|
|
|
/*
|
|
|
|
* fs/fs-writeback.c
|
|
|
|
*
|
|
|
|
* Copyright (C) 2002, Linus Torvalds.
|
|
|
|
*
|
|
|
|
* Contains all the functions related to writing back and waiting
|
|
|
|
* upon dirty inodes against superblocks, and writing back dirty
|
|
|
|
* pages against inodes. ie: data writeback. Writeout of the
|
|
|
|
* inode itself is not handled here.
|
|
|
|
*
|
|
|
|
* 10Apr2002 Andrew Morton
|
|
|
|
* Split out of fs/inode.c
|
|
|
|
* Additions for address_space-based writeback
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/spinlock.h>
|
|
|
|
#include <linux/sched.h>
|
|
|
|
#include <linux/fs.h>
|
|
|
|
#include <linux/mm.h>
|
|
|
|
#include <linux/writeback.h>
|
|
|
|
#include <linux/blkdev.h>
|
|
|
|
#include <linux/backing-dev.h>
|
|
|
|
#include <linux/buffer_head.h>
|
|
|
|
#include "internal.h"
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* writeback_acquire - attempt to get exclusive writeback access to a device
|
|
|
|
* @bdi: the device's backing_dev_info structure
|
|
|
|
*
|
|
|
|
* It is a waste of resources to have more than one pdflush thread blocked on
|
|
|
|
* a single request queue. Exclusion at the request_queue level is obtained
|
|
|
|
* via a flag in the request_queue's backing_dev_info.state.
|
|
|
|
*
|
|
|
|
* Non-request_queue-backed address_spaces will share default_backing_dev_info,
|
|
|
|
* unless they implement their own. Which is somewhat inefficient, as this
|
|
|
|
* may prevent concurrent writeback against multiple devices.
|
|
|
|
*/
|
|
|
|
static int writeback_acquire(struct backing_dev_info *bdi)
|
|
|
|
{
|
|
|
|
return !test_and_set_bit(BDI_pdflush, &bdi->state);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* writeback_in_progress - determine whether there is writeback in progress
|
|
|
|
* @bdi: the device's backing_dev_info structure.
|
|
|
|
*
|
|
|
|
* Determine whether there is writeback in progress against a backing device.
|
|
|
|
*/
|
|
|
|
int writeback_in_progress(struct backing_dev_info *bdi)
|
|
|
|
{
|
|
|
|
return test_bit(BDI_pdflush, &bdi->state);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* writeback_release - relinquish exclusive writeback access against a device.
|
|
|
|
* @bdi: the device's backing_dev_info structure
|
|
|
|
*/
|
|
|
|
static void writeback_release(struct backing_dev_info *bdi)
|
|
|
|
{
|
|
|
|
BUG_ON(!writeback_in_progress(bdi));
|
|
|
|
clear_bit(BDI_pdflush, &bdi->state);
|
|
|
|
}
|
|
|
|
|
|
|
|
static noinline void block_dump___mark_inode_dirty(struct inode *inode)
|
|
|
|
{
|
|
|
|
if (inode->i_ino || strcmp(inode->i_sb->s_id, "bdev")) {
|
|
|
|
struct dentry *dentry;
|
|
|
|
const char *name = "?";
|
|
|
|
|
|
|
|
dentry = d_find_alias(inode);
|
|
|
|
if (dentry) {
|
|
|
|
spin_lock(&dentry->d_lock);
|
|
|
|
name = (const char *) dentry->d_name.name;
|
|
|
|
}
|
|
|
|
printk(KERN_DEBUG
|
|
|
|
"%s(%d): dirtied inode %lu (%s) on %s\n",
|
|
|
|
current->comm, task_pid_nr(current), inode->i_ino,
|
|
|
|
name, inode->i_sb->s_id);
|
|
|
|
if (dentry) {
|
|
|
|
spin_unlock(&dentry->d_lock);
|
|
|
|
dput(dentry);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __mark_inode_dirty - internal function
|
|
|
|
* @inode: inode to mark
|
|
|
|
* @flags: what kind of dirty (i.e. I_DIRTY_SYNC)
|
|
|
|
* Mark an inode as dirty. Callers should use mark_inode_dirty or
|
|
|
|
* mark_inode_dirty_sync.
|
|
|
|
*
|
|
|
|
* Put the inode on the super block's dirty list.
|
|
|
|
*
|
|
|
|
* CAREFUL! We mark it dirty unconditionally, but move it onto the
|
|
|
|
* dirty list only if it is hashed or if it refers to a blockdev.
|
|
|
|
* If it was not hashed, it will never be added to the dirty list
|
|
|
|
* even if it is later hashed, as it will have been marked dirty already.
|
|
|
|
*
|
|
|
|
* In short, make sure you hash any inodes _before_ you start marking
|
|
|
|
* them dirty.
|
|
|
|
*
|
|
|
|
* This function *must* be atomic for the I_DIRTY_PAGES case -
|
|
|
|
* set_page_dirty() is called under spinlock in several places.
|
|
|
|
*
|
|
|
|
* Note that for blockdevs, inode->dirtied_when represents the dirtying time of
|
|
|
|
* the block-special inode (/dev/hda1) itself. And the ->dirtied_when field of
|
|
|
|
* the kernel-internal blockdev inode represents the dirtying time of the
|
|
|
|
* blockdev's pages. This is why for I_DIRTY_PAGES we always use
|
|
|
|
* page->mapping->host, so the page-dirtying time is recorded in the internal
|
|
|
|
* blockdev inode.
|
|
|
|
*/
|
|
|
|
void __mark_inode_dirty(struct inode *inode, int flags)
|
|
|
|
{
|
|
|
|
struct super_block *sb = inode->i_sb;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Don't do this for I_DIRTY_PAGES - that doesn't actually
|
|
|
|
* dirty the inode itself
|
|
|
|
*/
|
|
|
|
if (flags & (I_DIRTY_SYNC | I_DIRTY_DATASYNC)) {
|
|
|
|
if (sb->s_op->dirty_inode)
|
|
|
|
sb->s_op->dirty_inode(inode);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* make sure that changes are seen by all cpus before we test i_state
|
|
|
|
* -- mikulas
|
|
|
|
*/
|
|
|
|
smp_mb();
|
|
|
|
|
|
|
|
/* avoid the locking if we can */
|
|
|
|
if ((inode->i_state & flags) == flags)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (unlikely(block_dump))
|
|
|
|
block_dump___mark_inode_dirty(inode);
|
|
|
|
|
|
|
|
spin_lock(&inode_lock);
|
|
|
|
if ((inode->i_state & flags) != flags) {
|
|
|
|
const int was_dirty = inode->i_state & I_DIRTY;
|
|
|
|
|
|
|
|
inode->i_state |= flags;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the inode is being synced, just update its dirty state.
|
|
|
|
* The unlocker will place the inode on the appropriate
|
|
|
|
* superblock list, based upon its state.
|
|
|
|
*/
|
|
|
|
if (inode->i_state & I_SYNC)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Only add valid (hashed) inodes to the superblock's
|
|
|
|
* dirty list. Add blockdev inodes as well.
|
|
|
|
*/
|
|
|
|
if (!S_ISBLK(inode->i_mode)) {
|
|
|
|
if (hlist_unhashed(&inode->i_hash))
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if (inode->i_state & (I_FREEING|I_CLEAR))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the inode was already on s_dirty/s_io/s_more_io, don't
|
|
|
|
* reposition it (that would break s_dirty time-ordering).
|
|
|
|
*/
|
|
|
|
if (!was_dirty) {
|
|
|
|
inode->dirtied_when = jiffies;
|
|
|
|
list_move(&inode->i_list, &sb->s_dirty);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
spin_unlock(&inode_lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
EXPORT_SYMBOL(__mark_inode_dirty);
|
|
|
|
|
|
|
|
static int write_inode(struct inode *inode, int sync)
|
|
|
|
{
|
|
|
|
if (inode->i_sb->s_op->write_inode && !is_bad_inode(inode))
|
|
|
|
return inode->i_sb->s_op->write_inode(inode, sync);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Redirty an inode: set its when-it-was dirtied timestamp and move it to the
|
|
|
|
* furthest end of its superblock's dirty-inode list.
|
|
|
|
*
|
|
|
|
* Before stamping the inode's ->dirtied_when, we check to see whether it is
|
|
|
|
* already the most-recently-dirtied inode on the s_dirty list. If that is
|
|
|
|
* the case then the inode must have been redirtied while it was being written
|
|
|
|
* out and we don't reset its dirtied_when.
|
|
|
|
*/
|
|
|
|
static void redirty_tail(struct inode *inode)
|
|
|
|
{
|
|
|
|
struct super_block *sb = inode->i_sb;
|
|
|
|
|
|
|
|
if (!list_empty(&sb->s_dirty)) {
|
|
|
|
struct inode *tail_inode;
|
|
|
|
|
|
|
|
tail_inode = list_entry(sb->s_dirty.next, struct inode, i_list);
|
|
|
|
if (time_before(inode->dirtied_when,
|
|
|
|
tail_inode->dirtied_when))
|
|
|
|
inode->dirtied_when = jiffies;
|
|
|
|
}
|
|
|
|
list_move(&inode->i_list, &sb->s_dirty);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* requeue inode for re-scanning after sb->s_io list is exhausted.
|
|
|
|
*/
|
|
|
|
static void requeue_io(struct inode *inode)
|
|
|
|
{
|
|
|
|
list_move(&inode->i_list, &inode->i_sb->s_more_io);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void inode_sync_complete(struct inode *inode)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Prevent speculative execution through spin_unlock(&inode_lock);
|
|
|
|
*/
|
|
|
|
smp_mb();
|
|
|
|
wake_up_bit(&inode->i_state, __I_SYNC);
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool inode_dirtied_after(struct inode *inode, unsigned long t)
|
|
|
|
{
|
|
|
|
bool ret = time_after(inode->dirtied_when, t);
|
|
|
|
#ifndef CONFIG_64BIT
|
|
|
|
/*
|
|
|
|
* For inodes being constantly redirtied, dirtied_when can get stuck.
|
|
|
|
* It _appears_ to be in the future, but is actually in distant past.
|
|
|
|
* This test is necessary to prevent such wrapped-around relative times
|
|
|
|
* from permanently stopping the whole pdflush writeback.
|
|
|
|
*/
|
|
|
|
ret = ret && time_before_eq(inode->dirtied_when, jiffies);
|
|
|
|
#endif
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Move expired dirty inodes from @delaying_queue to @dispatch_queue.
|
|
|
|
*/
|
|
|
|
static void move_expired_inodes(struct list_head *delaying_queue,
|
|
|
|
struct list_head *dispatch_queue,
|
|
|
|
unsigned long *older_than_this)
|
|
|
|
{
|
|
|
|
while (!list_empty(delaying_queue)) {
|
|
|
|
struct inode *inode = list_entry(delaying_queue->prev,
|
|
|
|
struct inode, i_list);
|
|
|
|
if (older_than_this &&
|
|
|
|
inode_dirtied_after(inode, *older_than_this))
|
|
|
|
break;
|
|
|
|
list_move(&inode->i_list, dispatch_queue);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Queue all expired dirty inodes for io, eldest first.
|
|
|
|
*/
|
|
|
|
static void queue_io(struct super_block *sb,
|
|
|
|
unsigned long *older_than_this)
|
|
|
|
{
|
|
|
|
list_splice_init(&sb->s_more_io, sb->s_io.prev);
|
|
|
|
move_expired_inodes(&sb->s_dirty, &sb->s_io, older_than_this);
|
|
|
|
}
|
|
|
|
|
|
|
|
int sb_has_dirty_inodes(struct super_block *sb)
|
|
|
|
{
|
|
|
|
return !list_empty(&sb->s_dirty) ||
|
|
|
|
!list_empty(&sb->s_io) ||
|
|
|
|
!list_empty(&sb->s_more_io);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(sb_has_dirty_inodes);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Write a single inode's dirty pages and inode data out to disk.
|
|
|
|
* If `wait' is set, wait on the writeout.
|
|
|
|
*
|
|
|
|
* The whole writeout design is quite complex and fragile. We want to avoid
|
|
|
|
* starvation of particular inodes when others are being redirtied, prevent
|
|
|
|
* livelocks, etc.
|
|
|
|
*
|
|
|
|
* Called under inode_lock.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
__sync_single_inode(struct inode *inode, struct writeback_control *wbc)
|
|
|
|
{
|
|
|
|
unsigned dirty;
|
|
|
|
struct address_space *mapping = inode->i_mapping;
|
|
|
|
int wait = wbc->sync_mode == WB_SYNC_ALL;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
BUG_ON(inode->i_state & I_SYNC);
|
|
|
|
|
|
|
|
/* Set I_SYNC, reset I_DIRTY */
|
|
|
|
dirty = inode->i_state & I_DIRTY;
|
|
|
|
inode->i_state |= I_SYNC;
|
|
|
|
inode->i_state &= ~I_DIRTY;
|
|
|
|
|
|
|
|
spin_unlock(&inode_lock);
|
|
|
|
|
|
|
|
ret = do_writepages(mapping, wbc);
|
|
|
|
|
|
|
|
/* Don't write the inode if only I_DIRTY_PAGES was set */
|
|
|
|
if (dirty & (I_DIRTY_SYNC | I_DIRTY_DATASYNC)) {
|
|
|
|
int err = write_inode(inode, wait);
|
|
|
|
if (ret == 0)
|
|
|
|
ret = err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (wait) {
|
|
|
|
int err = filemap_fdatawait(mapping);
|
|
|
|
if (ret == 0)
|
|
|
|
ret = err;
|
|
|
|
}
|
|
|
|
|
|
|
|
spin_lock(&inode_lock);
|
|
|
|
inode->i_state &= ~I_SYNC;
|
|
|
|
if (!(inode->i_state & (I_FREEING | I_CLEAR))) {
|
|
|
|
if (!(inode->i_state & I_DIRTY) &&
|
|
|
|
mapping_tagged(mapping, PAGECACHE_TAG_DIRTY)) {
|
|
|
|
/*
|
|
|
|
* We didn't write back all the pages. nfs_writepages()
|
|
|
|
* sometimes bales out without doing anything. Redirty
|
|
|
|
* the inode; Move it from s_io onto s_more_io/s_dirty.
|
|
|
|
*/
|
|
|
|
/*
|
|
|
|
* akpm: if the caller was the kupdate function we put
|
|
|
|
* this inode at the head of s_dirty so it gets first
|
|
|
|
* consideration. Otherwise, move it to the tail, for
|
|
|
|
* the reasons described there. I'm not really sure
|
|
|
|
* how much sense this makes. Presumably I had a good
|
|
|
|
* reasons for doing it this way, and I'd rather not
|
|
|
|
* muck with it at present.
