[22/34] xfs: make xfs_writepage_map extent map centric

Message ID	20180523144357.18985-23-hch@lst.de (mailing list archive)
State	New, archived
Headers	show Return-Path: <owner-linux-mm@kvack.org> Received-SPF: pass (google.com: best guess record for domain of batv+df5a2477ff0fa86e9985+5386+infradead.org+hch@bombadil.srs.infradead.org designates 2607:7c80:54:e::133 as permitted sender) client-ip=2607:7c80:54:e::133; From: Christoph Hellwig <hch@lst.de> To: linux-xfs@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, Dave Chinner <dchinner@redhat.com> Subject: [PATCH 22/34] xfs: make xfs_writepage_map extent map centric Date: Wed, 23 May 2018 16:43:45 +0200 Message-Id: <20180523144357.18985-23-hch@lst.de> In-Reply-To: <20180523144357.18985-1-hch@lst.de> References: <20180523144357.18985-1-hch@lst.de> Sender: owner-linux-mm@kvack.org Precedence: bulk

Christoph Hellwig May 23, 2018, 2:43 p.m. UTC

From: Dave Chinner <dchinner@redhat.com>

xfs_writepage_map() iterates over the bufferheads on a page to decide
what sort of IO to do and what actions to take.  However, when it comes
to reflink and deciding when it needs to execute a COW operation, we no
longer look at the bufferhead state but instead we ignore than and look
up internal state held in teh COW fork extent list.

This means xfs_writepage_map() is somewhat confused. It does stuff, then
ignores it, then tries to handle the impedence mismatch by shovelling the
results inside the existing mapping code.  It works, but it's a bit of a
mess and it makes it hard to fix the cached map bug that the writepage
code currently has.

To unify the two different mechanisms, we first have to choose a direction.
That's already been set - we're de-emphasising bufferheads so they are no
longer a control structure as we need to do taht to allow for eventual
removal.  Hence we need to move away from looking at bufferhead state to
determine what operations we need to perform.

We can't completely get rid of bufferheads yet - they do contain some
state that is absolutely necessary, such as whether that part of the page
contains valid data or not (buffer_uptodate()).  Other state in the
bufferhead is redundant:

	BH_dirty - the page is dirty, so we can ignore this and just
		write it
	BH_delay - we have delalloc extent info in the DATA fork extent
		tree
	BH_unwritten - same as BH_delay
	BH_mapped - indicates we've already used it once for IO and it is
		mapped to a disk address. Needs to be ignored for COW
		blocks.

The BH_mapped flag is an interesting case - it's supposed to indicate that
it's already mapped to disk and so we can just use it "as is".  In theory,
we don't even have to do an extent lookup to find where to write it too,
but we have to do that anyway to determine we are actually writing over a
valid extent.  Hence it's not even serving the purpose of avoiding a an
extent lookup during writeback, and so we can pretty much ignore it.
Especially as we have to ignore it for COW operations...

Therefore, use the extent map as the source of information to tell us
what actions we need to take and what sort of IO we should perform.  The
first step is integration xfs_map_blocks() and xfs_map_cow() and have
xfs_map_blocks() set the io type according to what it looks up.  This
means it can easily handle both normal overwrite and COW cases.  The
only thing we also need to add is the ability to return hole mappings.

We need to return and cache hole mappings now for the case of multiple
blocks per page.  We no longer use the BH_mapped to indicate a block over
a hole, so we have to get that info from xfs_map_blocks().  We cache it so
that holes that span two pages don't need separate lookups.  This allows us
to avoid ever doing write IO over a hole, too.

Further, we need to drop the XFS_BMAPI_IGSTATE flag so that we don't
combine contiguous written and unwritten extents into a single map.  The
io type needs to match the extent type we are writing to so that we run the
correct IO completion routine for the IO. There is scope for optimisation
that would allow us to re-instate the XFS_BMAPI_IGSTATE flag, but this
requires tweaks to code outside the scope of this change.

Now that we have xfs_map_blocks() returning both a cached map and the type
of IO we need to perform, we can rewrite xfs_writepage_map() to drop all
the bufferhead control. It's also much simplified because it doesn't need
to explicitly handle COW operations.  Instead of iterating bufferheads, it
iterates blocks within the page and then looks up what per-block state is
required from the appropriate bufferhead.  It then validates the cached
map, and if it's not valid, we get a new map.  If we don't get a valid map
or it's over a hole, we skip the block.

At this point, we have to remap the bufferhead via xfs_map_at_offset().
As previously noted, we had to do this even if the buffer was already
mapped as the mapping would be stale for XFS_IO_DELALLOC, XFS_IO_UNWRITTEN
and XFS_IO_COW IO types.  With xfs_map_blocks() now controlling the type,
even XFS_IO_OVERWRITE types need remapping, as converted-but-not-yet-
written delalloc extents beyond EOF can be reported at XFS_IO_OVERWRITE.
Bufferheads that span such regions still need their BH_Delay flags cleared
and their block numbers calculated, so we now unconditionally map each
bufferhead before submission.

But wait! There's more - remember the old "treat unwritten extents as
holes on read" hack?  Yeah, that means we can have a dirty page with
unmapped, unwritten bufferheads that contain data!  What makes these so
special is that the unwritten "hole" bufferheads do not have a valid block
device pointer, so if we attempt to write them xfs_add_to_ioend() blows
up. So we make xfs_map_at_offset() do the "realtime or data device"
lookup from the inode and ignore what was or wasn't put into the
bufferhead when the buffer was instantiated.

The astute reader will have realised by now that this code treats
unwritten extents in multiple-blocks-per-page situations differently.
If we get any combination of unwritten blocks on a dirty page that contain
valid data in the page, we're going to convert them to real extents.  This
can actually be a win, because it means that pages with interleaving
unwritten and written blocks will get converted to a single written extent
with zeros replacing the interspersed unwritten blocks.  This is actually
good for reducing extent list and conversion overhead, and it means we
issue a contiguous IO instead of lots of little ones.  The downside is
that we use up a little extra IO bandwidth.  Neither of these seem like a
bad thing given that spinning disks are seek sensitive, and SSDs/pmem have
bandwidth to burn and the lower Io latency/CPU overhead of fewer, larger
IOs will result in better performance on them...

As a result of all this, the only state we actually care about from the
bufferhead is a single flag - BH_Uptodate. We still use the bufferhead to
pass some information to the bio via xfs_add_to_ioend(), but that is
trivial to separate and pass explicitly.  This means we really only need
1 bit of state per block per page from the buffered write path in the
writeback path.  Everything else we do with the bufferhead is purely to
make the buffered IO front end continue to work correctly. i.e we've
pretty much marginalised bufferheads in the writeback path completely.

Signed-Off-By: Dave Chinner <dchinner@redhat.com>
[hch: forward port + slight refactoring]
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
 fs/xfs/xfs_aops.c | 277 +++++++++++++++++++++-------------------------
 fs/xfs/xfs_aops.h |   4 +-
 2 files changed, 130 insertions(+), 151 deletions(-)

Brian Foster May 24, 2018, 2:59 p.m. UTC | #1

On Wed, May 23, 2018 at 04:43:45PM +0200, Christoph Hellwig wrote:
> From: Dave Chinner <dchinner@redhat.com>
> 
...
> 
> diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
> index 5dd09e83c81c..a50f69c2c602 100644
> --- a/fs/xfs/xfs_aops.c
> +++ b/fs/xfs/xfs_aops.c
...
> @@ -845,85 +826,81 @@ xfs_writepage_map(
>  {
>  	LIST_HEAD(submit_list);
>  	struct xfs_ioend	*ioend, *next;
> -	struct buffer_head	*bh, *head;
> +	struct buffer_head	*bh;
>  	ssize_t			len = i_blocksize(inode);
> -	uint64_t		offset;
>  	int			error = 0;
>  	int			count = 0;
> -	int			uptodate = 1;
> -	unsigned int		new_type;
> +	bool			uptodate = true;
> +	loff_t			file_offset;	/* file offset of page */
> +	unsigned		poffset;	/* offset into page */
>  
> -	bh = head = page_buffers(page);
> -	offset = page_offset(page);
> -	do {
> -		if (offset >= end_offset)
> +	/*
> +	 * Walk the blocks on the page, and we we run off then end of the
> +	 * current map or find the current map invalid, grab a new one.
> +	 * We only use bufferheads here to check per-block state - they no
> +	 * longer control the iteration through the page. This allows us to
> +	 * replace the bufferhead with some other state tracking mechanism in
> +	 * future.
> +	 */
> +	file_offset = page_offset(page);
> +	bh = page_buffers(page);
> +	for (poffset = 0;
> +	     poffset < PAGE_SIZE;
> +	     poffset += len, file_offset += len, bh = bh->b_this_page) {
> +		/* past the range we are writing, so nothing more to write. */
> +		if (file_offset >= end_offset)
>  			break;
> -		if (!buffer_uptodate(bh))
> -			uptodate = 0;
>  
>  		/*
> -		 * set_page_dirty dirties all buffers in a page, independent
> -		 * of their state.  The dirty state however is entirely
> -		 * meaningless for holes (!mapped && uptodate), so skip
> -		 * buffers covering holes here.
> +		 * Block does not contain valid data, skip it, mark the current
> +		 * map as invalid because we have a discontiguity. This ensures
> +		 * we put subsequent writeable buffers into a new ioend.
>  		 */
> -		if (!buffer_mapped(bh) && buffer_uptodate(bh)) {
> -			wpc->imap_valid = false;
> -			continue;
> -		}
> -
> -		if (buffer_unwritten(bh))
> -			new_type = XFS_IO_UNWRITTEN;
> -		else if (buffer_delay(bh))
> -			new_type = XFS_IO_DELALLOC;
> -		else if (buffer_uptodate(bh))
> -			new_type = XFS_IO_OVERWRITE;
> -		else {
> +		if (!buffer_uptodate(bh)) {
>  			if (PageUptodate(page))
>  				ASSERT(buffer_mapped(bh));
> -			/*
> -			 * This buffer is not uptodate and will not be
> -			 * written to disk.  Ensure that we will put any
> -			 * subsequent writeable buffers into a new
> -			 * ioend.
> -			 */
> +			uptodate = false;
>  			wpc->imap_valid = false;
>  			continue;
>  		}
>  
> -		if (xfs_is_reflink_inode(XFS_I(inode))) {
> -			error = xfs_map_cow(wpc, inode, offset, &new_type);
> -			if (error)
> -				goto out;
> -		}
> -
> -		if (wpc->io_type != new_type) {
> -			wpc->io_type = new_type;
> -			wpc->imap_valid = false;
> -		}
> -
> +		/* Check to see if current map spans this file offset */
>  		if (wpc->imap_valid)
>  			wpc->imap_valid = xfs_imap_valid(inode, &wpc->imap,
> -							 offset);
> +							 file_offset);
> +		/*
> +		 * If we don't have a valid map, now it's time to get a new one
> +		 * for this offset.  This will convert delayed allocations
> +		 * (including COW ones) into real extents.  If we return without
> +		 * a valid map, it means we landed in a hole and we skip the
> +		 * block.
> +		 */
>  		if (!wpc->imap_valid) {
> -			error = xfs_map_blocks(inode, offset, &wpc->imap,
> -					     wpc->io_type);
> +			error = xfs_map_blocks(inode, file_offset, &wpc->imap,
> +					     &wpc->io_type);
>  			if (error)
>  				goto out;
>  			wpc->imap_valid = xfs_imap_valid(inode, &wpc->imap,
> -							 offset);
> +							 file_offset);
>  		}
> -		if (wpc->imap_valid) {
> -			lock_buffer(bh);
> -			if (wpc->io_type != XFS_IO_OVERWRITE)
> -				xfs_map_at_offset(inode, bh, &wpc->imap, offset);
> -			xfs_add_to_ioend(inode, bh, offset, wpc, wbc, &submit_list);
> -			count++;
> +
> +		if (!wpc->imap_valid || wpc->io_type == XFS_IO_HOLE) {
> +			/*
> +			 * set_page_dirty dirties all buffers in a page, independent
> +			 * of their state.  The dirty state however is entirely
> +			 * meaningless for holes (!mapped && uptodate), so check we did
> +			 * have a buffer covering a hole here and continue.
> +			 */

The comment above doesn't make much sense given that we don't check for
anything here and just continue the loop.

That aside, the concern I had with this patch when it was last posted is
that it indirectly dropped the error/consistency check between page
state and extent state provided by the XFS_BMAPI_DELALLOC flag. What was
historically an accounting/reservation issue was turned into something
like this by XFS_BMAPI_DELALLOC:

# xfs_io -c "pwrite 0 4k" -c fsync /mnt/file
wrote 4096/4096 bytes at offset 0
4 KiB, 1 ops; 0.0041 sec (974.184 KiB/sec and 243.5460 ops/sec)
fsync: Input/output error

As of this patch, that same error condition now behaves something like
this:

[root@localhost ~]# xfs_io -c "pwrite 0 4k" -c fsync /mnt/file
wrote 4096/4096 bytes at offset 0
4 KiB, 1 ops; 0.0029 sec (1.325 MiB/sec and 339.2130 ops/sec)
[root@localhost ~]# ls -al /mnt/file
-rw-r--r--. 1 root root 4096 May 24 08:27 /mnt/file
[root@localhost ~]# umount  /mnt ; mount /dev/test/scratch /mnt/
[root@localhost ~]# ls -al /mnt/file
-rw-r--r--. 1 root root 0 May 24 08:27 /mnt/file

So our behavior has changed from forced block allocation (violating
reservation) and writing the data, to instead return an error, and now
to silently skip the page. I suppose there are situations (i.e., races
with truncate) where a hole is valid and the correct behavior is to skip
the page, and this is admittedly an error condition that "should never
happen," but can we at least add an assert somewhere in this series that
ensures if uptodate data maps over a hole that the associated block
offset is beyond EOF (or something of that nature)?

Brian

> +			continue;
>  		}
>  
> -	} while (offset += len, ((bh = bh->b_this_page) != head));
> +		lock_buffer(bh);
> +		xfs_map_at_offset(inode, bh, &wpc->imap, file_offset);
> +		xfs_add_to_ioend(inode, bh, file_offset, wpc, wbc, &submit_list);
> +		count++;
> +	}
>  
> -	if (uptodate && bh == head)
> +	if (uptodate && poffset == PAGE_SIZE)
>  		SetPageUptodate(page);
>  
>  	ASSERT(wpc->ioend || list_empty(&submit_list));
> diff --git a/fs/xfs/xfs_aops.h b/fs/xfs/xfs_aops.h
> index 69346d460dfa..b2ef5b661761 100644
> --- a/fs/xfs/xfs_aops.h
> +++ b/fs/xfs/xfs_aops.h
> @@ -29,6 +29,7 @@ enum {
>  	XFS_IO_UNWRITTEN,	/* covers allocated but uninitialized data */
>  	XFS_IO_OVERWRITE,	/* covers already allocated extent */
>  	XFS_IO_COW,		/* covers copy-on-write extent */
> +	XFS_IO_HOLE,		/* covers region without any block allocation */
>  };
>  
>  #define XFS_IO_TYPES \
> @@ -36,7 +37,8 @@ enum {
>  	{ XFS_IO_DELALLOC,		"delalloc" }, \
>  	{ XFS_IO_UNWRITTEN,		"unwritten" }, \
>  	{ XFS_IO_OVERWRITE,		"overwrite" }, \
> -	{ XFS_IO_COW,			"CoW" }
> +	{ XFS_IO_COW,			"CoW" }, \
> +	{ XFS_IO_HOLE,			"hole" }
>  
>  /*
>   * Structure for buffered I/O completions.
> -- 
> 2.17.0
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Christoph Hellwig May 24, 2018, 4:53 p.m. UTC | #2

> > +		if (!wpc->imap_valid || wpc->io_type == XFS_IO_HOLE) {
> > +			/*
> > +			 * set_page_dirty dirties all buffers in a page, independent
> > +			 * of their state.  The dirty state however is entirely
> > +			 * meaningless for holes (!mapped && uptodate), so check we did
> > +			 * have a buffer covering a hole here and continue.
> > +			 */
> 
> The comment above doesn't make much sense given that we don't check for
> anything here and just continue the loop.

It gets removed in the last patch of the original series when we
kill buffer heads.  But I can fold the removal into this patch as well.

> That aside, the concern I had with this patch when it was last posted is
> that it indirectly dropped the error/consistency check between page
> state and extent state provided by the XFS_BMAPI_DELALLOC flag. What was
> historically an accounting/reservation issue was turned into something
> like this by XFS_BMAPI_DELALLOC:
> 
> # xfs_io -c "pwrite 0 4k" -c fsync /mnt/file
> wrote 4096/4096 bytes at offset 0
> 4 KiB, 1 ops; 0.0041 sec (974.184 KiB/sec and 243.5460 ops/sec)
> fsync: Input/output error

What is that issue that gets you an I/O error on a 4k write?  That
is what is missing in the above reproducer?

> As of this patch, that same error condition now behaves something like
> this:
> 
> [root@localhost ~]# xfs_io -c "pwrite 0 4k" -c fsync /mnt/file
> wrote 4096/4096 bytes at offset 0
> 4 KiB, 1 ops; 0.0029 sec (1.325 MiB/sec and 339.2130 ops/sec)
> [root@localhost ~]# ls -al /mnt/file
> -rw-r--r--. 1 root root 4096 May 24 08:27 /mnt/file
> [root@localhost ~]# umount  /mnt ; mount /dev/test/scratch /mnt/
> [root@localhost ~]# ls -al /mnt/file
> -rw-r--r--. 1 root root 0 May 24 08:27 /mnt/file
> 
> So our behavior has changed from forced block allocation (violating
> reservation) and writing the data, to instead return an error, and now
> to silently skip the page.

We should never, ever allocate space that we didn't have a delalloc
reservation for in writepage/writepages.  But I agree that we should
record and error.  I have to admit I'm lost on where we did record
the error and why we don't do that now.  I'd be happy to fix it.

> I suppose there are situations (i.e., races
> with truncate) where a hole is valid and the correct behavior is to skip
> the page, and this is admittedly an error condition that "should never
> happen," but can we at least add an assert somewhere in this series that
> ensures if uptodate data maps over a hole that the associated block
> offset is beyond EOF (or something of that nature)?

We can have plenty of holes in dirty pages.  However we should never
allocate blocks for them.  Fortunately we stop even looking at anything
but the extent tree for block status by the end of this series for 4k
file systems, and with the next series even for small block sizes, so
that whole mismatch is a thing of the past now.

Brian Foster May 24, 2018, 6:13 p.m. UTC | #3

On Thu, May 24, 2018 at 06:53:50PM +0200, Christoph Hellwig wrote:
> > > +		if (!wpc->imap_valid || wpc->io_type == XFS_IO_HOLE) {
> > > +			/*
> > > +			 * set_page_dirty dirties all buffers in a page, independent
> > > +			 * of their state.  The dirty state however is entirely
> > > +			 * meaningless for holes (!mapped && uptodate), so check we did
> > > +			 * have a buffer covering a hole here and continue.
> > > +			 */
> > 
> > The comment above doesn't make much sense given that we don't check for
> > anything here and just continue the loop.
> 
> It gets removed in the last patch of the original series when we
> kill buffer heads.  But I can fold the removal into this patch as well.
> 

Ah, I was thinking this patch added that comment when it actually mostly
moves it (it does tweak it a bit). Eh, no big deal either way.

> > That aside, the concern I had with this patch when it was last posted is
> > that it indirectly dropped the error/consistency check between page
> > state and extent state provided by the XFS_BMAPI_DELALLOC flag. What was
> > historically an accounting/reservation issue was turned into something
> > like this by XFS_BMAPI_DELALLOC:
> > 
> > # xfs_io -c "pwrite 0 4k" -c fsync /mnt/file
> > wrote 4096/4096 bytes at offset 0
> > 4 KiB, 1 ops; 0.0041 sec (974.184 KiB/sec and 243.5460 ops/sec)
> > fsync: Input/output error
> 
> What is that issue that gets you an I/O error on a 4k write?  That
> is what is missing in the above reproducer?
> 

Sorry... I should have mentioned this is a simulated error and not
something that actually occurs right now. You can manufacture it easy
enough using the drop_writes error tag and comment out the pagecache
truncate code in xfs_file_iomap_end_delalloc().

> > As of this patch, that same error condition now behaves something like
> > this:
> > 
> > [root@localhost ~]# xfs_io -c "pwrite 0 4k" -c fsync /mnt/file
> > wrote 4096/4096 bytes at offset 0
> > 4 KiB, 1 ops; 0.0029 sec (1.325 MiB/sec and 339.2130 ops/sec)
> > [root@localhost ~]# ls -al /mnt/file
> > -rw-r--r--. 1 root root 4096 May 24 08:27 /mnt/file
> > [root@localhost ~]# umount  /mnt ; mount /dev/test/scratch /mnt/
> > [root@localhost ~]# ls -al /mnt/file
> > -rw-r--r--. 1 root root 0 May 24 08:27 /mnt/file
> > 
> > So our behavior has changed from forced block allocation (violating
> > reservation) and writing the data, to instead return an error, and now
> > to silently skip the page.
> 
> We should never, ever allocate space that we didn't have a delalloc
> reservation for in writepage/writepages.  But I agree that we should
> record and error.  I have to admit I'm lost on where we did record
> the error and why we don't do that now.  I'd be happy to fix it.
> 

Right, the error behavior came from the XFS_BMAPI_DELALLOC flag that was
passed from xfs_iomap_write_allocate(). It caused xfs_bmapi_write() to
detect that we were in a hole and return an error in the !COW_FORK case
since we were expecting to do delalloc conversion from writeback.

Note that I'm not saying there's a vector to reproduce this problem in
the current code that I'm aware of. I'm just saying it's happened in the
past due to bugs and I'd like to preserve some kind of basic sanity
check (as an error or assert) if we have enough state available to do
so.

> > I suppose there are situations (i.e., races
> > with truncate) where a hole is valid and the correct behavior is to skip
> > the page, and this is admittedly an error condition that "should never
> > happen," but can we at least add an assert somewhere in this series that
> > ensures if uptodate data maps over a hole that the associated block
> > offset is beyond EOF (or something of that nature)?
> 
> We can have plenty of holes in dirty pages.  However we should never
> allocate blocks for them.  Fortunately we stop even looking at anything
> but the extent tree for block status by the end of this series for 4k
> file systems, and with the next series even for small block sizes, so
> that whole mismatch is a thing of the past now.

Ok, so I guess writeback can see uptodate blocks over a hole if some
other block in that page is dirty. Perhaps we could make sure that a
dirty page has at least one block that maps to an actual extent or
otherwise the page has been truncated..?

I guess having another dirty block bitmap similar to
iomap_page->uptodate could be required to tell for sure whether a
particular block should definitely have a block on-disk or not. It may
not be worth doing that just for additional error checks, but I still
have to look into the last few patches to grok all the iomap_page stuff.

Brian

Christoph Hellwig May 25, 2018, 6:19 a.m. UTC | #4

On Thu, May 24, 2018 at 02:13:56PM -0400, Brian Foster wrote:
> Ok, so I guess writeback can see uptodate blocks over a hole if some
> other block in that page is dirty.

Yes.

> Perhaps we could make sure that a
> dirty page has at least one block that maps to an actual extent or
> otherwise the page has been truncated..?

We have the following comment near the end of xfs_writepage_map:

	/*
	 * We can end up here with no error and nothing to write if we
	 * race with a partial page truncate on a sub-page block sized
	 * filesystem. In that case we need to mark the page clean.
	 */

And I'm pretty sure I managed to hit that case easily in xfstests,
as my initial handling of it was wrong.  So I don't think we can
even check for that.

> I guess having another dirty block bitmap similar to
> iomap_page->uptodate could be required to tell for sure whether a
> particular block should definitely have a block on-disk or not. It may
> not be worth doing that just for additional error checks, but I still
> have to look into the last few patches to grok all the iomap_page stuff.

I don't think it's worth it.  The sub-page dirty tracking has been one
of the issues with the buffer head code that caused a lot of problems,
and that we want to get rid of.

Brian Foster May 25, 2018, 11:35 a.m. UTC | #5

On Fri, May 25, 2018 at 08:19:00AM +0200, Christoph Hellwig wrote:
> On Thu, May 24, 2018 at 02:13:56PM -0400, Brian Foster wrote:
> > Ok, so I guess writeback can see uptodate blocks over a hole if some
> > other block in that page is dirty.
> 
> Yes.
> 
> > Perhaps we could make sure that a
> > dirty page has at least one block that maps to an actual extent or
> > otherwise the page has been truncated..?
> 
> We have the following comment near the end of xfs_writepage_map:
> 

That comment is what I'm basing on...

> 	/*
> 	 * We can end up here with no error and nothing to write if we
> 	 * race with a partial page truncate on a sub-page block sized
> 	 * filesystem. In that case we need to mark the page clean.
> 	 */
> 

So we can correctly end up with nothing to write on a dirty page, but it
presumes a race with truncate. So suppose we end up with a dirty page,
at least one uptodate block, count is zero (i.e., due to holes) and
i_size is beyond the page. Would that not be completely bogus? If bogus,
I think that would at least detect the dumb example I posted earlier.

Brian

> And I'm pretty sure I managed to hit that case easily in xfstests,
> as my initial handling of it was wrong.  So I don't think we can
> even check for that.
> 
> > I guess having another dirty block bitmap similar to
> > iomap_page->uptodate could be required to tell for sure whether a
> > particular block should definitely have a block on-disk or not. It may
> > not be worth doing that just for additional error checks, but I still
> > have to look into the last few patches to grok all the iomap_page stuff.
> 
> I don't think it's worth it.  The sub-page dirty tracking has been one
> of the issues with the buffer head code that caused a lot of problems,
> and that we want to get rid of.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Christoph Hellwig May 28, 2018, 7:15 a.m. UTC | #6

On Fri, May 25, 2018 at 07:35:33AM -0400, Brian Foster wrote:
> That comment is what I'm basing on...
> 
> > 	/*
> > 	 * We can end up here with no error and nothing to write if we
> > 	 * race with a partial page truncate on a sub-page block sized
> > 	 * filesystem. In that case we need to mark the page clean.
> > 	 */
> > 
> 
> So we can correctly end up with nothing to write on a dirty page, but it
> presumes a race with truncate. So suppose we end up with a dirty page,
>
> at least one uptodate block, count is zero (i.e., due to holes) and
> i_size is beyond the page. Would that not be completely bogus? If bogus,
> I think that would at least detect the dumb example I posted earlier.

The trivial file_offset >= i_size_read assert explodes pretty soon
in generic/091, and already does so with the existing mainline code.

I'd rather not open another can of worms right now..

Brian Foster May 29, 2018, 11:26 a.m. UTC | #7

On Mon, May 28, 2018 at 09:15:43AM +0200, Christoph Hellwig wrote:
> On Fri, May 25, 2018 at 07:35:33AM -0400, Brian Foster wrote:
> > That comment is what I'm basing on...
> > 
> > > 	/*
> > > 	 * We can end up here with no error and nothing to write if we
> > > 	 * race with a partial page truncate on a sub-page block sized
> > > 	 * filesystem. In that case we need to mark the page clean.
> > > 	 */
> > > 
> > 
> > So we can correctly end up with nothing to write on a dirty page, but it
> > presumes a race with truncate. So suppose we end up with a dirty page,
> >
> > at least one uptodate block, count is zero (i.e., due to holes) and
> > i_size is beyond the page. Would that not be completely bogus? If bogus,
> > I think that would at least detect the dumb example I posted earlier.
> 
> The trivial file_offset >= i_size_read assert explodes pretty soon
> in generic/091, and already does so with the existing mainline code.
> 

What exactly is the trivial check? Can you show the code please?

Brian

> I'd rather not open another can of worms right now..
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Christoph Hellwig May 29, 2018, 1:08 p.m. UTC | #8

On Tue, May 29, 2018 at 07:26:31AM -0400, Brian Foster wrote:
> What exactly is the trivial check? Can you show the code please?

ASSERT(file_offset > i_size_read(inode)) in the !count block
at the end of xfs_writepage_map.

(file_offset replaced with page_offset(page) + offset for the mainline
code).

Brian Foster May 29, 2018, 5:04 p.m. UTC | #9

On Tue, May 29, 2018 at 03:08:46PM +0200, Christoph Hellwig wrote:
> On Tue, May 29, 2018 at 07:26:31AM -0400, Brian Foster wrote:
> > What exactly is the trivial check? Can you show the code please?
> 
> ASSERT(file_offset > i_size_read(inode)) in the !count block
> at the end of xfs_writepage_map.
> 
> (file_offset replaced with page_offset(page) + offset for the mainline
> code).

Ok, so we (mainline) somehow or another end up in writeback with a page
(inside EOF) with a combination of (!mapped && !uptodate) and (!mapped
&& uptodate) (unwritten?) buffers, none of them actually being dirty.
I'm not quite sure how that happens, but I think it does rule out the
count == 0 && at least one uptodate segment logic I proposed earlier.

Fair enough. Given that, I'm not sure there's a good way to trigger such
error detection without actual dirty state, and it's certainly not worth
complicating the design just for that. Thanks for trying, at least.

Hmm, that does have me wondering a bit if/how we'd end up writing back
zeroed blocks over unwritten extents with no other dirty user data in
the page (since the initial xfs_writepage_map() rework patch factors out
the uptodate && !mapped skipping logic).

Brian

> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

[22/34] xfs: make xfs_writepage_map extent map centric

Commit Message

Comments

Patch