Commit 5accdf82 authored by Jan Kara's avatar Jan Kara Committed by Al Viro

fs: Improve filesystem freezing handling

vfs_check_frozen() tests are racy since the filesystem can be frozen just after
the test is performed. Thus in write paths we can end up marking some pages or
inodes dirty even though the file system is already frozen. This creates
problems with flusher thread hanging on frozen filesystem.

Another problem is that exclusion between ->page_mkwrite() and filesystem
freezing has been handled by setting page dirty and then verifying s_frozen.
This guaranteed that either the freezing code sees the faulted page, writes it,
and writeprotects it again or we see s_frozen set and bail out of page fault.
This works to protect from page being marked writeable while filesystem
freezing is running but has an unpleasant artefact of leaving dirty (although
unmodified and writeprotected) pages on frozen filesystem resulting in similar
problems with flusher thread as the first problem.

This patch aims at providing exclusion between write paths and filesystem
freezing. We implement a writer-freeze read-write semaphore in the superblock.
Actually, there are three such semaphores because of lock ranking reasons - one
for page fault handlers (->page_mkwrite), one for all other writers, and one of
internal filesystem purposes (used e.g. to track running transactions).  Write
paths which should block freezing (e.g. directory operations, ->aio_write(),
->page_mkwrite) hold reader side of the semaphore. Code freezing the filesystem
takes the writer side.

Only that we don't really want to bounce cachelines of the semaphores between
CPUs for each write happening. So we implement the reader side of the semaphore
as a per-cpu counter and the writer side is implemented using s_writers.frozen
superblock field.

[AV: microoptimize sb_start_write(); we want it fast in normal case]