|
|
|
|
*/
|
|
|
|
if (wbc->for_kupdate) {
|
|
|
|
/*
|
|
|
|
* For the kupdate function we move the inode
|
|
|
|
* to s_more_io so it will get more writeout as
|
|
|
|
* soon as the queue becomes uncongested.
|
|
|
|
*/
|
|
|
|
inode->i_state |= I_DIRTY_PAGES;
|
writeback: speed up writeback of big dirty files
After making dirty a 100M file, the normal behavior is to start the
writeback for all data after 30s delays. But sometimes the following
happens instead:
- after 30s: ~4M
- after 5s: ~4M
- after 5s: all remaining 92M
Some analyze shows that the internal io dispatch queues goes like this:
s_io s_more_io
-------------------------
1) 100M,1K 0
2) 1K 96M
3) 0 96M
1) initial state with a 100M file and a 1K file
2) 4M written, nr_to_write <= 0, so write more
3) 1K written, nr_to_write > 0, no more writes(BUG)
nr_to_write > 0 in (3) fools the upper layer to think that data have all
been written out. The big dirty file is actually still sitting in
s_more_io. We cannot simply splice s_more_io back to s_io as soon as s_io
becomes empty, and let the loop in generic_sync_sb_inodes() continue: this
may starve newly expired inodes in s_dirty. It is also not an option to
draw inodes from both s_more_io and s_dirty, an let the loop go on: this
might lead to live locks, and might also starve other superblocks in sync
time(well kupdate may still starve some superblocks, that's another bug).
We have to return when a full scan of s_io completes. So nr_to_write > 0
does not necessarily mean that "all data are written". This patch
introduces a flag writeback_control.more_io to indicate that more io should
be done. With it the big dirty file no longer has to wait for the next
kupdate invokation 5s later.
In sync_sb_inodes() we only set more_io on super_blocks we actually
visited. This avoids the interaction between two pdflush deamons.
Also in __sync_single_inode() we don't blindly keep requeuing the io if the
filesystem cannot progress. Failing to do so may lead to 100% iowait.
Tested-by: Mike Snitzer <snitzer@gmail.com>
Signed-off-by: Fengguang Wu <wfg@mail.ustc.edu.cn>
Cc: Michael Rubin <mrubin@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago
|
|
|
if (wbc->nr_to_write <= 0) {
|
|
|
|
/*
|
|
|
|
* slice used up: queue for next turn
|
|
|
|
*/
|
|
|
|
requeue_io(inode);
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* somehow blocked: retry later
|
|
|
|
*/
|
|
|
|
redirty_tail(inode);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Otherwise fully redirty the inode so that
|
|
|
|
* other inodes on this superblock will get some
|
|
|
|
* writeout. Otherwise heavy writing to one
|
|
|
|
* file would indefinitely suspend writeout of
|
|
|
|
* all the other files.
|
|
|
|
*/
|
|
|
|
inode->i_state |= I_DIRTY_PAGES;
|
|
|
|
redirty_tail(inode);
|
|
|
|
}
|
|
|
|
} else if (inode->i_state & I_DIRTY) {
|
|
|
|
/*
|
|
|
|
* Someone redirtied the inode while were writing back
|
|
|
|
* the pages.
|
|
|
|
*/
|
|
|
|
redirty_tail(inode);
|
|
|
|
} else if (atomic_read(&inode->i_count)) {
|
|
|
|
/*
|
|
|
|
* The inode is clean, inuse
|
|
|
|
*/
|
|
|
|
list_move(&inode->i_list, &inode_in_use);
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* The inode is clean, unused
|
|
|
|
*/
|
|
|
|
list_move(&inode->i_list, &inode_unused);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
inode_sync_complete(inode);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
[PATCH] fix nr_unused accounting, and avoid recursing in iput with I_WILL_FREE set
list_move(&inode->i_list, &inode_in_use);
} else {
list_move(&inode->i_list, &inode_unused);
+ inodes_stat.nr_unused++;
}
}
wake_up_inode(inode);
Are you sure the above diff is correct? It was added somewhere between
2.6.5 and 2.6.8. I think it's wrong.
The only way I can imagine the i_count to be zero in the above path, is
that I_WILL_FREE is set. And if I_WILL_FREE is set, then we must not
increase nr_unused. So I believe the above change is buggy and it will
definitely overstate the number of unused inodes and it should be backed
out.
Note that __writeback_single_inode before calling __sync_single_inode, can
drop the spinlock and we can have both the dirty and locked bitflags clear
here:
spin_unlock(&inode_lock);
__wait_on_inode(inode);
iput(inode);
XXXXXXX
spin_lock(&inode_lock);
}
use inode again here
a construct like the above makes zero sense from a reference counting
standpoint.
Either we don't ever use the inode again after the iput, or the
inode_lock should be taken _before_ executing the iput (i.e. a __iput
would be required). Taking the inode_lock after iput means the iget was
useless if we keep using the inode after the iput.
So the only chance the 2.6 was safe to call __writeback_single_inode
with the i_count == 0, is that I_WILL_FREE is set (I_WILL_FREE will
prevent the VM to free the inode in XXXXX).
Potentially calling the above iput with I_WILL_FREE was also wrong
because it would recurse in iput_final (the second mainline bug).
The below (untested) patch fixes the nr_unused accounting, avoids recursing
in iput when I_WILL_FREE is set and makes sure (with the BUG_ON) that we
don't corrupt memory and that all holders that don't set I_WILL_FREE, keeps
a reference on the inode!
Signed-off-by: Andrea Arcangeli <andrea@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
20 years ago
|
|
|
* Write out an inode's dirty pages. Called under inode_lock. Either the
|
|
|
|
* caller has ref on the inode (either via __iget or via syscall against an fd)
|
|
|
|
* or the inode has I_WILL_FREE set (via generic_forget_inode)
|
|
|
|
*/
|
|
|
|
static int
|
[PATCH] fix nr_unused accounting, and avoid recursing in iput with I_WILL_FREE set
list_move(&inode->i_list, &inode_in_use);
} else {
list_move(&inode->i_list, &inode_unused);
+ inodes_stat.nr_unused++;
}
}
wake_up_inode(inode);
Are you sure the above diff is correct? It was added somewhere between
2.6.5 and 2.6.8. I think it's wrong.
The only way I can imagine the i_count to be zero in the above path, is
that I_WILL_FREE is set. And if I_WILL_FREE is set, then we must not
increase nr_unused. So I believe the above change is buggy and it will
definitely overstate the number of unused inodes and it should be backed
out.
Note that __writeback_single_inode before calling __sync_single_inode, can
drop the spinlock and we can have both the dirty and locked bitflags clear
here:
spin_unlock(&inode_lock);
__wait_on_inode(inode);
iput(inode);
XXXXXXX
spin_lock(&inode_lock);
}
use inode again here
a construct like the above makes zero sense from a reference counting
standpoint.
Either we don't ever use the inode again after the iput, or the
inode_lock should be taken _before_ executing the iput (i.e. a __iput
would be required). Taking the inode_lock after iput means the iget was
useless if we keep using the inode after the iput.
So the only chance the 2.6 was safe to call __writeback_single_inode
with the i_count == 0, is that I_WILL_FREE is set (I_WILL_FREE will
prevent the VM to free the inode in XXXXX).
Potentially calling the above iput with I_WILL_FREE was also wrong
because it would recurse in iput_final (the second mainline bug).
The below (untested) patch fixes the nr_unused accounting, avoids recursing
in iput when I_WILL_FREE is set and makes sure (with the BUG_ON) that we
don't corrupt memory and that all holders that don't set I_WILL_FREE, keeps
a reference on the inode!
Signed-off-by: Andrea Arcangeli <andrea@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
20 years ago
|
|
|
__writeback_single_inode(struct inode *inode, struct writeback_control *wbc)
|
|
|
|
{
|
|
|
|
wait_queue_head_t *wqh;
|
|
|
|
|
[PATCH] fix nr_unused accounting, and avoid recursing in iput with I_WILL_FREE set
list_move(&inode->i_list, &inode_in_use);
} else {
list_move(&inode->i_list, &inode_unused);
+ inodes_stat.nr_unused++;
}
}
wake_up_inode(inode);
Are you sure the above diff is correct? It was added somewhere between
2.6.5 and 2.6.8. I think it's wrong.
The only way I can imagine the i_count to be zero in the above path, is
that I_WILL_FREE is set. And if I_WILL_FREE is set, then we must not
increase nr_unused. So I believe the above change is buggy and it will
definitely overstate the number of unused inodes and it should be backed
out.
Note that __writeback_single_inode before calling __sync_single_inode, can
drop the spinlock and we can have both the dirty and locked bitflags clear
here:
spin_unlock(&inode_lock);
__wait_on_inode(inode);
iput(inode);
XXXXXXX
spin_lock(&inode_lock);
}
use inode again here
a construct like the above makes zero sense from a reference counting
standpoint.
Either we don't ever use the inode again after the iput, or the
inode_lock should be taken _before_ executing the iput (i.e. a __iput
would be required). Taking the inode_lock after iput means the iget was
useless if we keep using the inode after the iput.
So the only chance the 2.6 was safe to call __writeback_single_inode
with the i_count == 0, is that I_WILL_FREE is set (I_WILL_FREE will
prevent the VM to free the inode in XXXXX).
Potentially calling the above iput with I_WILL_FREE was also wrong
because it would recurse in iput_final (the second mainline bug).
The below (untested) patch fixes the nr_unused accounting, avoids recursing
in iput when I_WILL_FREE is set and makes sure (with the BUG_ON) that we
don't corrupt memory and that all holders that don't set I_WILL_FREE, keeps
a reference on the inode!
Signed-off-by: Andrea Arcangeli <andrea@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
20 years ago
|
|
|
if (!atomic_read(&inode->i_count))
|
|
|
|
WARN_ON(!(inode->i_state & (I_WILL_FREE|I_FREEING)));
|
[PATCH] fix nr_unused accounting, and avoid recursing in iput with I_WILL_FREE set
list_move(&inode->i_list, &inode_in_use);
} else {
list_move(&inode->i_list, &inode_unused);
+ inodes_stat.nr_unused++;
}
}
wake_up_inode(inode);
Are you sure the above diff is correct? It was added somewhere between
2.6.5 and 2.6.8. I think it's wrong.
The only way I can imagine the i_count to be zero in the above path, is
that I_WILL_FREE is set. And if I_WILL_FREE is set, then we must not
increase nr_unused. So I believe the above change is buggy and it will
definitely overstate the number of unused inodes and it should be backed
out.
Note that __writeback_single_inode before calling __sync_single_inode, can
drop the spinlock and we can have both the dirty and locked bitflags clear
here:
spin_unlock(&inode_lock);
__wait_on_inode(inode);
iput(inode);
XXXXXXX
spin_lock(&inode_lock);
}
use inode again here
a construct like the above makes zero sense from a reference counting
standpoint.
Either we don't ever use the inode again after the iput, or the
inode_lock should be taken _before_ executing the iput (i.e. a __iput
would be required). Taking the inode_lock after iput means the iget was
useless if we keep using the inode after the iput.
So the only chance the 2.6 was safe to call __writeback_single_inode
with the i_count == 0, is that I_WILL_FREE is set (I_WILL_FREE will
prevent the VM to free the inode in XXXXX).
Potentially calling the above iput with I_WILL_FREE was also wrong
because it would recurse in iput_final (the second mainline bug).
The below (untested) patch fixes the nr_unused accounting, avoids recursing
in iput when I_WILL_FREE is set and makes sure (with the BUG_ON) that we
don't corrupt memory and that all holders that don't set I_WILL_FREE, keeps
a reference on the inode!
Signed-off-by: Andrea Arcangeli <andrea@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
20 years ago
|
|
|
else
|
|
|
|
WARN_ON(inode->i_state & I_WILL_FREE);
|
|
|
|
|
|
|
|
if ((wbc->sync_mode != WB_SYNC_ALL) && (inode->i_state & I_SYNC)) {
|
|
|
|
/*
|
|
|
|
* We're skipping this inode because it's locked, and we're not
|
|
|
|
* doing writeback-for-data-integrity. Move it to s_more_io so
|
|
|
|
* that writeback can proceed with the other inodes on s_io.
|
|
|
|
* We'll have another go at writing back this inode when we
|
|
|
|
* completed a full scan of s_io.
|
|
|
|
*/
|
|
|
|
requeue_io(inode);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* It's a data-integrity sync. We must wait.
|
|
|
|
*/
|
|
|
|
if (inode->i_state & I_SYNC) {
|
|
|
|
DEFINE_WAIT_BIT(wq, &inode->i_state, __I_SYNC);
|
|
|
|
|
|
|
|
wqh = bit_waitqueue(&inode->i_state, __I_SYNC);
|
|
|
|
do {
|
|
|
|
spin_unlock(&inode_lock);
|
|
|
|
__wait_on_bit(wqh, &wq, inode_wait,
|
|
|
|
TASK_UNINTERRUPTIBLE);
|
|
|
|
spin_lock(&inode_lock);
|
|
|
|
} while (inode->i_state & I_SYNC);
|
|
|
|
}
|
|
|
|
return __sync_single_inode(inode, wbc);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Write out a superblock's list of dirty inodes. A wait will be performed
|
|
|
|
* upon no inodes, all inodes or the final one, depending upon sync_mode.
|
|
|
|
*
|
|
|
|
* If older_than_this is non-NULL, then only write out inodes which
|
|
|
|
* had their first dirtying at a time earlier than *older_than_this.
|
|
|
|
*
|
|
|
|
* If we're a pdflush thread, then implement pdflush collision avoidance
|
|
|
|
* against the entire list.
|
|
|
|
*
|
|
|
|
* If `bdi' is non-zero then we're being asked to writeback a specific queue.
|
|
|
|
* This function assumes that the blockdev superblock's inodes are backed by
|
|
|
|
* a variety of queues, so all inodes are searched. For other superblocks,
|
|
|
|
* assume that all inodes are backed by the same queue.
|
|
|
|
*
|
|
|
|
* FIXME: this linear search could get expensive with many fileystems. But
|
|
|
|
* how to fix? We need to go from an address_space to all inodes which share
|
|
|
|
* a queue with that address_space. (Easy: have a global "dirty superblocks"
|
|
|
|
* list).
|
|
|
|
*
|
|
|
|
* The inodes to be written are parked on sb->s_io. They are moved back onto
|
|
|
|
* sb->s_dirty as they are selected for writing. This way, none can be missed
|
|
|
|
* on the writer throttling path, and we get decent balancing between many
|
|
|
|
* throttled threads: we don't want them all piling up on inode_sync_wait.
|
|
|
|
*/
|
|
|
|
void generic_sync_sb_inodes(struct super_block *sb,
|
|
|
|
struct writeback_control *wbc)
|
|
|
|
{
|
|
|
|
const unsigned long start = jiffies; /* livelock avoidance */
|
|
|
|
int sync = wbc->sync_mode == WB_SYNC_ALL;
|
|
|
|
|
|
|
|
spin_lock(&inode_lock);
|
|
|
|
if (!wbc->for_kupdate || list_empty(&sb->s_io))
|
|
|
|
queue_io(sb, wbc->older_than_this);
|
|
|
|
|
|
|
|
while (!list_empty(&sb->s_io)) {
|
|
|
|
struct inode *inode = list_entry(sb->s_io.prev,
|
|
|
|
struct inode, i_list);
|
|
|
|
struct address_space *mapping = inode->i_mapping;
|
|
|
|
struct backing_dev_info *bdi = mapping->backing_dev_info;
|
|
|
|
long pages_skipped;
|
|
|
|
|
|
|
|
if (!bdi_cap_writeback_dirty(bdi)) {
|
|
|
|
redirty_tail(inode);
|
|
|
|
if (sb_is_blkdev_sb(sb)) {
|
|
|
|
/*
|
|
|
|
* Dirty memory-backed blockdev: the ramdisk
|
|
|
|
* driver does this. Skip just this inode
|
|
|
|
*/
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* Dirty memory-backed inode against a filesystem other
|
|
|
|
* than the kernel-internal bdev filesystem. Skip the
|
|
|
|
* entire superblock.
|
|
|
|
*/
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (inode->i_state & (I_NEW | I_WILL_FREE)) {
|
fs: new inode i_state corruption fix
There was a report of a data corruption
http://lkml.org/lkml/2008/11/14/121. There is a script included to
reproduce the problem.
During testing, I encountered a number of strange things with ext3, so I
tried ext2 to attempt to reduce complexity of the problem. I found that
fsstress would quickly hang in wait_on_inode, waiting for I_LOCK to be
cleared, even though instrumentation showed that unlock_new_inode had
already been called for that inode. This points to memory scribble, or
synchronisation problme.
i_state of I_NEW inodes is not protected by inode_lock because other
processes are not supposed to touch them until I_LOCK (and I_NEW) is
cleared. Adding WARN_ON(inode->i_state & I_NEW) to sites where we modify
i_state revealed that generic_sync_sb_inodes is picking up new inodes from
the inode lists and passing them to __writeback_single_inode without
waiting for I_NEW. Subsequently modifying i_state causes corruption. In
my case it would look like this:
CPU0 CPU1
unlock_new_inode() __sync_single_inode()
reg <- inode->i_state
reg -> reg & ~(I_LOCK|I_NEW) reg <- inode->i_state
reg -> inode->i_state reg -> reg | I_SYNC
reg -> inode->i_state
Non-atomic RMW on CPU1 overwrites CPU0 store and sets I_LOCK|I_NEW again.
Fix for this is rather than wait for I_NEW inodes, just skip over them:
inodes concurrently being created are not subject to data integrity
operations, and should not significantly contribute to dirty memory
either.
After this change, I'm unable to reproduce any of the added warnings or
hangs after ~1hour of running. Previously, the new warnings would start
immediately and hang would happen in under 5 minutes.
I'm also testing on ext3 now, and so far no problems there either. I
don't know whether this fixes the problem reported above, but it fixes a
real problem for me.
Cc: "Jorge Boncompte [DTI2]" <jorge@dti2.net>
Reported-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
Cc: Jan Kara <jack@suse.cz>
Cc: <stable@kernel.org>
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years ago
|
|
|
requeue_io(inode);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (wbc->nonblocking && bdi_write_congested(bdi)) {
|
|
|
|
wbc->encountered_congestion = 1;
|
|
|
|
if (!sb_is_blkdev_sb(sb))
|
|
|
|
break; /* Skip a congested fs */
|
|
|
|
requeue_io(inode);
|
|
|
|
continue; /* Skip a congested blockdev */
|
|
|
|
}
|
|
|
|
|
|
|
|
if (wbc->bdi && bdi != wbc->bdi) {
|
|
|
|
if (!sb_is_blkdev_sb(sb))
|
|
|
|
break; /* fs has the wrong queue */
|
|
|
|
requeue_io(inode);
|
|
|
|
continue; /* blockdev has wrong queue */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Was this inode dirtied after sync_sb_inodes was called?
|
|
|
|
* This keeps sync from extra jobs and livelock.
|
|
|
|
*/
|
|
|
|
if (inode_dirtied_after(inode, start))
|
|
|
|
break;
|
|
|
|
|
|
|
|
/* Is another pdflush already flushing this queue? */
|
|
|
|
if (current_is_pdflush() && !writeback_acquire(bdi))
|
|
|
|
break;
|
|
|
|
|
|
|
|
BUG_ON(inode->i_state & (I_FREEING | I_CLEAR));
|
|
|
|
__iget(inode);
|
|
|
|
pages_skipped = wbc->pages_skipped;
|
|
|
|
__writeback_single_inode(inode, wbc);
|
|
|
|
if (current_is_pdflush())
|
|
|
|
writeback_release(bdi);
|
|
|
|
if (wbc->pages_skipped != pages_skipped) {
|
|
|
|
/*
|
|
|
|
* writeback is not making progress due to locked
|
|
|
|
* buffers. Skip this inode for now.
|
|
|
|
*/
|
writeback: fix time ordering of the per superblock dirty inode lists 3
While writeback is working against a dirty inode it does a check after trying
to write some of the inode's pages:
"did the lower layers skip some of the inode's dirty pages because they were
locked (or under writeback, or whatever)"
If this turns out to be true, we must move the inode back onto s_dirty and
redirty it. The reason for doing this is that fsync() and friends only check
the s_dirty list, and those functions want to know about those pages which
were locked, so they can be waited upon and, if necessary, rewritten.
Problem is, that redirtying was putting the inode onto the tail of s_dirty
without updating its timestamp. This causes a violation of s_dirty ordering.
Fix this by updating inode->dirtied_when when moving the inode onto s_dirty.
But the code is still a bit buggy? If the inode was _already_ dirty then we
don't need to move it at all. Oh well, hopefully it doesn't matter too much,
as that was a redirtying, which was very recent anwyay.
Cc: Mike Waychison <mikew@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
18 years ago
|
|
|
redirty_tail(inode);
|
|
|
|
}
|
|
|
|
spin_unlock(&inode_lock);
|
|
|
|
iput(inode);
|
|
|
|
cond_resched();
|
|
|
|
spin_lock(&inode_lock);
|
writeback: speed up writeback of big dirty files
After making dirty a 100M file, the normal behavior is to start the
writeback for all data after 30s delays. But sometimes the following
happens instead:
- after 30s: ~4M
- after 5s: ~4M
- after 5s: all remaining 92M
Some analyze shows that the internal io dispatch queues goes like this:
s_io s_more_io
-------------------------
1) 100M,1K 0
2) 1K 96M
3) 0 96M
1) initial state with a 100M file and a 1K file
2) 4M written, nr_to_write <= 0, so write more
3) 1K written, nr_to_write > 0, no more writes(BUG)
nr_to_write > 0 in (3) fools the upper layer to think that data have all
been written out. The big dirty file is actually still sitting in
s_more_io. We cannot simply splice s_more_io back to s_io as soon as s_io
becomes empty, and let the loop in generic_sync_sb_inodes() continue: this
may starve newly expired inodes in s_dirty. It is also not an option to
draw inodes from both s_more_io and s_dirty, an let the loop go on: this
might lead to live locks, and might also starve other superblocks in sync
time(well kupdate may still starve some superblocks, that's another bug).
We have to return when a full scan of s_io completes. So nr_to_write > 0
does not necessarily mean that "all data are written". This patch
introduces a flag writeback_control.more_io to indicate that more io should
be done. With it the big dirty file no longer has to wait for the next
kupdate invokation 5s later.
In sync_sb_inodes() we only set more_io on super_blocks we actually
visited. This avoids the interaction between two pdflush deamons.
Also in __sync_single_inode() we don't blindly keep requeuing the io if the
filesystem cannot progress. Failing to do so may lead to 100% iowait.
Tested-by: Mike Snitzer <snitzer@gmail.com>
Signed-off-by: Fengguang Wu <wfg@mail.ustc.edu.cn>
Cc: Michael Rubin <mrubin@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago
|
|
|
if (wbc->nr_to_write <= 0) {
|
|
|
|
wbc->more_io = 1;
|
|
|
|
break;
|
writeback: speed up writeback of big dirty files
After making dirty a 100M file, the normal behavior is to start the
writeback for all data after 30s delays. But sometimes the following
happens instead:
- after 30s: ~4M
- after 5s: ~4M
- after 5s: all remaining 92M
Some analyze shows that the internal io dispatch queues goes like this:
s_io s_more_io
-------------------------
1) 100M,1K 0
2) 1K 96M
3) 0 96M
1) initial state with a 100M file and a 1K file
2) 4M written, nr_to_write <= 0, so write more
3) 1K written, nr_to_write > 0, no more writes(BUG)
nr_to_write > 0 in (3) fools the upper layer to think that data have all
been written out. The big dirty file is actually still sitting in
s_more_io. We cannot simply splice s_more_io back to s_io as soon as s_io
becomes empty, and let the loop in generic_sync_sb_inodes() continue: this
may starve newly expired inodes in s_dirty. It is also not an option to
draw inodes from both s_more_io and s_dirty, an let the loop go on: this
might lead to live locks, and might also starve other superblocks in sync
time(well kupdate may still starve some superblocks, that's another bug).
We have to return when a full scan of s_io completes. So nr_to_write > 0
does not necessarily mean that "all data are written". This patch
introduces a flag writeback_control.more_io to indicate that more io should
be done. With it the big dirty file no longer has to wait for the next
kupdate invokation 5s later.
In sync_sb_inodes() we only set more_io on super_blocks we actually
visited. This avoids the interaction between two pdflush deamons.
Also in __sync_single_inode() we don't blindly keep requeuing the io if the
filesystem cannot progress. Failing to do so may lead to 100% iowait.
Tested-by: Mike Snitzer <snitzer@gmail.com>
Signed-off-by: Fengguang Wu <wfg@mail.ustc.edu.cn>
Cc: Michael Rubin <mrubin@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years ago
|
|
|
}
|
|
|
|
if (!list_empty(&sb->s_more_io))
|
|
|
|
wbc->more_io = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sync) {
|
|
|
|
struct inode *inode, *old_inode = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Data integrity sync. Must wait for all pages under writeback,
|
|
|
|
* because there may have been pages dirtied before our sync
|
|
|
|
* call, but which had writeout started before we write it out.
|
|
|
|
* In which case, the inode may not be on the dirty list, but
|
|
|
|
* we still have to wait for that writeout.
|
|
|
|
*/
|
|
|
|
list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
|
|
|
|
struct address_space *mapping;
|
|
|
|
|
|
|
|
if (inode->i_state &
|
|
|
|
(I_FREEING|I_CLEAR|I_WILL_FREE|I_NEW))
|
|
|
|
continue;
|
|
|
|
mapping = inode->i_mapping;
|
|
|
|
if (mapping->nrpages == 0)
|
|
|
|
continue;
|
|
|
|
__iget(inode);
|
|
|
|
spin_unlock(&inode_lock);
|
|
|
|
/*
|
|
|
|
* We hold a reference to 'inode' so it couldn't have
|
|
|
|
* been removed from s_inodes list while we dropped the
|
|
|
|
* inode_lock. We cannot iput the inode now as we can
|
|
|
|
* be holding the last reference and we cannot iput it
|
|
|
|
* under inode_lock. So we keep the reference and iput
|
|
|
|
* it later.
|
|
|
|
*/
|
|
|
|
iput(old_inode);
|
|
|
|
old_inode = inode;
|
|
|
|
|
|
|
|
filemap_fdatawait(mapping);
|
|
|
|
|
|
|
|
cond_resched();
|
|
|
|
|
|
|
|
spin_lock(&inode_lock);
|
|
|
|
}
|
|
|
|
spin_unlock(&inode_lock);
|
|
|
|
iput(old_inode);
|
|
|
|
} else
|
|
|
|
spin_unlock(&inode_lock);
|
|
|
|
|
|
|
|
return; /* Leave any unwritten inodes on s_io */
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(generic_sync_sb_inodes);
|
|
|
|
|
|
|
|
static void sync_sb_inodes(struct super_block *sb,
|
|
|
|
struct writeback_control *wbc)
|
|
|
|
{
|
|
|
|
generic_sync_sb_inodes(sb, wbc);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Start writeback of dirty pagecache data against all unlocked inodes.
|
|
|
|
*
|
|
|
|
* Note:
|
|
|
|
* We don't need to grab a reference to superblock here. If it has non-empty
|
|
|
|
* ->s_dirty it's hadn't been killed yet and kill_super() won't proceed
|
|
|
|
* past sync_inodes_sb() until the ->s_dirty/s_io/s_more_io lists are all
|
|
|
|
* empty. Since __sync_single_inode() regains inode_lock before it finally moves
|
|
|
|
* inode from superblock lists we are OK.
|
|
|
|
*
|
|
|
|
* If `older_than_this' is non-zero then only flush inodes which have a
|
|
|
|
* flushtime older than *older_than_this.
|
|
|
|
*
|
|
|
|
* If `bdi' is non-zero then we will scan the first inode against each
|
|
|
|
* superblock until we find the matching ones. One group will be the dirty
|
|
|
|
* inodes against a filesystem. Then when we hit the dummy blockdev superblock,
|
|
|
|
* sync_sb_inodes will seekout the blockdev which matches `bdi'. Maybe not
|
|
|
|
* super-efficient but we're about to do a ton of I/O...
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
writeback_inodes(struct writeback_control *wbc)
|
|
|
|
{
|
|
|
|
struct super_block *sb;
|
|
|
|
|
|
|
|
might_sleep();
|
|
|
|
spin_lock(&sb_lock);
|
|
|
|
restart:
|
|
|
|
list_for_each_entry_reverse(sb, &super_blocks, s_list) {
|
|
|
|
if (sb_has_dirty_inodes(sb)) {
|
|
|
|
/* we're making our own get_super here */
|
|
|
|
sb->s_count++;
|
|
|
|
spin_unlock(&sb_lock);
|
|
|
|
/*
|
|
|
|
* If we can't get the readlock, there's no sense in
|
|
|
|
* waiting around, most of the time the FS is going to
|
|
|
|
* be unmounted by the time it is released.
|
|
|
|
*/
|
|
|
|
if (down_read_trylock(&sb->s_umount)) {
|
|
|
|
if (sb->s_root)
|
|
|
|
sync_sb_inodes(sb, wbc);
|
|
|
|
up_read(&sb->s_umount);
|
|
|
|
}
|
|
|
|
spin_lock(&sb_lock);
|
|
|
|
if (__put_super_and_need_restart(sb))
|
|
|
|
goto restart;
|
|
|
|
}
|
|
|
|
if (wbc->nr_to_write <= 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
spin_unlock(&sb_lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* writeback and wait upon the filesystem's dirty inodes. The caller will
|
fs: remove WB_SYNC_HOLD
Remove WB_SYNC_HOLD. The primary motiviation is the design of my
anti-starvation code for fsync. It requires taking an inode lock over the
sync operation, so we could run into lock ordering problems with multiple
inodes. It is possible to take a single global lock to solve the ordering
problem, but then that would prevent a future nice implementation of "sync
multiple inodes" based on lock order via inode address.
Seems like a backward step to remove this, but actually it is busted
anyway: we can't use the inode lists for data integrity wait: an inode can
be taken off the dirty lists but still be under writeback. In order to
satisfy data integrity semantics, we should wait for it to finish
writeback, but if we only search the dirty lists, we'll miss it.
It would be possible to have a "writeback" list, for sys_sync, I suppose.
But why complicate things by prematurely optimise? For unmounting, we
could avoid the "livelock avoidance" code, which would be easier, but
again premature IMO.
Fixing the existing data integrity problem will come next.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years ago
|
|
|
* do this in two passes - one to write, and one to wait.
|
|
|
|
*
|
|
|
|
* A finite limit is set on the number of pages which will be written.
|
|
|
|
* To prevent infinite livelock of sys_sync().
|
|
|
|
*
|
|
|
|
* We add in the number of potentially dirty inodes, because each inode write
|
|
|
|
* can dirty pagecache in the underlying blockdev.
|
|
|
|
*/
|
|
|
|
void sync_inodes_sb(struct super_block *sb, int wait)
|
|
|
|
{
|
|
|
|
struct writeback_control wbc = {
|
fs: remove WB_SYNC_HOLD
Remove WB_SYNC_HOLD. The primary motiviation is the design of my
anti-starvation code for fsync. It requires taking an inode lock over the
sync operation, so we could run into lock ordering problems with multiple
inodes. It is possible to take a single global lock to solve the ordering
problem, but then that would prevent a future nice implementation of "sync
multiple inodes" based on lock order via inode address.
Seems like a backward step to remove this, but actually it is busted
anyway: we can't use the inode lists for data integrity wait: an inode can
be taken off the dirty lists but still be under writeback. In order to
satisfy data integrity semantics, we should wait for it to finish
writeback, but if we only search the dirty lists, we'll miss it.
It would be possible to have a "writeback" list, for sys_sync, I suppose.
But why complicate things by prematurely optimise? For unmounting, we
could avoid the "livelock avoidance" code, which would be easier, but
again premature IMO.
Fixing the existing data integrity problem will come next.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years ago
|
|
|
.sync_mode = wait ? WB_SYNC_ALL : WB_SYNC_NONE,
|
[PATCH] writeback: fix range handling
When a writeback_control's `start' and `end' fields are used to
indicate a one-byte-range starting at file offset zero, the required
values of .start=0,.end=0 mean that the ->writepages() implementation
has no way of telling that it is being asked to perform a range
request. Because we're currently overloading (start == 0 && end == 0)
to mean "this is not a write-a-range request".
To make all this sane, the patch changes range of writeback_control.
So caller does: If it is calling ->writepages() to write pages, it
sets range (range_start/end or range_cyclic) always.
And if range_cyclic is true, ->writepages() thinks the range is
cyclic, otherwise it just uses range_start and range_end.
This patch does,
- Add LLONG_MAX, LLONG_MIN, ULLONG_MAX to include/linux/kernel.h
-1 is usually ok for range_end (type is long long). But, if someone did,
range_end += val; range_end is "val - 1"
u64val = range_end >> bits; u64val is "~(0ULL)"
or something, they are wrong. So, this adds LLONG_MAX to avoid nasty
things, and uses LLONG_MAX for range_end.
- All callers of ->writepages() sets range_start/end or range_cyclic.
- Fix updates of ->writeback_index. It seems already bit strange.
If it starts at 0 and ended by check of nr_to_write, this last
index may reduce chance to scan end of file. So, this updates
->writeback_index only if range_cyclic is true or whole-file is
scanned.
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Nathan Scott <nathans@sgi.com>
Cc: Anton Altaparmakov <aia21@cantab.net>
Cc: Steven French <sfrench@us.ibm.com>
Cc: "Vladimir V. Saveliev" <vs@namesys.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
19 years ago
|
|
|
.range_start = 0,
|
|
|
|
.range_end = LLONG_MAX,
|
|
|
|
};
|
|
|
|
|
|
|
|
if (!wait) {
|
|
|
|
unsigned long nr_dirty = global_page_state(NR_FILE_DIRTY);
|
|
|
|
unsigned long nr_unstable = global_page_state(NR_UNSTABLE_NFS);
|
|
|
|
|
|
|
|
wbc.nr_to_write = nr_dirty + nr_unstable +
|
|
|
|
(inodes_stat.nr_inodes - inodes_stat.nr_unused);
|
|
|
|
} else
|
|
|
|
wbc.nr_to_write = LONG_MAX; /* doesn't actually matter */
|
|
|
|
|
|
|
|
sync_sb_inodes(sb, &wbc);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
[PATCH] fix nr_unused accounting, and avoid recursing in iput with I_WILL_FREE set
list_move(&inode->i_list, &inode_in_use);
} else {
list_move(&inode->i_list, &inode_unused);
+ inodes_stat.nr_unused++;
}
}
wake_up_inode(inode);
Are you sure the above diff is correct? It was added somewhere between
2.6.5 and 2.6.8. I think it's wrong.
The only way I can imagine the i_count to be zero in the above path, is
that I_WILL_FREE is set. And if I_WILL_FREE is set, then we must not
increase nr_unused. So I believe the above change is buggy and it will
definitely overstate the number of unused inodes and it should be backed
out.
Note that __writeback_single_inode before calling __sync_single_inode, can
drop the spinlock and we can have both the dirty and locked bitflags clear
here:
spin_unlock(&inode_lock);
__wait_on_inode(inode);
iput(inode);
XXXXXXX
spin_lock(&inode_lock);
}
use inode again here
a construct like the above makes zero sense from a reference counting
standpoint.
Either we don't ever use the inode again after the iput, or the
inode_lock should be taken _before_ executing the iput (i.e. a __iput
would be required). Taking the inode_lock after iput means the iget was
useless if we keep using the inode after the iput.
So the only chance the 2.6 was safe to call __writeback_single_inode
with the i_count == 0, is that I_WILL_FREE is set (I_WILL_FREE will
prevent the VM to free the inode in XXXXX).
Potentially calling the above iput with I_WILL_FREE was also wrong
because it would recurse in iput_final (the second mainline bug).
The below (untested) patch fixes the nr_unused accounting, avoids recursing
in iput when I_WILL_FREE is set and makes sure (with the BUG_ON) that we
don't corrupt memory and that all holders that don't set I_WILL_FREE, keeps
a reference on the inode!
Signed-off-by: Andrea Arcangeli <andrea@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
20 years ago
|
|
|
* write_inode_now - write an inode to disk
|
|
|
|
* @inode: inode to write to disk
|
|
|
|
* @sync: whether the write should be synchronous or not
|
|
|
|
*
|
|
|
|
* This function commits an inode to disk immediately if it is dirty. This is
|
|
|
|
* primarily needed by knfsd.
|
|
|
|
*
|
[PATCH] fix nr_unused accounting, and avoid recursing in iput with I_WILL_FREE set
list_move(&inode->i_list, &inode_in_use);
} else {
list_move(&inode->i_list, &inode_unused);
+ inodes_stat.nr_unused++;
}
}
wake_up_inode(inode);
Are you sure the above diff is correct? It was added somewhere between
2.6.5 and 2.6.8. I think it's wrong.
The only way I can imagine the i_count to be zero in the above path, is
that I_WILL_FREE is set. And if I_WILL_FREE is set, then we must not
increase nr_unused. So I believe the above change is buggy and it will
definitely overstate the number of unused inodes and it should be backed
out.
Note that __writeback_single_inode before calling __sync_single_inode, can
drop the spinlock and we can have both the dirty and locked bitflags clear
here:
spin_unlock(&inode_lock);
__wait_on_inode(inode);
iput(inode);
XXXXXXX
spin_lock(&inode_lock);
}
use inode again here
a construct like the above makes zero sense from a reference counting
standpoint.
Either we don't ever use the inode again after the iput, or the
inode_lock should be taken _before_ executing the iput (i.e. a __iput
would be required). Taking the inode_lock after iput means the iget was
useless if we keep using the inode after the iput.
So the only chance the 2.6 was safe to call __writeback_single_inode
with the i_count == 0, is that I_WILL_FREE is set (I_WILL_FREE will
prevent the VM to free the inode in XXXXX).
Potentially calling the above iput with I_WILL_FREE was also wrong
because it would recurse in iput_final (the second mainline bug).
The below (untested) patch fixes the nr_unused accounting, avoids recursing
in iput when I_WILL_FREE is set and makes sure (with the BUG_ON) that we
don't corrupt memory and that all holders that don't set I_WILL_FREE, keeps
a reference on the inode!
Signed-off-by: Andrea Arcangeli <andrea@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
20 years ago
|
|
|
* The caller must either have a ref on the inode or must have set I_WILL_FREE.
|
|
|
|
*/
|
|
|
|
int write_inode_now(struct inode *inode, int sync)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
struct writeback_control wbc = {
|
|
|
|
.nr_to_write = LONG_MAX,
|
|
|
|
.sync_mode = sync ? WB_SYNC_ALL : WB_SYNC_NONE,
|
[PATCH] writeback: fix range handling
When a writeback_control's `start' and `end' fields are used to
indicate a one-byte-range starting at file offset zero, the required
values of .start=0,.end=0 mean that the ->writepages() implementation
has no way of telling that it is being asked to perform a range
request. Because we're currently overloading (start == 0 && end == 0)
to mean "this is not a write-a-range request".
To make all this sane, the patch changes range of writeback_control.
So caller does: If it is calling ->writepages() to write pages, it
sets range (range_start/end or range_cyclic) always.
And if range_cyclic is true, ->writepages() thinks the range is
cyclic, otherwise it just uses range_start and range_end.
This patch does,
- Add LLONG_MAX, LLONG_MIN, ULLONG_MAX to include/linux/kernel.h
-1 is usually ok for range_end (type is long long). But, if someone did,
range_end += val; range_end is "val - 1"
u64val = range_end >> bits; u64val is "~(0ULL)"
or something, they are wrong. So, this adds LLONG_MAX to avoid nasty
things, and uses LLONG_MAX for range_end.
- All callers of ->writepages() sets range_start/end or range_cyclic.
- Fix updates of ->writeback_index. It seems already bit strange.
If it starts at 0 and ended by check of nr_to_write, this last
index may reduce chance to scan end of file. So, this updates
->writeback_index only if range_cyclic is true or whole-file is
scanned.
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Nathan Scott <nathans@sgi.com>
Cc: Anton Altaparmakov <aia21@cantab.net>
Cc: Steven French <sfrench@us.ibm.com>
Cc: "Vladimir V. Saveliev" <vs@namesys.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
19 years ago
|
|
|
.range_start = 0,
|
|
|
|
.range_end = LLONG_MAX,
|
|
|
|
};
|
|
|
|
|
|
|
|
if (!mapping_cap_writeback_dirty(inode->i_mapping))
|
|
|
|
wbc.nr_to_write = 0;
|
|
|
|
|
|
|
|
might_sleep();
|
|
|
|
spin_lock(&inode_lock);
|
|
|
|
ret = __writeback_single_inode(inode, &wbc);
|
|
|
|
spin_unlock(&inode_lock);
|
|
|
|
if (sync)
|
|
|
|
inode_sync_wait(inode);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(write_inode_now);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* sync_inode - write an inode and its pages to disk.
|
|
|
|
* @inode: the inode to sync
|
|
|
|
* @wbc: controls the writeback mode
|
|
|
|
*
|
|
|
|
* sync_inode() will write an inode and its pages to disk. It will also
|
|
|
|
* correctly update the inode on its superblock's dirty inode lists and will
|
|
|
|
* update inode->i_state.
|
|
|
|
*
|
|
|
|
* The caller must have a ref on the inode.
|
|
|
|
*/
|
|
|
|
int sync_inode(struct inode *inode, struct writeback_control *wbc)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
spin_lock(&inode_lock);
|
|
|
|
ret = __writeback_single_inode(inode, wbc);
|
|
|
|
spin_unlock(&inode_lock);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(sync_inode);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* generic_osync_inode - flush all dirty data for a given inode to disk
|
|
|
|
* @inode: inode to write
|
|
|
|
* @mapping: the address_space that should be flushed
|
|
|
|
* @what: what to write and wait upon
|
|
|
|
*
|
|
|
|
* This can be called by file_write functions for files which have the
|
|
|
|
* O_SYNC flag set, to flush dirty writes to disk.
|
|
|
|
*
|
|
|
|
* @what is a bitmask, specifying which part of the inode's data should be
|
|
|
|
* written and waited upon.
|
|
|
|
*
|
|
|
|
* OSYNC_DATA: i_mapping's dirty data
|
|
|
|
* OSYNC_METADATA: the buffers at i_mapping->private_list
|
|
|
|
* OSYNC_INODE: the inode itself
|
|
|
|
*/
|
|
|
|
|
|
|
|
int generic_osync_inode(struct inode *inode, struct address_space *mapping, int what)
|
|
|
|
{
|
|
|
|
int err = 0;
|
|
|
|
int need_write_inode_now = 0;
|
|
|
|
int err2;
|
|
|
|
|
|
|
|
if (what & OSYNC_DATA)
|
|
|
|
err = filemap_fdatawrite(mapping);
|
|
|
|
if (what & (OSYNC_METADATA|OSYNC_DATA)) {
|
|
|
|
err2 = sync_mapping_buffers(mapping);
|
|
|
|
if (!err)
|
|
|
|
err = err2;
|
|
|
|
}
|
|
|
|
if (what & OSYNC_DATA) {
|
|
|
|
err2 = filemap_fdatawait(mapping);
|
|
|
|
if (!err)
|
|
|
|
err = err2;
|
|
|
|
}
|
|
|
|
|
|
|
|
spin_lock(&inode_lock);
|
|
|
|
if ((inode->i_state & I_DIRTY) &&
|
|
|
|
((what & OSYNC_INODE) || (inode->i_state & I_DIRTY_DATASYNC)))
|
|
|
|
need_write_inode_now = 1;
|
|
|
|
spin_unlock(&inode_lock);
|
|
|
|
|
|
|
|
if (need_write_inode_now) {
|
|
|
|
err2 = write_inode_now(inode, 1);
|
|
|
|
if (!err)
|
|
|
|
err = err2;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
inode_sync_wait(inode);
|
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(generic_osync_inode);
|