When two write faults occur, we serialise block allocation in
get_blocks() so only one faul will allocate the extent. It will,
however, be marked as an unwritten extent, and that is where the
problem lies - the DAX fault code cannot differentiate between a
block that was just allocated and a block that was preallocated and
needs zeroing. The result is that both write faults end up zeroing
the block and attempting to convert it back to written.
The problem is that the first fault can zero and convert before the
second fault starts zeroing, resulting in the zeroing for the second
fault overwriting the data that the first fault wrote with zeros.
The second fault then attempts to convert the unwritten extent,
which is then a no-op because it's already written. Data loss occurs
as a result of this race.
Because there is no sane locking construct in the page fault code
that we can use for serialisation across the page faults, we need to
ensure block allocation and zeroing occurs atomically in the
filesystem. This means we can still take concurrent page faults and
the only time they will serialise is in the filesystem
mapping/allocation callback. The page fault code will always see
written, initialised extents, so we will be able to remove the
unwritten extent handling from the DAX code when all filesystems are
converted.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-11-02 18:37:00 -07:00
|
|
|
*/
|
2016-01-03 22:22:45 -07:00
|
|
|
|
xfs: Don't use unwritten extents for DAX
DAX has a page fault serialisation problem with block allocation.
Because it allows concurrent page faults and does not have a page
lock to serialise faults to the same page, it can get two concurrent
faults to the page that race.
When two read faults race, this isn't a huge problem as the data
underlying the page is not changing and so "detect and drop" works
just fine. The issues are to do with write faults.
When two write faults occur, we serialise block allocation in
get_blocks() so only one faul will allocate the extent. It will,
however, be marked as an unwritten extent, and that is where the
problem lies - the DAX fault code cannot differentiate between a
block that was just allocated and a block that was preallocated and
needs zeroing. The result is that both write faults end up zeroing
the block and attempting to convert it back to written.
The problem is that the first fault can zero and convert before the
second fault starts zeroing, resulting in the zeroing for the second
fault overwriting the data that the first fault wrote with zeros.
The second fault then attempts to convert the unwritten extent,
which is then a no-op because it's already written. Data loss occurs
as a result of this race.
Because there is no sane locking construct in the page fault code
that we can use for serialisation across the page faults, we need to
ensure block allocation and zeroing occurs atomically in the
filesystem. This means we can still take concurrent page faults and
the only time they will serialise is in the filesystem
mapping/allocation callback. The page fault code will always see
written, initialised extents, so we will be able to remove the
unwritten extent handling from the DAX code when all filesystems are
converted.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-11-02 18:37:00 -07:00
|
|
|
if (IS_DAX(VFS_I(ip))) {
|
|
|
|
bmapi_flags = XFS_BMAPI_CONVERT | XFS_BMAPI_ZERO;
|
2016-01-03 22:22:45 -07:00
|
|
|
if (ISUNWRITTEN(imap)) {
|
|
|
|
tp->t_flags |= XFS_TRANS_RESERVE;
|
|
|
|
resblks = XFS_DIOSTRAT_SPACE_RES(mp, 0) << 1;
|
|
|
|
}
|
xfs: Don't use unwritten extents for DAX
DAX has a page fault serialisation problem with block allocation.
Because it allows concurrent page faults and does not have a page
lock to serialise faults to the same page, it can get two concurrent
faults to the page that race.
When two read faults race, this isn't a huge problem as the data
underlying the page is not changing and so "detect and drop" works
just fine. The issues are to do with write faults.
When two write faults occur, we serialise block allocation in
get_blocks() so only one faul will allocate the extent. It will,
however, be marked as an unwritten extent, and that is where the
problem lies - the DAX fault code cannot differentiate between a
block that was just allocated and a block that was preallocated and
needs zeroing. The result is that both write faults end up zeroing
the block and attempting to convert it back to written.
The problem is that the first fault can zero and convert before the
second fault starts zeroing, resulting in the zeroing for the second
fault overwriting the data that the first fault wrote with zeros.
The second fault then attempts to convert the unwritten extent,
which is then a no-op because it's already written. Data loss occurs
as a result of this race.
Because there is no sane locking construct in the page fault code
that we can use for serialisation across the page faults, we need to
ensure block allocation and zeroing occurs atomically in the
filesystem. This means we can still take concurrent page faults and
the only time they will serialise is in the filesystem
mapping/allocation callback. The page fault code will always see
written, initialised extents, so we will be able to remove the
unwritten extent handling from the DAX code when all filesystems are
converted.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-11-02 18:37:00 -07:00
|
|
|
}
|
2013-08-12 04:49:59 -06:00
|
|
|
error = xfs_trans_reserve(tp, &M_RES(mp)->tr_write,
|
|
|
|
resblks, resrtextents);
|
2005-04-16 16:20:36 -06:00
|
|
|
/*
|
2005-06-20 23:48:47 -06:00
|
|
|
* Check for running out of space, note: need lock to return
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
2012-03-27 08:34:50 -06:00
|
|
|
if (error) {
|
2015-06-03 21:47:56 -06:00
|
|
|
xfs_trans_cancel(tp);
|
2014-06-21 23:04:54 -06:00
|
|
|
return error;
|
2012-03-27 08:34:50 -06:00
|
|
|
}
|
|
|
|
|
2015-10-11 22:34:20 -06:00
|
|
|
lockmode = XFS_ILOCK_EXCL;
|
|
|
|
xfs_ilock(ip, lockmode);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-06-08 07:33:32 -06:00
|
|
|
error = xfs_trans_reserve_quota_nblks(tp, ip, qblocks, 0, quota_flag);
|
2006-01-10 21:28:28 -07:00
|
|
|
if (error)
|
2012-03-27 08:34:50 -06:00
|
|
|
goto out_trans_cancel;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2011-09-19 09:00:54 -06:00
|
|
|
xfs_trans_ijoin(tp, ip, 0);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
/*
|
2010-06-23 19:42:19 -06:00
|
|
|
* From this point onwards we overwrite the imap pointer that the
|
|
|
|
* caller gave to us.
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
2009-01-14 22:22:07 -07:00
|
|
|
xfs_bmap_init(&free_list, &firstfsb);
|
2005-06-20 23:48:47 -06:00
|
|
|
nimaps = 1;
|
2014-02-09 16:27:43 -07:00
|
|
|
error = xfs_bmapi_write(tp, ip, offset_fsb, count_fsb,
|
2015-11-02 19:28:41 -07:00
|
|
|
bmapi_flags, &firstfsb, resblks, imap,
|
xfs: pass total block res. as total xfs_bmapi_write() parameter
The total field from struct xfs_alloc_arg is a bit of an unknown
commodity. It is documented as the total block requirement for the
transaction and is used in this manner from most call sites by virtue of
passing the total block reservation of the transaction associated with
an allocation. Several xfs_bmapi_write() callers pass hardcoded values
of 0 or 1 for the total block requirement, which is a historical oddity
without any clear reasoning.
The xfs_iomap_write_direct() caller, for example, passes 0 for the total
block requirement. This has been determined to cause problems in the
form of ABBA deadlocks of AGF buffers due to incorrect AG selection in
the block allocator. Specifically, the xfs_alloc_space_available()
function incorrectly selects an AG that doesn't actually have sufficient
space for the allocation. This occurs because the args.total field is 0
and thus the remaining free space check on the AG doesn't actually
consider the size of the allocation request. This locks the AGF buffer,
the allocation attempt proceeds and ultimately fails (in
xfs_alloc_fix_minleft()), and xfs_alloc_vexent() moves on to the next
AG. In turn, this can lead to incorrect AG locking order (if the
allocator wraps around, attempting to lock AG 0 after acquiring AG N)
and thus deadlock if racing with another operation. This problem has
been reproduced via generic/299 on smallish (1GB) ramdisk test devices.
To avoid this problem, replace the undocumented hardcoded total
parameters from the iomap and utility callers to pass the block
reservation used for the associated transaction. This is consistent with
other xfs_bmapi_write() callers throughout XFS. The assumption is that
the total field allows the selection of an AG that can handle the entire
operation rather than simply the allocation/range being requested (e.g.,
resulting btree splits, etc.). This addresses the aforementioned
generic/299 hang by ensuring AG selection only occurs when the
allocation can be satisfied by the AG.
Reported-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-10-11 23:04:13 -06:00
|
|
|
&nimaps, &free_list);
|
2005-06-20 23:48:47 -06:00
|
|
|
if (error)
|
2012-03-27 08:34:50 -06:00
|
|
|
goto out_bmap_cancel;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
/*
|
2005-06-20 23:48:47 -06:00
|
|
|
* Complete the transaction
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
xfs: eliminate committed arg from xfs_bmap_finish
Calls to xfs_bmap_finish() and xfs_trans_ijoin(), and the
associated comments were replicated several times across
the attribute code, all dealing with what to do if the
transaction was or wasn't committed.
And in that replicated code, an ASSERT() test of an
uninitialized variable occurs in several locations:
error = xfs_attr_thing(&args);
if (!error) {
error = xfs_bmap_finish(&args.trans, args.flist,
&committed);
}
if (error) {
ASSERT(committed);
If the first xfs_attr_thing() failed, we'd skip the xfs_bmap_finish,
never set "committed", and then test it in the ASSERT.
Fix this up by moving the committed state internal to xfs_bmap_finish,
and add a new inode argument. If an inode is passed in, it is passed
through to __xfs_trans_roll() and joined to the transaction there if
the transaction was committed.
xfs_qm_dqalloc() was a little unique in that it called bjoin rather
than ijoin, but as Dave points out we can detect the committed state
but checking whether (*tpp != tp).
Addresses-Coverity-Id: 102360
Addresses-Coverity-Id: 102361
Addresses-Coverity-Id: 102363
Addresses-Coverity-Id: 102364
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-01-10 17:34:01 -07:00
|
|
|
error = xfs_bmap_finish(&tp, &free_list, NULL);
|
2005-06-20 23:48:47 -06:00
|
|
|
if (error)
|
2012-03-27 08:34:50 -06:00
|
|
|
goto out_bmap_cancel;
|
xfs: Don't use unwritten extents for DAX
DAX has a page fault serialisation problem with block allocation.
Because it allows concurrent page faults and does not have a page
lock to serialise faults to the same page, it can get two concurrent
faults to the page that race.
When two read faults race, this isn't a huge problem as the data
underlying the page is not changing and so "detect and drop" works
just fine. The issues are to do with write faults.
When two write faults occur, we serialise block allocation in
get_blocks() so only one faul will allocate the extent. It will,
however, be marked as an unwritten extent, and that is where the
problem lies - the DAX fault code cannot differentiate between a
block that was just allocated and a block that was preallocated and
needs zeroing. The result is that both write faults end up zeroing
the block and attempting to convert it back to written.
The problem is that the first fault can zero and convert before the
second fault starts zeroing, resulting in the zeroing for the second
fault overwriting the data that the first fault wrote with zeros.
The second fault then attempts to convert the unwritten extent,
which is then a no-op because it's already written. Data loss occurs
as a result of this race.
Because there is no sane locking construct in the page fault code
that we can use for serialisation across the page faults, we need to
ensure block allocation and zeroing occurs atomically in the
filesystem. This means we can still take concurrent page faults and
the only time they will serialise is in the filesystem
mapping/allocation callback. The page fault code will always see
written, initialised extents, so we will be able to remove the
unwritten extent handling from the DAX code when all filesystems are
converted.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-11-02 18:37:00 -07:00
|
|
|
|
2015-06-03 21:48:08 -06:00
|
|
|
error = xfs_trans_commit(tp);
|
2005-06-20 23:48:47 -06:00
|
|
|
if (error)
|
2012-03-27 08:34:50 -06:00
|
|
|
goto out_unlock;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2005-06-20 23:48:47 -06:00
|
|
|
/*
|
|
|
|
* Copy any maps to caller's array and return any error.
|
|
|
|
*/
|
2005-04-16 16:20:36 -06:00
|
|
|
if (nimaps == 0) {
|
2014-06-24 22:58:08 -06:00
|
|
|
error = -ENOSPC;
|
2012-03-27 08:34:50 -06:00
|
|
|
goto out_unlock;
|
2006-09-27 19:03:20 -06:00
|
|
|
}
|
|
|
|
|
2012-03-27 08:34:50 -06:00
|
|
|
if (!(imap->br_startblock || XFS_IS_REALTIME_INODE(ip)))
|
2011-03-06 16:06:35 -07:00
|
|
|
error = xfs_alert_fsblock_zero(ip, imap);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2012-03-27 08:34:50 -06:00
|
|
|
out_unlock:
|
2015-10-11 22:34:20 -06:00
|
|
|
xfs_iunlock(ip, lockmode);
|
2012-03-27 08:34:50 -06:00
|
|
|
return error;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2012-03-27 08:34:50 -06:00
|
|
|
out_bmap_cancel:
|
2005-04-16 16:20:36 -06:00
|
|
|
xfs_bmap_cancel(&free_list);
|
2012-05-08 04:48:53 -06:00
|
|
|
xfs_trans_unreserve_quota_nblks(tp, ip, (long)qblocks, 0, quota_flag);
|
2012-03-27 08:34:50 -06:00
|
|
|
out_trans_cancel:
|
2015-06-03 21:47:56 -06:00
|
|
|
xfs_trans_cancel(tp);
|
2012-03-27 08:34:50 -06:00
|
|
|
goto out_unlock;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
2006-01-10 21:28:28 -07:00
|
|
|
/*
|
2009-04-06 10:49:12 -06:00
|
|
|
* If the caller is doing a write at the end of the file, then extend the
|
|
|
|
* allocation out to the file system's write iosize. We clean up any extra
|
|
|
|
* space left over when the file is closed in xfs_inactive().
|
2011-01-03 17:35:03 -07:00
|
|
|
*
|
|
|
|
* If we find we already have delalloc preallocation beyond EOF, don't do more
|
|
|
|
* preallocation as it it not needed.
|
2006-01-10 21:28:28 -07:00
|
|
|
*/
|
|
|
|
STATIC int
|
|
|
|
xfs_iomap_eof_want_preallocate(
|
|
|
|
xfs_mount_t *mp,
|
2007-10-11 01:34:33 -06:00
|
|
|
xfs_inode_t *ip,
|
2006-01-10 21:28:28 -07:00
|
|
|
xfs_off_t offset,
|
|
|
|
size_t count,
|
|
|
|
xfs_bmbt_irec_t *imap,
|
|
|
|
int nimaps,
|
|
|
|
int *prealloc)
|
|
|
|
{
|
|
|
|
xfs_fileoff_t start_fsb;
|
|
|
|
xfs_filblks_t count_fsb;
|
|
|
|
int n, error, imaps;
|
2011-01-03 17:35:03 -07:00
|
|
|
int found_delalloc = 0;
|
2006-01-10 21:28:28 -07:00
|
|
|
|
|
|
|
*prealloc = 0;
|
2011-12-18 13:00:11 -07:00
|
|
|
if (offset + count <= XFS_ISIZE(ip))
|
2006-01-10 21:28:28 -07:00
|
|
|
return 0;
|
|
|
|
|
xfs: don't use speculative prealloc for small files
Dedicated small file workloads have been seeing significant free
space fragmentation causing premature inode allocation failure
when large inode sizes are in use. A particular test case showed
that a workload that runs to a real ENOSPC on 256 byte inodes would
fail inode allocation with ENOSPC about about 80% full with 512 byte
inodes, and at about 50% full with 1024 byte inodes.
The same workload, when run with -o allocsize=4096 on 1024 byte
inodes would run to being 100% full before giving ENOSPC. That is,
no freespace fragmentation at all.
The issue was caused by the specific IO pattern the application had
- the framework it was using did not support direct IO, and so it
was emulating it by using fadvise(DONT_NEED). The result was that
the data was getting written back before the speculative prealloc
had been trimmed from memory by the close(), and so small single
block files were being allocated with 2 blocks, and then having one
truncated away. The result was lots of small 4k free space extents,
and hence each new 8k allocation would take another 8k from
contiguous free space and turn it into 4k of allocated space and 4k
of free space.
Hence inode allocation, which requires contiguous, aligned
allocation of 16k (256 byte inodes), 32k (512 byte inodes) or 64k
(1024 byte inodes) can fail to find sufficiently large freespace and
hence fail while there is still lots of free space available.
There's a simple fix for this, and one that has precendence in the
allocator code already - don't do speculative allocation unless the
size of the file is larger than a certain size. In this case, that
size is the minimum default preallocation size:
mp->m_writeio_blocks. And to keep with the concept of being nice to
people when the files are still relatively small, cap the prealloc
to mp->m_writeio_blocks until the file goes over a stripe unit is
size, at which point we'll fall back to the current behaviour based
on the last extent size.
This will effectively turn off speculative prealloc for very small
files, keep preallocation low for small files, and behave as it
currently does for any file larger than a stripe unit. This
completely avoids the freespace fragmentation problem this
particular IO pattern was causing.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Mark Tinguely <tinguely@sgi.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
2013-06-27 00:04:48 -06:00
|
|
|
/*
|
|
|
|
* If the file is smaller than the minimum prealloc and we are using
|
|
|
|
* dynamic preallocation, don't do any preallocation at all as it is
|
|
|
|
* likely this is the only write to the file that is going to be done.
|
|
|
|
*/
|
|
|
|
if (!(mp->m_flags & XFS_MOUNT_DFLT_IOSIZE) &&
|
|
|
|
XFS_ISIZE(ip) < XFS_FSB_TO_B(mp, mp->m_writeio_blocks))
|
|
|
|
return 0;
|
|
|
|
|
2006-01-10 21:28:28 -07:00
|
|
|
/*
|
|
|
|
* If there are any real blocks past eof, then don't
|
|
|
|
* do any speculative allocation.
|
|
|
|
*/
|
|
|
|
start_fsb = XFS_B_TO_FSBT(mp, ((xfs_ufsize_t)(offset + count - 1)));
|
2012-06-07 23:44:54 -06:00
|
|
|
count_fsb = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes);
|
2006-01-10 21:28:28 -07:00
|
|
|
while (count_fsb > 0) {
|
|
|
|
imaps = nimaps;
|
2011-09-18 14:40:45 -06:00
|
|
|
error = xfs_bmapi_read(ip, start_fsb, count_fsb, imap, &imaps,
|
|
|
|
0);
|
2006-01-10 21:28:28 -07:00
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
for (n = 0; n < imaps; n++) {
|
|
|
|
if ((imap[n].br_startblock != HOLESTARTBLOCK) &&
|
|
|
|
(imap[n].br_startblock != DELAYSTARTBLOCK))
|
|
|
|
return 0;
|
|
|
|
start_fsb += imap[n].br_blockcount;
|
|
|
|
count_fsb -= imap[n].br_blockcount;
|
2011-01-03 17:35:03 -07:00
|
|
|
|
|
|
|
if (imap[n].br_startblock == DELAYSTARTBLOCK)
|
|
|
|
found_delalloc = 1;
|
2006-01-10 21:28:28 -07:00
|
|
|
}
|
|
|
|
}
|
2011-01-03 17:35:03 -07:00
|
|
|
if (!found_delalloc)
|
|
|
|
*prealloc = 1;
|
2006-01-10 21:28:28 -07:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-02-10 22:05:01 -07:00
|
|
|
/*
|
|
|
|
* Determine the initial size of the preallocation. We are beyond the current
|
|
|
|
* EOF here, but we need to take into account whether this is a sparse write or
|
|
|
|
* an extending write when determining the preallocation size. Hence we need to
|
|
|
|
* look up the extent that ends at the current write offset and use the result
|
|
|
|
* to determine the preallocation size.
|
|
|
|
*
|
|
|
|
* If the extent is a hole, then preallocation is essentially disabled.
|
|
|
|
* Otherwise we take the size of the preceeding data extent as the basis for the
|
|
|
|
* preallocation size. If the size of the extent is greater than half the
|
|
|
|
* maximum extent length, then use the current offset as the basis. This ensures
|
|
|
|
* that for large files the preallocation size always extends to MAXEXTLEN
|
|
|
|
* rather than falling short due to things like stripe unit/width alignment of
|
|
|
|
* real extents.
|
|
|
|
*/
|
2013-02-24 12:04:37 -07:00
|
|
|
STATIC xfs_fsblock_t
|
2013-02-10 22:05:01 -07:00
|
|
|
xfs_iomap_eof_prealloc_initial_size(
|
|
|
|
struct xfs_mount *mp,
|
|
|
|
struct xfs_inode *ip,
|
|
|
|
xfs_off_t offset,
|
|
|
|
xfs_bmbt_irec_t *imap,
|
|
|
|
int nimaps)
|
|
|
|
{
|
|
|
|
xfs_fileoff_t start_fsb;
|
|
|
|
int imaps = 1;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
ASSERT(nimaps >= imaps);
|
|
|
|
|
|
|
|
/* if we are using a specific prealloc size, return now */
|
|
|
|
if (mp->m_flags & XFS_MOUNT_DFLT_IOSIZE)
|
|
|
|
return 0;
|
|
|
|
|
xfs: don't use speculative prealloc for small files
Dedicated small file workloads have been seeing significant free
space fragmentation causing premature inode allocation failure
when large inode sizes are in use. A particular test case showed
that a workload that runs to a real ENOSPC on 256 byte inodes would
fail inode allocation with ENOSPC about about 80% full with 512 byte
inodes, and at about 50% full with 1024 byte inodes.
The same workload, when run with -o allocsize=4096 on 1024 byte
inodes would run to being 100% full before giving ENOSPC. That is,
no freespace fragmentation at all.
The issue was caused by the specific IO pattern the application had
- the framework it was using did not support direct IO, and so it
was emulating it by using fadvise(DONT_NEED). The result was that
the data was getting written back before the speculative prealloc
had been trimmed from memory by the close(), and so small single
block files were being allocated with 2 blocks, and then having one
truncated away. The result was lots of small 4k free space extents,
and hence each new 8k allocation would take another 8k from
contiguous free space and turn it into 4k of allocated space and 4k
of free space.
Hence inode allocation, which requires contiguous, aligned
allocation of 16k (256 byte inodes), 32k (512 byte inodes) or 64k
(1024 byte inodes) can fail to find sufficiently large freespace and
hence fail while there is still lots of free space available.
There's a simple fix for this, and one that has precendence in the
allocator code already - don't do speculative allocation unless the
size of the file is larger than a certain size. In this case, that
size is the minimum default preallocation size:
mp->m_writeio_blocks. And to keep with the concept of being nice to
people when the files are still relatively small, cap the prealloc
to mp->m_writeio_blocks until the file goes over a stripe unit is
size, at which point we'll fall back to the current behaviour based
on the last extent size.
This will effectively turn off speculative prealloc for very small
files, keep preallocation low for small files, and behave as it
currently does for any file larger than a stripe unit. This
completely avoids the freespace fragmentation problem this
particular IO pattern was causing.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Mark Tinguely <tinguely@sgi.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
2013-06-27 00:04:48 -06:00
|
|
|
/* If the file is small, then use the minimum prealloc */
|
|
|
|
if (XFS_ISIZE(ip) < XFS_FSB_TO_B(mp, mp->m_dalign))
|
|
|
|
return 0;
|
|
|
|
|
2013-02-10 22:05:01 -07:00
|
|
|
/*
|
|
|
|
* As we write multiple pages, the offset will always align to the
|
|
|
|
* start of a page and hence point to a hole at EOF. i.e. if the size is
|
|
|
|
* 4096 bytes, we only have one block at FSB 0, but XFS_B_TO_FSB(4096)
|
|
|
|
* will return FSB 1. Hence if there are blocks in the file, we want to
|
|
|
|
* point to the block prior to the EOF block and not the hole that maps
|
|
|
|
* directly at @offset.
|
|
|
|
*/
|
|
|
|
start_fsb = XFS_B_TO_FSB(mp, offset);
|
|
|
|
if (start_fsb)
|
|
|
|
start_fsb--;
|
|
|
|
error = xfs_bmapi_read(ip, start_fsb, 1, imap, &imaps, XFS_BMAPI_ENTIRE);
|
|
|
|
if (error)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
ASSERT(imaps == 1);
|
|
|
|
if (imap[0].br_startblock == HOLESTARTBLOCK)
|
|
|
|
return 0;
|
|
|
|
if (imap[0].br_blockcount <= (MAXEXTLEN >> 1))
|
2013-02-19 08:24:41 -07:00
|
|
|
return imap[0].br_blockcount << 1;
|
2013-02-10 22:05:01 -07:00
|
|
|
return XFS_B_TO_FSB(mp, offset);
|
|
|
|
}
|
|
|
|
|
2013-03-18 08:51:47 -06:00
|
|
|
STATIC bool
|
|
|
|
xfs_quota_need_throttle(
|
|
|
|
struct xfs_inode *ip,
|
|
|
|
int type,
|
|
|
|
xfs_fsblock_t alloc_blocks)
|
|
|
|
{
|
|
|
|
struct xfs_dquot *dq = xfs_inode_dquot(ip, type);
|
|
|
|
|
|
|
|
if (!dq || !xfs_this_quota_on(ip->i_mount, type))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
/* no hi watermark, no throttle */
|
|
|
|
if (!dq->q_prealloc_hi_wmark)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
/* under the lo watermark, no throttle */
|
|
|
|
if (dq->q_res_bcount + alloc_blocks < dq->q_prealloc_lo_wmark)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC void
|
|
|
|
xfs_quota_calc_throttle(
|
|
|
|
struct xfs_inode *ip,
|
|
|
|
int type,
|
|
|
|
xfs_fsblock_t *qblocks,
|
2014-07-24 03:56:08 -06:00
|
|
|
int *qshift,
|
|
|
|
int64_t *qfreesp)
|
2013-03-18 08:51:47 -06:00
|
|
|
{
|
|
|
|
int64_t freesp;
|
|
|
|
int shift = 0;
|
|
|
|
struct xfs_dquot *dq = xfs_inode_dquot(ip, type);
|
|
|
|
|
2014-10-01 17:27:09 -06:00
|
|
|
/* no dq, or over hi wmark, squash the prealloc completely */
|
|
|
|
if (!dq || dq->q_res_bcount >= dq->q_prealloc_hi_wmark) {
|
2013-03-18 08:51:47 -06:00
|
|
|
*qblocks = 0;
|
2014-07-24 03:56:08 -06:00
|
|
|
*qfreesp = 0;
|
2013-03-18 08:51:47 -06:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
freesp = dq->q_prealloc_hi_wmark - dq->q_res_bcount;
|
|
|
|
if (freesp < dq->q_low_space[XFS_QLOWSP_5_PCNT]) {
|
|
|
|
shift = 2;
|
|
|
|
if (freesp < dq->q_low_space[XFS_QLOWSP_3_PCNT])
|
|
|
|
shift += 2;
|
|
|
|
if (freesp < dq->q_low_space[XFS_QLOWSP_1_PCNT])
|
|
|
|
shift += 2;
|
|
|
|
}
|
|
|
|
|
2014-07-24 03:56:08 -06:00
|
|
|
if (freesp < *qfreesp)
|
|
|
|
*qfreesp = freesp;
|
|
|
|
|
2013-03-18 08:51:47 -06:00
|
|
|
/* only overwrite the throttle values if we are more aggressive */
|
|
|
|
if ((freesp >> shift) < (*qblocks >> *qshift)) {
|
|
|
|
*qblocks = freesp;
|
|
|
|
*qshift = shift;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-01-03 17:35:03 -07:00
|
|
|
/*
|
|
|
|
* If we don't have a user specified preallocation size, dynamically increase
|
|
|
|
* the preallocation size as the size of the file grows. Cap the maximum size
|
|
|
|
* at a single extent or less if the filesystem is near full. The closer the
|
|
|
|
* filesystem is to full, the smaller the maximum prealocation.
|
|
|
|
*/
|
|
|
|
STATIC xfs_fsblock_t
|
|
|
|
xfs_iomap_prealloc_size(
|
|
|
|
struct xfs_mount *mp,
|
2013-02-10 22:05:01 -07:00
|
|
|
struct xfs_inode *ip,
|
|
|
|
xfs_off_t offset,
|
|
|
|
struct xfs_bmbt_irec *imap,
|
|
|
|
int nimaps)
|
2011-01-03 17:35:03 -07:00
|
|
|
{
|
|
|
|
xfs_fsblock_t alloc_blocks = 0;
|
2013-03-18 08:51:43 -06:00
|
|
|
int shift = 0;
|
|
|
|
int64_t freesp;
|
2013-03-18 08:51:47 -06:00
|
|
|
xfs_fsblock_t qblocks;
|
|
|
|
int qshift = 0;
|
2011-01-03 17:35:03 -07:00
|
|
|
|
2013-02-10 22:05:01 -07:00
|
|
|
alloc_blocks = xfs_iomap_eof_prealloc_initial_size(mp, ip, offset,
|
|
|
|
imap, nimaps);
|
2013-03-18 08:51:43 -06:00
|
|
|
if (!alloc_blocks)
|
|
|
|
goto check_writeio;
|
2013-03-18 08:51:47 -06:00
|
|
|
qblocks = alloc_blocks;
|
2013-03-18 08:51:43 -06:00
|
|
|
|
2013-03-18 08:51:44 -06:00
|
|
|
/*
|
|
|
|
* MAXEXTLEN is not a power of two value but we round the prealloc down
|
|
|
|
* to the nearest power of two value after throttling. To prevent the
|
|
|
|
* round down from unconditionally reducing the maximum supported prealloc
|
|
|
|
* size, we round up first, apply appropriate throttling, round down and
|
|
|
|
* cap the value to MAXEXTLEN.
|
|
|
|
*/
|
|
|
|
alloc_blocks = XFS_FILEOFF_MIN(roundup_pow_of_two(MAXEXTLEN),
|
|
|
|
alloc_blocks);
|
2013-03-18 08:51:43 -06:00
|
|
|
|
2015-02-23 03:22:03 -07:00
|
|
|
freesp = percpu_counter_read_positive(&mp->m_fdblocks);
|
2013-03-18 08:51:43 -06:00
|
|
|
if (freesp < mp->m_low_space[XFS_LOWSP_5_PCNT]) {
|
|
|
|
shift = 2;
|
|
|
|
if (freesp < mp->m_low_space[XFS_LOWSP_4_PCNT])
|
|
|
|
shift++;
|
|
|
|
if (freesp < mp->m_low_space[XFS_LOWSP_3_PCNT])
|
|
|
|
shift++;
|
|
|
|
if (freesp < mp->m_low_space[XFS_LOWSP_2_PCNT])
|
|
|
|
shift++;
|
|
|
|
if (freesp < mp->m_low_space[XFS_LOWSP_1_PCNT])
|
|
|
|
shift++;
|
2011-01-03 17:35:03 -07:00
|
|
|
}
|
2013-03-18 08:51:47 -06:00
|
|
|
|
|
|
|
/*
|
2014-07-24 03:56:08 -06:00
|
|
|
* Check each quota to cap the prealloc size, provide a shift value to
|
|
|
|
* throttle with and adjust amount of available space.
|
2013-03-18 08:51:47 -06:00
|
|
|
*/
|
|
|
|
if (xfs_quota_need_throttle(ip, XFS_DQ_USER, alloc_blocks))
|
2014-07-24 03:56:08 -06:00
|
|
|
xfs_quota_calc_throttle(ip, XFS_DQ_USER, &qblocks, &qshift,
|
|
|
|
&freesp);
|
2013-03-18 08:51:47 -06:00
|
|
|
if (xfs_quota_need_throttle(ip, XFS_DQ_GROUP, alloc_blocks))
|
2014-07-24 03:56:08 -06:00
|
|
|
xfs_quota_calc_throttle(ip, XFS_DQ_GROUP, &qblocks, &qshift,
|
|
|
|
&freesp);
|
2013-03-18 08:51:47 -06:00
|
|
|
if (xfs_quota_need_throttle(ip, XFS_DQ_PROJ, alloc_blocks))
|
2014-07-24 03:56:08 -06:00
|
|
|
xfs_quota_calc_throttle(ip, XFS_DQ_PROJ, &qblocks, &qshift,
|
|
|
|
&freesp);
|
2013-03-18 08:51:47 -06:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The final prealloc size is set to the minimum of free space available
|
|
|
|
* in each of the quotas and the overall filesystem.
|
|
|
|
*
|
|
|
|
* The shift throttle value is set to the maximum value as determined by
|
|
|
|
* the global low free space values and per-quota low free space values.
|
|
|
|
*/
|
|
|
|
alloc_blocks = MIN(alloc_blocks, qblocks);
|
|
|
|
shift = MAX(shift, qshift);
|
|
|
|
|
2013-03-18 08:51:43 -06:00
|
|
|
if (shift)
|
|
|
|
alloc_blocks >>= shift;
|
2013-03-18 08:51:44 -06:00
|
|
|
/*
|
|
|
|
* rounddown_pow_of_two() returns an undefined result if we pass in
|
|
|
|
* alloc_blocks = 0.
|
|
|
|
*/
|
|
|
|
if (alloc_blocks)
|
|
|
|
alloc_blocks = rounddown_pow_of_two(alloc_blocks);
|
|
|
|
if (alloc_blocks > MAXEXTLEN)
|
|
|
|
alloc_blocks = MAXEXTLEN;
|
2013-03-18 08:51:43 -06:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If we are still trying to allocate more space than is
|
|
|
|
* available, squash the prealloc hard. This can happen if we
|
|
|
|
* have a large file on a small filesystem and the above
|
|
|
|
* lowspace thresholds are smaller than MAXEXTLEN.
|
|
|
|
*/
|
|
|
|
while (alloc_blocks && alloc_blocks >= freesp)
|
|
|
|
alloc_blocks >>= 4;
|
2011-01-03 17:35:03 -07:00
|
|
|
|
2013-03-18 08:51:43 -06:00
|
|
|
check_writeio:
|
2011-01-03 17:35:03 -07:00
|
|
|
if (alloc_blocks < mp->m_writeio_blocks)
|
|
|
|
alloc_blocks = mp->m_writeio_blocks;
|
|
|
|
|
2013-03-18 08:51:48 -06:00
|
|
|
trace_xfs_iomap_prealloc_size(ip, alloc_blocks, shift,
|
|
|
|
mp->m_writeio_blocks);
|
|
|
|
|
2011-01-03 17:35:03 -07:00
|
|
|
return alloc_blocks;
|
|
|
|
}
|
|
|
|
|
2010-12-10 01:42:20 -07:00
|
|
|
int
|
2005-04-16 16:20:36 -06:00
|
|
|
xfs_iomap_write_delay(
|
|
|
|
xfs_inode_t *ip,
|
2005-05-05 14:33:40 -06:00
|
|
|
xfs_off_t offset,
|
2005-04-16 16:20:36 -06:00
|
|
|
size_t count,
|
2010-12-10 01:42:19 -07:00
|
|
|
xfs_bmbt_irec_t *ret_imap)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
xfs_mount_t *mp = ip->i_mount;
|
|
|
|
xfs_fileoff_t offset_fsb;
|
|
|
|
xfs_fileoff_t last_fsb;
|
2006-01-10 21:28:28 -07:00
|
|
|
xfs_off_t aligned_offset;
|
|
|
|
xfs_fileoff_t ioalign;
|
|
|
|
xfs_extlen_t extsz;
|
2005-04-16 16:20:36 -06:00
|
|
|
int nimaps;
|
|
|
|
xfs_bmbt_irec_t imap[XFS_WRITE_IMAPS];
|
2012-10-08 04:56:04 -06:00
|
|
|
int prealloc;
|
2006-01-10 21:28:28 -07:00
|
|
|
int error;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2008-04-22 01:34:00 -06:00
|
|
|
ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Make sure that the dquots are there. This doesn't hold
|
|
|
|
* the ilock across a disk read.
|
|
|
|
*/
|
2009-06-08 07:33:32 -06:00
|
|
|
error = xfs_qm_dqattach_locked(ip, 0);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (error)
|
2014-06-21 23:04:54 -06:00
|
|
|
return error;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2007-06-18 00:50:37 -06:00
|
|
|
extsz = xfs_get_extsz_hint(ip);
|
2006-01-10 21:28:28 -07:00
|
|
|
offset_fsb = XFS_B_TO_FSBT(mp, offset);
|
|
|
|
|
2008-12-21 23:56:49 -07:00
|
|
|
error = xfs_iomap_eof_want_preallocate(mp, ip, offset, count,
|
2010-12-10 01:42:19 -07:00
|
|
|
imap, XFS_WRITE_IMAPS, &prealloc);
|
2006-01-10 21:28:28 -07:00
|
|
|
if (error)
|
|
|
|
return error;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-04-06 10:49:12 -06:00
|
|
|
retry:
|
2006-01-10 21:28:28 -07:00
|
|
|
if (prealloc) {
|
2013-02-10 22:05:01 -07:00
|
|
|
xfs_fsblock_t alloc_blocks;
|
|
|
|
|
|
|
|
alloc_blocks = xfs_iomap_prealloc_size(mp, ip, offset, imap,
|
|
|
|
XFS_WRITE_IMAPS);
|
2011-01-03 17:35:03 -07:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
aligned_offset = XFS_WRITEIO_ALIGN(mp, (offset + count - 1));
|
|
|
|
ioalign = XFS_B_TO_FSBT(mp, aligned_offset);
|
2011-01-03 17:35:03 -07:00
|
|
|
last_fsb = ioalign + alloc_blocks;
|
2006-01-10 21:28:28 -07:00
|
|
|
} else {
|
|
|
|
last_fsb = XFS_B_TO_FSB(mp, ((xfs_ufsize_t)(offset + count)));
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
2006-01-10 21:28:28 -07:00
|
|
|
if (prealloc || extsz) {
|
2008-12-21 23:56:49 -07:00
|
|
|
error = xfs_iomap_eof_align_last_fsb(mp, ip, extsz, &last_fsb);
|
2006-01-10 21:28:28 -07:00
|
|
|
if (error)
|
2005-04-16 16:20:36 -06:00
|
|
|
return error;
|
|
|
|
}
|
2006-01-10 21:28:28 -07:00
|
|
|
|
2012-04-29 06:43:19 -06:00
|
|
|
/*
|
|
|
|
* Make sure preallocation does not create extents beyond the range we
|
|
|
|
* actually support in this filesystem.
|
|
|
|
*/
|
2012-06-07 23:44:53 -06:00
|
|
|
if (last_fsb > XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes))
|
|
|
|
last_fsb = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes);
|
2012-04-29 06:43:19 -06:00
|
|
|
|
|
|
|
ASSERT(last_fsb > offset_fsb);
|
|
|
|
|
2006-01-10 21:28:28 -07:00
|
|
|
nimaps = XFS_WRITE_IMAPS;
|
2011-09-18 14:40:48 -06:00
|
|
|
error = xfs_bmapi_delay(ip, offset_fsb, last_fsb - offset_fsb,
|
|
|
|
imap, &nimaps, XFS_BMAPI_ENTIRE);
|
2011-01-03 17:35:03 -07:00
|
|
|
switch (error) {
|
|
|
|
case 0:
|
2014-06-24 22:58:08 -06:00
|
|
|
case -ENOSPC:
|
|
|
|
case -EDQUOT:
|
2011-01-03 17:35:03 -07:00
|
|
|
break;
|
|
|
|
default:
|
2014-06-21 23:04:54 -06:00
|
|
|
return error;
|
2011-01-03 17:35:03 -07:00
|
|
|
}
|
2006-01-10 21:28:28 -07:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
/*
|
2012-10-08 04:56:04 -06:00
|
|
|
* If bmapi returned us nothing, we got either ENOSPC or EDQUOT. Retry
|
2011-01-03 17:35:03 -07:00
|
|
|
* without EOF preallocation.
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
|
|
|
if (nimaps == 0) {
|
2009-12-14 16:14:59 -07:00
|
|
|
trace_xfs_delalloc_enospc(ip, offset, count);
|
2012-10-08 04:56:04 -06:00
|
|
|
if (prealloc) {
|
|
|
|
prealloc = 0;
|
|
|
|
error = 0;
|
|
|
|
goto retry;
|
2011-01-03 17:35:03 -07:00
|
|
|
}
|
2014-06-24 22:58:08 -06:00
|
|
|
return error ? error : -ENOSPC;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
2008-04-28 20:53:21 -06:00
|
|
|
if (!(imap[0].br_startblock || XFS_IS_REALTIME_INODE(ip)))
|
2011-03-06 16:06:35 -07:00
|
|
|
return xfs_alert_fsblock_zero(ip, &imap[0]);
|
2006-01-10 21:28:28 -07:00
|
|
|
|
2012-11-06 07:50:38 -07:00
|
|
|
/*
|
|
|
|
* Tag the inode as speculatively preallocated so we can reclaim this
|
|
|
|
* space on demand, if necessary.
|
|
|
|
*/
|
|
|
|
if (prealloc)
|
|
|
|
xfs_inode_set_eofblocks_tag(ip);
|
|
|
|
|
2006-01-10 21:28:28 -07:00
|
|
|
*ret_imap = imap[0];
|
2005-04-16 16:20:36 -06:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Pass in a delayed allocate extent, convert it to real extents;
|
|
|
|
* return to the caller the extent we create which maps on top of
|
|
|
|
* the originating callers request.
|
|
|
|
*
|
|
|
|
* Called without a lock on the inode.
|
2007-11-22 22:29:11 -07:00
|
|
|
*
|
|
|
|
* We no longer bother to look at the incoming map - all we have to
|
|
|
|
* guarantee is that whatever we allocate fills the required range.
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
2010-12-10 01:42:20 -07:00
|
|
|
int
|
2005-04-16 16:20:36 -06:00
|
|
|
xfs_iomap_write_allocate(
|
|
|
|
xfs_inode_t *ip,
|
2005-05-05 14:33:40 -06:00
|
|
|
xfs_off_t offset,
|
2010-12-10 01:42:19 -07:00
|
|
|
xfs_bmbt_irec_t *imap)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
xfs_mount_t *mp = ip->i_mount;
|
|
|
|
xfs_fileoff_t offset_fsb, last_block;
|
|
|
|
xfs_fileoff_t end_fsb, map_start_fsb;
|
|
|
|
xfs_fsblock_t first_block;
|
|
|
|
xfs_bmap_free_t free_list;
|
|
|
|
xfs_filblks_t count_fsb;
|
|
|
|
xfs_trans_t *tp;
|
xfs: eliminate committed arg from xfs_bmap_finish
Calls to xfs_bmap_finish() and xfs_trans_ijoin(), and the
associated comments were replicated several times across
the attribute code, all dealing with what to do if the
transaction was or wasn't committed.
And in that replicated code, an ASSERT() test of an
uninitialized variable occurs in several locations:
error = xfs_attr_thing(&args);
if (!error) {
error = xfs_bmap_finish(&args.trans, args.flist,
&committed);
}
if (error) {
ASSERT(committed);
If the first xfs_attr_thing() failed, we'd skip the xfs_bmap_finish,
never set "committed", and then test it in the ASSERT.
Fix this up by moving the committed state internal to xfs_bmap_finish,
and add a new inode argument. If an inode is passed in, it is passed
through to __xfs_trans_roll() and joined to the transaction there if
the transaction was committed.
xfs_qm_dqalloc() was a little unique in that it called bjoin rather
than ijoin, but as Dave points out we can detect the committed state
but checking whether (*tpp != tp).
Addresses-Coverity-Id: 102360
Addresses-Coverity-Id: 102361
Addresses-Coverity-Id: 102363
Addresses-Coverity-Id: 102364
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-01-10 17:34:01 -07:00
|
|
|
int nimaps;
|
2005-04-16 16:20:36 -06:00
|
|
|
int error = 0;
|
|
|
|
int nres;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Make sure that the dquots are there.
|
|
|
|
*/
|
2009-06-08 07:33:32 -06:00
|
|
|
error = xfs_qm_dqattach(ip, 0);
|
|
|
|
if (error)
|
2014-06-21 23:04:54 -06:00
|
|
|
return error;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2005-05-05 14:33:20 -06:00
|
|
|
offset_fsb = XFS_B_TO_FSBT(mp, offset);
|
2010-06-23 19:42:19 -06:00
|
|
|
count_fsb = imap->br_blockcount;
|
|
|
|
map_start_fsb = imap->br_startoff;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-10-12 01:21:22 -06:00
|
|
|
XFS_STATS_ADD(mp, xs_xstrat_bytes, XFS_FSB_TO_B(mp, count_fsb));
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
while (count_fsb != 0) {
|
|
|
|
/*
|
|
|
|
* Set up a transaction with which to allocate the
|
|
|
|
* backing store for the file. Do allocations in a
|
|
|
|
* loop until we get some space in the range we are
|
|
|
|
* interested in. The other space that might be allocated
|
|
|
|
* is in the delayed allocation extent on which we sit
|
|
|
|
* but before our buffer starts.
|
|
|
|
*/
|
|
|
|
|
|
|
|
nimaps = 0;
|
|
|
|
while (nimaps == 0) {
|
|
|
|
tp = xfs_trans_alloc(mp, XFS_TRANS_STRAT_WRITE);
|
2007-06-18 00:50:27 -06:00
|
|
|
tp->t_flags |= XFS_TRANS_RESERVE;
|
2005-04-16 16:20:36 -06:00
|
|
|
nres = XFS_EXTENTADD_SPACE_RES(mp, XFS_DATA_FORK);
|
2013-08-12 04:49:59 -06:00
|
|
|
error = xfs_trans_reserve(tp, &M_RES(mp)->tr_write,
|
|
|
|
nres, 0);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (error) {
|
2015-06-03 21:47:56 -06:00
|
|
|
xfs_trans_cancel(tp);
|
2014-06-21 23:04:54 -06:00
|
|
|
return error;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
xfs_ilock(ip, XFS_ILOCK_EXCL);
|
2011-09-19 09:00:54 -06:00
|
|
|
xfs_trans_ijoin(tp, ip, 0);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-01-14 22:22:07 -07:00
|
|
|
xfs_bmap_init(&free_list, &first_block);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
/*
|
2007-11-22 22:29:11 -07:00
|
|
|
* it is possible that the extents have changed since
|
|
|
|
* we did the read call as we dropped the ilock for a
|
|
|
|
* while. We have to be careful about truncates or hole
|
|
|
|
* punchs here - we are not allowed to allocate
|
|
|
|
* non-delalloc blocks here.
|
|
|
|
*
|
|
|
|
* The only protection against truncation is the pages
|
|
|
|
* for the range we are being asked to convert are
|
|
|
|
* locked and hence a truncate will block on them
|
|
|
|
* first.
|
|
|
|
*
|
|
|
|
* As a result, if we go beyond the range we really
|
|
|
|
* need and hit an delalloc extent boundary followed by
|
|
|
|
* a hole while we have excess blocks in the map, we
|
|
|
|
* will fill the hole incorrectly and overrun the
|
|
|
|
* transaction reservation.
|
|
|
|
*
|
|
|
|
* Using a single map prevents this as we are forced to
|
|
|
|
* check each map we look for overlap with the desired
|
|
|
|
* range and abort as soon as we find it. Also, given
|
|
|
|
* that we only return a single map, having one beyond
|
|
|
|
* what we can return is probably a bit silly.
|
|
|
|
*
|
|
|
|
* We also need to check that we don't go beyond EOF;
|
|
|
|
* this is a truncate optimisation as a truncate sets
|
|
|
|
* the new file size before block on the pages we
|
|
|
|
* currently have locked under writeback. Because they
|
|
|
|
* are about to be tossed, we don't need to write them
|
|
|
|
* back....
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
2007-11-22 22:29:11 -07:00
|
|
|
nimaps = 1;
|
2011-12-18 13:00:11 -07:00
|
|
|
end_fsb = XFS_B_TO_FSB(mp, XFS_ISIZE(ip));
|
2014-04-14 02:58:05 -06:00
|
|
|
error = xfs_bmap_last_offset(ip, &last_block,
|
2008-04-09 20:21:59 -06:00
|
|
|
XFS_DATA_FORK);
|
|
|
|
if (error)
|
|
|
|
goto trans_cancel;
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
last_block = XFS_FILEOFF_MAX(last_block, end_fsb);
|
|
|
|
if ((map_start_fsb + count_fsb) > last_block) {
|
|
|
|
count_fsb = last_block - map_start_fsb;
|
|
|
|
if (count_fsb == 0) {
|
2014-06-24 22:58:08 -06:00
|
|
|
error = -EAGAIN;
|
2005-04-16 16:20:36 -06:00
|
|
|
goto trans_cancel;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-06-23 19:42:19 -06:00
|
|
|
/*
|
|
|
|
* From this point onwards we overwrite the imap
|
|
|
|
* pointer that the caller gave to us.
|
|
|
|
*/
|
2011-09-18 14:40:52 -06:00
|
|
|
error = xfs_bmapi_write(tp, ip, map_start_fsb,
|
xfs: pass total block res. as total xfs_bmapi_write() parameter
The total field from struct xfs_alloc_arg is a bit of an unknown
commodity. It is documented as the total block requirement for the
transaction and is used in this manner from most call sites by virtue of
passing the total block reservation of the transaction associated with
an allocation. Several xfs_bmapi_write() callers pass hardcoded values
of 0 or 1 for the total block requirement, which is a historical oddity
without any clear reasoning.
The xfs_iomap_write_direct() caller, for example, passes 0 for the total
block requirement. This has been determined to cause problems in the
form of ABBA deadlocks of AGF buffers due to incorrect AG selection in
the block allocator. Specifically, the xfs_alloc_space_available()
function incorrectly selects an AG that doesn't actually have sufficient
space for the allocation. This occurs because the args.total field is 0
and thus the remaining free space check on the AG doesn't actually
consider the size of the allocation request. This locks the AGF buffer,
the allocation attempt proceeds and ultimately fails (in
xfs_alloc_fix_minleft()), and xfs_alloc_vexent() moves on to the next
AG. In turn, this can lead to incorrect AG locking order (if the
allocator wraps around, attempting to lock AG 0 after acquiring AG N)
and thus deadlock if racing with another operation. This problem has
been reproduced via generic/299 on smallish (1GB) ramdisk test devices.
To avoid this problem, replace the undocumented hardcoded total
parameters from the iomap and utility callers to pass the block
reservation used for the associated transaction. This is consistent with
other xfs_bmapi_write() callers throughout XFS. The assumption is that
the total field allows the selection of an AG that can handle the entire
operation rather than simply the allocation/range being requested (e.g.,
resulting btree splits, etc.). This addresses the aforementioned
generic/299 hang by ensuring AG selection only occurs when the
allocation can be satisfied by the AG.
Reported-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-10-11 23:04:13 -06:00
|
|
|
count_fsb, 0, &first_block,
|
|
|
|
nres, imap, &nimaps,
|
|
|
|
&free_list);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (error)
|
|
|
|
goto trans_cancel;
|
|
|
|
|
xfs: eliminate committed arg from xfs_bmap_finish
Calls to xfs_bmap_finish() and xfs_trans_ijoin(), and the
associated comments were replicated several times across
the attribute code, all dealing with what to do if the
transaction was or wasn't committed.
And in that replicated code, an ASSERT() test of an
uninitialized variable occurs in several locations:
error = xfs_attr_thing(&args);
if (!error) {
error = xfs_bmap_finish(&args.trans, args.flist,
&committed);
}
if (error) {
ASSERT(committed);
If the first xfs_attr_thing() failed, we'd skip the xfs_bmap_finish,
never set "committed", and then test it in the ASSERT.
Fix this up by moving the committed state internal to xfs_bmap_finish,
and add a new inode argument. If an inode is passed in, it is passed
through to __xfs_trans_roll() and joined to the transaction there if
the transaction was committed.
xfs_qm_dqalloc() was a little unique in that it called bjoin rather
than ijoin, but as Dave points out we can detect the committed state
but checking whether (*tpp != tp).
Addresses-Coverity-Id: 102360
Addresses-Coverity-Id: 102361
Addresses-Coverity-Id: 102363
Addresses-Coverity-Id: 102364
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-01-10 17:34:01 -07:00
|
|
|
error = xfs_bmap_finish(&tp, &free_list, NULL);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (error)
|
|
|
|
goto trans_cancel;
|
|
|
|
|
2015-06-03 21:48:08 -06:00
|
|
|
error = xfs_trans_commit(tp);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (error)
|
|
|
|
goto error0;
|
|
|
|
|
|
|
|
xfs_iunlock(ip, XFS_ILOCK_EXCL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* See if we were able to allocate an extent that
|
|
|
|
* covers at least part of the callers request
|
|
|
|
*/
|
2010-06-23 19:42:19 -06:00
|
|
|
if (!(imap->br_startblock || XFS_IS_REALTIME_INODE(ip)))
|
2011-03-06 16:06:35 -07:00
|
|
|
return xfs_alert_fsblock_zero(ip, imap);
|
2008-04-28 20:53:21 -06:00
|
|
|
|
2010-06-23 19:42:19 -06:00
|
|
|
if ((offset_fsb >= imap->br_startoff) &&
|
|
|
|
(offset_fsb < (imap->br_startoff +
|
|
|
|
imap->br_blockcount))) {
|
2015-10-12 01:21:22 -06:00
|
|
|
XFS_STATS_INC(mp, xs_xstrat_quick);
|
2007-11-22 22:29:11 -07:00
|
|
|
return 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
2007-11-22 22:29:11 -07:00
|
|
|
/*
|
|
|
|
* So far we have not mapped the requested part of the
|
2005-04-16 16:20:36 -06:00
|
|
|
* file, just surrounding data, try again.
|
|
|
|
*/
|
2010-06-23 19:42:19 -06:00
|
|
|
count_fsb -= imap->br_blockcount;
|
|
|
|
map_start_fsb = imap->br_startoff + imap->br_blockcount;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
trans_cancel:
|
|
|
|
xfs_bmap_cancel(&free_list);
|
2015-06-03 21:47:56 -06:00
|
|
|
xfs_trans_cancel(tp);
|
2005-04-16 16:20:36 -06:00
|
|
|
error0:
|
|
|
|
xfs_iunlock(ip, XFS_ILOCK_EXCL);
|
2014-06-21 23:04:54 -06:00
|
|
|
return error;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
xfs_iomap_write_unwritten(
|
|
|
|
xfs_inode_t *ip,
|
2005-05-05 14:33:40 -06:00
|
|
|
xfs_off_t offset,
|
2015-01-08 16:48:12 -07:00
|
|
|
xfs_off_t count)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
xfs_mount_t *mp = ip->i_mount;
|
|
|
|
xfs_fileoff_t offset_fsb;
|
|
|
|
xfs_filblks_t count_fsb;
|
|
|
|
xfs_filblks_t numblks_fsb;
|
2006-01-10 21:28:28 -07:00
|
|
|
xfs_fsblock_t firstfsb;
|
|
|
|
int nimaps;
|
|
|
|
xfs_trans_t *tp;
|
|
|
|
xfs_bmbt_irec_t imap;
|
|
|
|
xfs_bmap_free_t free_list;
|
2012-02-29 02:53:50 -07:00
|
|
|
xfs_fsize_t i_size;
|
2006-01-10 21:28:28 -07:00
|
|
|
uint resblks;
|
2005-04-16 16:20:36 -06:00
|
|
|
int error;
|
|
|
|
|
2009-12-14 16:14:59 -07:00
|
|
|
trace_xfs_unwritten_convert(ip, offset, count);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
offset_fsb = XFS_B_TO_FSBT(mp, offset);
|
|
|
|
count_fsb = XFS_B_TO_FSB(mp, (xfs_ufsize_t)offset + count);
|
|
|
|
count_fsb = (xfs_filblks_t)(count_fsb - offset_fsb);
|
|
|
|
|
2008-06-26 21:32:53 -06:00
|
|
|
/*
|
|
|
|
* Reserve enough blocks in this transaction for two complete extent
|
|
|
|
* btree splits. We may be converting the middle part of an unwritten
|
|
|
|
* extent and in this case we will insert two new extents in the btree
|
|
|
|
* each of which could cause a full split.
|
|
|
|
*
|
|
|
|
* This reservation amount will be used in the first call to
|
|
|
|
* xfs_bmbt_split() to select an AG with enough space to satisfy the
|
|
|
|
* rest of the operation.
|
|
|
|
*/
|
2006-01-10 21:28:28 -07:00
|
|
|
resblks = XFS_DIOSTRAT_SPACE_RES(mp, 0) << 1;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2006-01-10 21:28:28 -07:00
|
|
|
do {
|
2005-04-16 16:20:36 -06:00
|
|
|
/*
|
|
|
|
* set up a transaction to convert the range of extents
|
|
|
|
* from unwritten to real. Do allocations in a loop until
|
|
|
|
* we have covered the range passed in.
|
2009-10-18 22:00:03 -06:00
|
|
|
*
|
|
|
|
* Note that we open code the transaction allocation here
|
|
|
|
* to pass KM_NOFS--we can't risk to recursing back into
|
|
|
|
* the filesystem here as we might be asked to write out
|
|
|
|
* the same inode that we complete here and might deadlock
|
|
|
|
* on the iolock.
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
2012-06-12 08:20:39 -06:00
|
|
|
sb_start_intwrite(mp->m_super);
|
2009-10-18 22:00:03 -06:00
|
|
|
tp = _xfs_trans_alloc(mp, XFS_TRANS_STRAT_WRITE, KM_NOFS);
|
2012-06-12 08:20:39 -06:00
|
|
|
tp->t_flags |= XFS_TRANS_RESERVE | XFS_TRANS_FREEZE_PROT;
|
2013-08-12 04:49:59 -06:00
|
|
|
error = xfs_trans_reserve(tp, &M_RES(mp)->tr_write,
|
|
|
|
resblks, 0);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (error) {
|
2015-06-03 21:47:56 -06:00
|
|
|
xfs_trans_cancel(tp);
|
2014-06-21 23:04:54 -06:00
|
|
|
return error;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
xfs_ilock(ip, XFS_ILOCK_EXCL);
|
2011-09-19 09:00:54 -06:00
|
|
|
xfs_trans_ijoin(tp, ip, 0);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Modify the unwritten extent state of the buffer.
|
|
|
|
*/
|
2009-01-14 22:22:07 -07:00
|
|
|
xfs_bmap_init(&free_list, &firstfsb);
|
2005-04-16 16:20:36 -06:00
|
|
|
nimaps = 1;
|
2011-09-18 14:40:52 -06:00
|
|
|
error = xfs_bmapi_write(tp, ip, offset_fsb, count_fsb,
|
xfs: pass total block res. as total xfs_bmapi_write() parameter
The total field from struct xfs_alloc_arg is a bit of an unknown
commodity. It is documented as the total block requirement for the
transaction and is used in this manner from most call sites by virtue of
passing the total block reservation of the transaction associated with
an allocation. Several xfs_bmapi_write() callers pass hardcoded values
of 0 or 1 for the total block requirement, which is a historical oddity
without any clear reasoning.
The xfs_iomap_write_direct() caller, for example, passes 0 for the total
block requirement. This has been determined to cause problems in the
form of ABBA deadlocks of AGF buffers due to incorrect AG selection in
the block allocator. Specifically, the xfs_alloc_space_available()
function incorrectly selects an AG that doesn't actually have sufficient
space for the allocation. This occurs because the args.total field is 0
and thus the remaining free space check on the AG doesn't actually
consider the size of the allocation request. This locks the AGF buffer,
the allocation attempt proceeds and ultimately fails (in
xfs_alloc_fix_minleft()), and xfs_alloc_vexent() moves on to the next
AG. In turn, this can lead to incorrect AG locking order (if the
allocator wraps around, attempting to lock AG 0 after acquiring AG N)
and thus deadlock if racing with another operation. This problem has
been reproduced via generic/299 on smallish (1GB) ramdisk test devices.
To avoid this problem, replace the undocumented hardcoded total
parameters from the iomap and utility callers to pass the block
reservation used for the associated transaction. This is consistent with
other xfs_bmapi_write() callers throughout XFS. The assumption is that
the total field allows the selection of an AG that can handle the entire
operation rather than simply the allocation/range being requested (e.g.,
resulting btree splits, etc.). This addresses the aforementioned
generic/299 hang by ensuring AG selection only occurs when the
allocation can be satisfied by the AG.
Reported-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2015-10-11 23:04:13 -06:00
|
|
|
XFS_BMAPI_CONVERT, &firstfsb, resblks,
|
|
|
|
&imap, &nimaps, &free_list);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (error)
|
|
|
|
goto error_on_bmapi_transaction;
|
|
|
|
|
2012-02-29 02:53:50 -07:00
|
|
|
/*
|
|
|
|
* Log the updated inode size as we go. We have to be careful
|
|
|
|
* to only log it up to the actual write offset if it is
|
|
|
|
* halfway into a block.
|
|
|
|
*/
|
|
|
|
i_size = XFS_FSB_TO_B(mp, offset_fsb + count_fsb);
|
|
|
|
if (i_size > offset + count)
|
|
|
|
i_size = offset + count;
|
|
|
|
|
|
|
|
i_size = xfs_new_eof(ip, i_size);
|
|
|
|
if (i_size) {
|
|
|
|
ip->i_d.di_size = i_size;
|
|
|
|
xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
|
|
|
|
}
|
|
|
|
|
xfs: eliminate committed arg from xfs_bmap_finish
Calls to xfs_bmap_finish() and xfs_trans_ijoin(), and the
associated comments were replicated several times across
the attribute code, all dealing with what to do if the
transaction was or wasn't committed.
And in that replicated code, an ASSERT() test of an
uninitialized variable occurs in several locations:
error = xfs_attr_thing(&args);
if (!error) {
error = xfs_bmap_finish(&args.trans, args.flist,
&committed);
}
if (error) {
ASSERT(committed);
If the first xfs_attr_thing() failed, we'd skip the xfs_bmap_finish,
never set "committed", and then test it in the ASSERT.
Fix this up by moving the committed state internal to xfs_bmap_finish,
and add a new inode argument. If an inode is passed in, it is passed
through to __xfs_trans_roll() and joined to the transaction there if
the transaction was committed.
xfs_qm_dqalloc() was a little unique in that it called bjoin rather
than ijoin, but as Dave points out we can detect the committed state
but checking whether (*tpp != tp).
Addresses-Coverity-Id: 102360
Addresses-Coverity-Id: 102361
Addresses-Coverity-Id: 102363
Addresses-Coverity-Id: 102364
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-01-10 17:34:01 -07:00
|
|
|
error = xfs_bmap_finish(&tp, &free_list, NULL);
|
2005-04-16 16:20:36 -06:00
|
|
|
if (error)
|
|
|
|
goto error_on_bmapi_transaction;
|
|
|
|
|
2015-06-03 21:48:08 -06:00
|
|
|
error = xfs_trans_commit(tp);
|
2005-04-16 16:20:36 -06:00
|
|
|
xfs_iunlock(ip, XFS_ILOCK_EXCL);
|
|
|
|
if (error)
|
2014-06-21 23:04:54 -06:00
|
|
|
return error;
|
2006-09-27 19:03:20 -06:00
|
|
|
|
2008-04-28 20:53:21 -06:00
|
|
|
if (!(imap.br_startblock || XFS_IS_REALTIME_INODE(ip)))
|
2011-03-06 16:06:35 -07:00
|
|
|
return xfs_alert_fsblock_zero(ip, &imap);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
if ((numblks_fsb = imap.br_blockcount) == 0) {
|
|
|
|
/*
|
|
|
|
* The numblks_fsb value should always get
|
|
|
|
* smaller, otherwise the loop is stuck.
|
|
|
|
*/
|
|
|
|
ASSERT(imap.br_blockcount);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
offset_fsb += numblks_fsb;
|
|
|
|
count_fsb -= numblks_fsb;
|
|
|
|
} while (count_fsb > 0);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
error_on_bmapi_transaction:
|
|
|
|
xfs_bmap_cancel(&free_list);
|
2015-06-03 21:47:56 -06:00
|
|
|
xfs_trans_cancel(tp);
|
2005-04-16 16:20:36 -06:00
|
|
|
xfs_iunlock(ip, XFS_ILOCK_EXCL);
|
2014-06-21 23:04:54 -06:00
|
|
|
return error;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|