BugLink: https://bugs.launchpad.net/bugs/897421Tested-by: default avatarKamal Mostafa <kamal@canonical.com>
Tested-by: default avatarPeter M. Petrakis <peter.petrakis@canonical.com>
Tested-by: default avatarDann Frazier <dann.frazier@canonical.com>
Tested-by: default avatarMassimo Morana <massimo.morana@canonical.com>
Signed-off-by: default avatarJan Kara <jack@suse.cz>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent d87aae2f
This diff is collapsed.
...@@ -412,6 +412,7 @@ struct inodes_stat_t { ...@@ -412,6 +412,7 @@ struct inodes_stat_t {
#include <linux/shrinker.h> #include <linux/shrinker.h>
#include <linux/migrate_mode.h> #include <linux/migrate_mode.h>
#include <linux/uidgid.h> #include <linux/uidgid.h>
#include <linux/lockdep.h>
#include <asm/byteorder.h> #include <asm/byteorder.h>
...@@ -1439,6 +1440,8 @@ extern void f_delown(struct file *filp); ...@@ -1439,6 +1440,8 @@ extern void f_delown(struct file *filp);
extern pid_t f_getown(struct file *filp); extern pid_t f_getown(struct file *filp);
extern int send_sigurg(struct fown_struct *fown); extern int send_sigurg(struct fown_struct *fown);
struct mm_struct;
/* /*
* Umount options * Umount options
*/ */
...@@ -1452,6 +1455,32 @@ extern int send_sigurg(struct fown_struct *fown); ...@@ -1452,6 +1455,32 @@ extern int send_sigurg(struct fown_struct *fown);
extern struct list_head super_blocks; extern struct list_head super_blocks;
extern spinlock_t sb_lock; extern spinlock_t sb_lock;
/* Possible states of 'frozen' field */
enum {
SB_UNFROZEN = 0, /* FS is unfrozen */
SB_FREEZE_WRITE = 1, /* Writes, dir ops, ioctls frozen */
SB_FREEZE_TRANS = 2,
SB_FREEZE_PAGEFAULT = 2, /* Page faults stopped as well */
SB_FREEZE_FS = 3, /* For internal FS use (e.g. to stop
* internal threads if needed) */
SB_FREEZE_COMPLETE = 4, /* ->freeze_fs finished successfully */
};
#define SB_FREEZE_LEVELS (SB_FREEZE_COMPLETE - 1)
struct sb_writers {
/* Counters for counting writers at each level */
struct percpu_counter counter[SB_FREEZE_LEVELS];
wait_queue_head_t wait; /* queue for waiting for
writers / faults to finish */
int frozen; /* Is sb frozen? */
wait_queue_head_t wait_unfrozen; /* queue for waiting for
sb to be thawed */
#ifdef CONFIG_DEBUG_LOCK_ALLOC
struct lockdep_map lock_map[SB_FREEZE_LEVELS];
#endif
};
struct super_block { struct super_block {
struct list_head s_list; /* Keep this first */ struct list_head s_list; /* Keep this first */
dev_t s_dev; /* search index; _not_ kdev_t */ dev_t s_dev; /* search index; _not_ kdev_t */
...@@ -1501,6 +1530,7 @@ struct super_block { ...@@ -1501,6 +1530,7 @@ struct super_block {
int s_frozen; int s_frozen;
wait_queue_head_t s_wait_unfrozen; wait_queue_head_t s_wait_unfrozen;
struct sb_writers s_writers;
char s_id[32]; /* Informational name */ char s_id[32]; /* Informational name */
u8 s_uuid[16]; /* UUID */ u8 s_uuid[16]; /* UUID */
...@@ -1555,14 +1585,119 @@ extern struct timespec current_fs_time(struct super_block *sb); ...@@ -1555,14 +1585,119 @@ extern struct timespec current_fs_time(struct super_block *sb);
/* /*
* Snapshotting support. * Snapshotting support.
*/ */
enum { /* Will go away when all users are converted */
SB_UNFROZEN = 0, #define vfs_check_frozen(sb, level) do { } while (0)
SB_FREEZE_WRITE = 1,
SB_FREEZE_TRANS = 2, void __sb_end_write(struct super_block *sb, int level);
}; int __sb_start_write(struct super_block *sb, int level, bool wait);
/**
* sb_end_write - drop write access to a superblock
* @sb: the super we wrote to
*
* Decrement number of writers to the filesystem. Wake up possible waiters
* wanting to freeze the filesystem.
*/
static inline void sb_end_write(struct super_block *sb)
{
__sb_end_write(sb, SB_FREEZE_WRITE);
}
/**
* sb_end_pagefault - drop write access to a superblock from a page fault
* @sb: the super we wrote to
*
* Decrement number of processes handling write page fault to the filesystem.
* Wake up possible waiters wanting to freeze the filesystem.
*/
static inline void sb_end_pagefault(struct super_block *sb)
{
__sb_end_write(sb, SB_FREEZE_PAGEFAULT);
}
/**
* sb_end_intwrite - drop write access to a superblock for internal fs purposes
* @sb: the super we wrote to
*
* Decrement fs-internal number of writers to the filesystem. Wake up possible
* waiters wanting to freeze the filesystem.
*/
static inline void sb_end_intwrite(struct super_block *sb)
{
__sb_end_write(sb, SB_FREEZE_FS);
}
/**
* sb_start_write - get write access to a superblock
* @sb: the super we write to
*
* When a process wants to write data or metadata to a file system (i.e. dirty
* a page or an inode), it should embed the operation in a sb_start_write() -
* sb_end_write() pair to get exclusion against file system freezing. This
* function increments number of writers preventing freezing. If the file
* system is already frozen, the function waits until the file system is
* thawed.
*
* Since freeze protection behaves as a lock, users have to preserve
* ordering of freeze protection and other filesystem locks. Generally,
* freeze protection should be the outermost lock. In particular, we have:
*
* sb_start_write
* -> i_mutex (write path, truncate, directory ops, ...)
* -> s_umount (freeze_super, thaw_super)
*/
static inline void sb_start_write(struct super_block *sb)
{
__sb_start_write(sb, SB_FREEZE_WRITE, true);
}
static inline int sb_start_write_trylock(struct super_block *sb)
{
return __sb_start_write(sb, SB_FREEZE_WRITE, false);
}
/**
* sb_start_pagefault - get write access to a superblock from a page fault
* @sb: the super we write to
*
* When a process starts handling write page fault, it should embed the
* operation into sb_start_pagefault() - sb_end_pagefault() pair to get
* exclusion against file system freezing. This is needed since the page fault
* is going to dirty a page. This function increments number of running page
* faults preventing freezing. If the file system is already frozen, the
* function waits until the file system is thawed.
*
* Since page fault freeze protection behaves as a lock, users have to preserve
* ordering of freeze protection and other filesystem locks. It is advised to
* put sb_start_pagefault() close to mmap_sem in lock ordering. Page fault
* handling code implies lock dependency:
*
* mmap_sem
* -> sb_start_pagefault
*/
static inline void sb_start_pagefault(struct super_block *sb)
{
__sb_start_write(sb, SB_FREEZE_PAGEFAULT, true);
}
/*
* sb_start_intwrite - get write access to a superblock for internal fs purposes
* @sb: the super we write to
*
* This is the third level of protection against filesystem freezing. It is
* free for use by a filesystem. The only requirement is that it must rank
* below sb_start_pagefault.
*
* For example filesystem can call sb_start_intwrite() when starting a
* transaction which somewhat eases handling of freezing for internal sources
* of filesystem changes (internal fs threads, discarding preallocation on file
* close, etc.).
*/
static inline void sb_start_intwrite(struct super_block *sb)
{
__sb_start_write(sb, SB_FREEZE_FS, true);
}
#define vfs_check_frozen(sb, level) \
wait_event((sb)->s_wait_unfrozen, ((sb)->s_frozen < (level)))
extern bool inode_owner_or_capable(const struct inode *inode); extern bool inode_owner_or_capable(const struct inode *inode);
...@@ -1886,6 +2021,7 @@ struct file_system_type { ...@@ -1886,6 +2021,7 @@ struct file_system_type {
struct lock_class_key s_lock_key; struct lock_class_key s_lock_key;
struct lock_class_key s_umount_key; struct lock_class_key s_umount_key;
struct lock_class_key s_vfs_rename_key; struct lock_class_key s_vfs_rename_key;
struct lock_class_key s_writers_key[SB_FREEZE_LEVELS];
struct lock_class_key i_lock_key; struct lock_class_key i_lock_key;
struct lock_class_key i_mutex_key; struct lock_class_key i_mutex_key;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment