| Message ID | 161543197372.1947934.1230576164438094965.stgit@magnolia (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | xfs: deferred inode inactivation | expand |
Still digesting this. What trips me off a bit is the huge amount of duplication vs the inode reclaim mechanism. Did you look into sharing more code there and if yes what speaks against that?
On Tue, Mar 16, 2021 at 07:27:10AM +0000, Christoph Hellwig wrote: > Still digesting this. What trips me off a bit is the huge amount of > duplication vs the inode reclaim mechanism. Did you look into sharing > more code there and if yes what speaks against that? TBH I didn't look /too/ hard because once upon a time[1] Dave was aiming to replace the inode reclaim tagging and iteration with an lru list walk so I decided not to entangle the two. [1] https://lore.kernel.org/linux-xfs/20191009032124.10541-23-david@fromorbit.com/ --D
On Tue, Mar 16, 2021 at 08:47:29AM -0700, Darrick J. Wong wrote: > On Tue, Mar 16, 2021 at 07:27:10AM +0000, Christoph Hellwig wrote: > > Still digesting this. What trips me off a bit is the huge amount of > > duplication vs the inode reclaim mechanism. Did you look into sharing > > more code there and if yes what speaks against that? > > TBH I didn't look /too/ hard because once upon a time[1] Dave was aiming > to replace the inode reclaim tagging and iteration with an lru list walk > so I decided not to entangle the two. > > [1] https://lore.kernel.org/linux-xfs/20191009032124.10541-23-david@fromorbit.com/ Well, it isn't just the radix tree tagging, but mostly the infrastructure in iget that seems duplicates a lot of very delicate code. For the actual inactivation run: why don't we queue up the inodes for deactivation directly that, that use the work_struct in the inode to directly queue up the inode to the workqueue and let the workqueue manage the details? That also means we can piggy back on flush_work and flush_workqueue to force one or more entries out. Again I'm not saying I know this is better, but this is something that comes to my mind when reading the code.
On Wed, Mar 17, 2021 at 03:21:25PM +0000, Christoph Hellwig wrote: > On Tue, Mar 16, 2021 at 08:47:29AM -0700, Darrick J. Wong wrote: > > On Tue, Mar 16, 2021 at 07:27:10AM +0000, Christoph Hellwig wrote: > > > Still digesting this. What trips me off a bit is the huge amount of > > > duplication vs the inode reclaim mechanism. Did you look into sharing > > > more code there and if yes what speaks against that? > > > > TBH I didn't look /too/ hard because once upon a time[1] Dave was aiming > > to replace the inode reclaim tagging and iteration with an lru list walk > > so I decided not to entangle the two. > > > > [1] https://lore.kernel.org/linux-xfs/20191009032124.10541-23-david@fromorbit.com/ > > Well, it isn't just the radix tree tagging, but mostly the > infrastructure in iget that seems duplicates a lot of very delicate > code. > > For the actual inactivation run: why don't we queue up the inodes > for deactivation directly that, that use the work_struct in the > inode to directly queue up the inode to the workqueue and let the > workqueue manage the details? That also means we can piggy back on > flush_work and flush_workqueue to force one or more entries out. > > Again I'm not saying I know this is better, but this is something that > comes to my mind when reading the code. Hmm. You mean reuse i_ioend_work (which maybe we should just rename to i_work) and queueing the inodes directly into the workqueue? I suppose that would mean we don't even need the radix tree tag + inode walk... I hadn't thought about reusing i_ioend_work, since this patchset predates the writeback ioend chaining. The biggest downside that I can think of doing it that way is that right after a rm -rf, the unbound gc workqueue will start hundreds of kworkers to deal with the sudden burst of queued work, but all those workers will end up fighting each other for (a) log grant space, and after that (b) the AGI buffer locks, and meanwhile everything else on the frontend stalls on the log. The other side benefit I can think of w.r.t. keeping the inactivation work as a per-AG item is that (at least among AGs) we can walk the inodes in disk order, which probably results in less seeking (note: I haven't studied this) and might allow us to free inode cluster buffers sooner in the rm -rf case. <shrug> Thoughts? --D
On Tue, Mar 16, 2021 at 08:47:29AM -0700, Darrick J. Wong wrote: > On Tue, Mar 16, 2021 at 07:27:10AM +0000, Christoph Hellwig wrote: > > Still digesting this. What trips me off a bit is the huge amount of > > duplication vs the inode reclaim mechanism. Did you look into sharing > > more code there and if yes what speaks against that? > > TBH I didn't look /too/ hard because once upon a time[1] Dave was aiming > to replace the inode reclaim tagging and iteration with an lru list walk > so I decided not to entangle the two. > > [1] https://lore.kernel.org/linux-xfs/20191009032124.10541-23-david@fromorbit.com/ I prototyped that and discarded it - it made inode reclaim much, much slower because it introduced delays (lock contention) adding new inodes to the reclaim list while a reclaim isolation walk was in progress. The radix tree based mechanism we have right now is very efficient as only the inodes being marked for reclaim take the radix tree lock and hence there is minimal contention for it... Cheers, Dave.
On Wed, Mar 17, 2021 at 08:49:04AM -0700, Darrick J. Wong wrote: > On Wed, Mar 17, 2021 at 03:21:25PM +0000, Christoph Hellwig wrote: > > On Tue, Mar 16, 2021 at 08:47:29AM -0700, Darrick J. Wong wrote: > > > On Tue, Mar 16, 2021 at 07:27:10AM +0000, Christoph Hellwig wrote: > > > > Still digesting this. What trips me off a bit is the huge amount of > > > > duplication vs the inode reclaim mechanism. Did you look into sharing > > > > more code there and if yes what speaks against that? > > > > > > TBH I didn't look /too/ hard because once upon a time[1] Dave was aiming > > > to replace the inode reclaim tagging and iteration with an lru list walk > > > so I decided not to entangle the two. > > > > > > [1] https://lore.kernel.org/linux-xfs/20191009032124.10541-23-david@fromorbit.com/ > > > > Well, it isn't just the radix tree tagging, but mostly the > > infrastructure in iget that seems duplicates a lot of very delicate > > code. > > > > For the actual inactivation run: why don't we queue up the inodes > > for deactivation directly that, that use the work_struct in the > > inode to directly queue up the inode to the workqueue and let the > > workqueue manage the details? That also means we can piggy back on > > flush_work and flush_workqueue to force one or more entries out. > > > > Again I'm not saying I know this is better, but this is something that > > comes to my mind when reading the code. > > Hmm. You mean reuse i_ioend_work (which maybe we should just rename to > i_work) and queueing the inodes directly into the workqueue? I suppose > that would mean we don't even need the radix tree tag + inode walk... > > I hadn't thought about reusing i_ioend_work, since this patchset > predates the writeback ioend chaining. The biggest downside that I can > think of doing it that way is that right after a rm -rf, the unbound gc > workqueue will start hundreds of kworkers to deal with the sudden burst > of queued work, but all those workers will end up fighting each other > for (a) log grant space, and after that (b) the AGI buffer locks, and > meanwhile everything else on the frontend stalls on the log. yeah, this is not a good idea. The deferred inactivation needs to limit concurrency to a single work per AG at most because otherwise it will just consume all the reservation space serialising on the AGI locks. Even so, it can still starve the front end when they compete for AGI and AGF locks. Hence the background deferral is going to have to be very careful about how it obtains and blocks on locks.... (I haven't got that far iinto the patchset yet) > The other side benefit I can think of w.r.t. keeping the inactivation > work as a per-AG item is that (at least among AGs) we can walk the > inodes in disk order, which probably results in less seeking (note: I > haven't studied this) and might allow us to free inode cluster buffers > sooner in the rm -rf case. That is very useful because it allows the CIL to cancel the space used modifying the inodes and the cluster buffer during the unlink, allowing it to aggregate many more unlinks into the same checkpoint and avoid metadata writeback part way through unlink operations. i.e it is very efficient in terms of journal space consumption and hence journal IO bandwidth. (This is how we get multiple hundreds of thousands of items into a single 32MB journal checkpoint......) Cheers, Dave.
On Tue, Mar 23, 2021 at 10:37:21AM +1100, Dave Chinner wrote: > On Tue, Mar 16, 2021 at 08:47:29AM -0700, Darrick J. Wong wrote: > > On Tue, Mar 16, 2021 at 07:27:10AM +0000, Christoph Hellwig wrote: > > > Still digesting this. What trips me off a bit is the huge amount of > > > duplication vs the inode reclaim mechanism. Did you look into sharing > > > more code there and if yes what speaks against that? > > > > TBH I didn't look /too/ hard because once upon a time[1] Dave was aiming > > to replace the inode reclaim tagging and iteration with an lru list walk > > so I decided not to entangle the two. > > > > [1] https://lore.kernel.org/linux-xfs/20191009032124.10541-23-david@fromorbit.com/ > > I prototyped that and discarded it - it made inode reclaim much, > much slower because it introduced delays (lock contention) adding > new inodes to the reclaim list while a reclaim isolation walk was in > progress. > > The radix tree based mechanism we have right now is very efficient > as only the inodes being marked for reclaim take the radix tree > lock and hence there is minimal contention for it... Ahah, that's what happened to that patchset. Well in that case, since xfs_reclaim_inodes* is going to stick around, I think it makes more sense to refactor xfs_inodes_walk_ag to handle XFS_ICI_RECLAIM_TAG, and then xfs_reclaim_inodes_ag can go away entirely. That said, xfs_reclaim_inodes_ag does have some warts (like updating the per-ag reclaim cursor and decrementing nr_to_scan) that would add clutter. --D > Cheers, > > Dave. > -- > Dave Chinner > david@fromorbit.com
On Wed, Mar 10, 2021 at 07:06:13PM -0800, Darrick J. Wong wrote: > From: Darrick J. Wong <djwong@kernel.org> > > Instead of calling xfs_inactive directly from xfs_fs_destroy_inode, > defer the inactivation phase to a separate workqueue. With this we > avoid blocking memory reclaim on filesystem metadata updates that are > necessary to free an in-core inode, such as post-eof block freeing, COW > staging extent freeing, and truncating and freeing unlinked inodes. Now > that work is deferred to a workqueue where we can do the freeing in > batches. > > We introduce two new inode flags -- NEEDS_INACTIVE and INACTIVATING. > The first flag helps our worker find inodes needing inactivation, and > the second flag marks inodes that are in the process of being > inactivated. A concurrent xfs_iget on the inode can still resurrect the > inode by clearing NEEDS_INACTIVE (or bailing if INACTIVATING is set). > > Unfortunately, deferring the inactivation has one huge downside -- > eventual consistency. Since all the freeing is deferred to a worker > thread, one can rm a file but the space doesn't come back immediately. > This can cause some odd side effects with quota accounting and statfs, > so we also force inactivation scans in order to maintain the existing > behaviors, at least outwardly. > > For this patch we'll set the delay to zero to mimic the old timing as > much as possible; in the next patch we'll play with different delay > settings. > > Signed-off-by: Darrick J. Wong <djwong@kernel.org> .... > diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c > index a2a407039227..3a3baf56198b 100644 > --- a/fs/xfs/xfs_fsops.c > +++ b/fs/xfs/xfs_fsops.c > @@ -19,6 +19,8 @@ > #include "xfs_log.h" > #include "xfs_ag.h" > #include "xfs_ag_resv.h" > +#include "xfs_inode.h" > +#include "xfs_icache.h" > > /* > * growfs operations > @@ -290,6 +292,13 @@ xfs_fs_counts( > xfs_mount_t *mp, > xfs_fsop_counts_t *cnt) > { > + /* > + * Process all the queued file and speculative preallocation cleanup so > + * that the counter values we report here do not incorporate any > + * resources that were previously deleted. > + */ > + xfs_inodegc_force(mp); xfs_fs_counts() is supposed to be a quick, non-blocking summary of the state - it can never supply userspace with accurate values because they are wrong even before the ioctl returns to userspace. Hence we do not attempt to make them correct, just use a fast, point in time sample of the current counter values. So this seems like an unnecessarily heavyweight operation to add to this function.... Also, I don't like the word "force" in functions like this: force it to do what, exactly? If you want a queue flush, then xfs_inodegc_flush() matches with how flush_workqueue() works... > cnt->allocino = percpu_counter_read_positive(&mp->m_icount); > cnt->freeino = percpu_counter_read_positive(&mp->m_ifree); > cnt->freedata = percpu_counter_read_positive(&mp->m_fdblocks) - > diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c > index e6a62f765422..1b7652af5ee5 100644 > --- a/fs/xfs/xfs_icache.c > +++ b/fs/xfs/xfs_icache.c > @@ -195,6 +195,18 @@ xfs_perag_clear_reclaim_tag( > trace_xfs_perag_clear_reclaim(mp, pag->pag_agno, -1, _RET_IP_); > } > > +static void > +__xfs_inode_set_reclaim_tag( > + struct xfs_perag *pag, > + struct xfs_inode *ip) > +{ > + struct xfs_mount *mp = ip->i_mount; > + > + radix_tree_tag_set(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ip->i_ino), > + XFS_ICI_RECLAIM_TAG); > + xfs_perag_set_reclaim_tag(pag); > + __xfs_iflags_set(ip, XFS_IRECLAIMABLE); > +} > > /* > * We set the inode flag atomically with the radix tree tag. > @@ -212,10 +224,7 @@ xfs_inode_set_reclaim_tag( > spin_lock(&pag->pag_ici_lock); > spin_lock(&ip->i_flags_lock); > > - radix_tree_tag_set(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ip->i_ino), > - XFS_ICI_RECLAIM_TAG); > - xfs_perag_set_reclaim_tag(pag); > - __xfs_iflags_set(ip, XFS_IRECLAIMABLE); > + __xfs_inode_set_reclaim_tag(pag, ip); > > spin_unlock(&ip->i_flags_lock); > spin_unlock(&pag->pag_ici_lock); First thought: rename xfs_inode_set_reclaim_tag() to xfs_inode_set_reclaim_tag_locked(), leave the guts as xfs_inode_set_reclaim_tag(). > @@ -233,6 +242,94 @@ xfs_inode_clear_reclaim_tag( > xfs_perag_clear_reclaim_tag(pag); > } > > +/* Queue a new inode gc pass if there are inodes needing inactivation. */ > +static void > +xfs_inodegc_queue( > + struct xfs_mount *mp) > +{ > + rcu_read_lock(); > + if (radix_tree_tagged(&mp->m_perag_tree, XFS_ICI_INACTIVE_TAG)) > + queue_delayed_work(mp->m_gc_workqueue, &mp->m_inodegc_work, > + 2 * HZ); > + rcu_read_unlock(); > +} Why half a second and not something referenced against the inode reclaim/sync period? > +/* Remember that an AG has one more inode to inactivate. */ > +static void > +xfs_perag_set_inactive_tag( > + struct xfs_perag *pag) > +{ > + struct xfs_mount *mp = pag->pag_mount; > + > + lockdep_assert_held(&pag->pag_ici_lock); > + if (pag->pag_ici_inactive++) > + return; > + > + /* propagate the inactive tag up into the perag radix tree */ > + spin_lock(&mp->m_perag_lock); > + radix_tree_tag_set(&mp->m_perag_tree, pag->pag_agno, > + XFS_ICI_INACTIVE_TAG); > + spin_unlock(&mp->m_perag_lock); > + > + /* schedule periodic background inode inactivation */ > + xfs_inodegc_queue(mp); > + > + trace_xfs_perag_set_inactive(mp, pag->pag_agno, -1, _RET_IP_); > +} > + > +/* Set this inode's inactive tag and set the per-AG tag. */ > +void > +xfs_inode_set_inactive_tag( > + struct xfs_inode *ip) > +{ > + struct xfs_mount *mp = ip->i_mount; > + struct xfs_perag *pag; > + > + pag = xfs_perag_get(mp, XFS_INO_TO_AGNO(mp, ip->i_ino)); > + spin_lock(&pag->pag_ici_lock); > + spin_lock(&ip->i_flags_lock); > + > + radix_tree_tag_set(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ip->i_ino), > + XFS_ICI_INACTIVE_TAG); > + xfs_perag_set_inactive_tag(pag); > + __xfs_iflags_set(ip, XFS_NEED_INACTIVE); > + > + spin_unlock(&ip->i_flags_lock); > + spin_unlock(&pag->pag_ici_lock); > + xfs_perag_put(pag); > +} > + > +/* Remember that an AG has one less inode to inactivate. */ > +static void > +xfs_perag_clear_inactive_tag( > + struct xfs_perag *pag) > +{ > + struct xfs_mount *mp = pag->pag_mount; > + > + lockdep_assert_held(&pag->pag_ici_lock); > + if (--pag->pag_ici_inactive) > + return; > + > + /* clear the inactive tag from the perag radix tree */ > + spin_lock(&mp->m_perag_lock); > + radix_tree_tag_clear(&mp->m_perag_tree, pag->pag_agno, > + XFS_ICI_INACTIVE_TAG); > + spin_unlock(&mp->m_perag_lock); > + trace_xfs_perag_clear_inactive(mp, pag->pag_agno, -1, _RET_IP_); > +} > + > +/* Clear this inode's inactive tag and try to clear the AG's. */ > +STATIC void static > +xfs_inode_clear_inactive_tag( > + struct xfs_perag *pag, > + xfs_ino_t ino) > +{ > + radix_tree_tag_clear(&pag->pag_ici_root, > + XFS_INO_TO_AGINO(pag->pag_mount, ino), > + XFS_ICI_INACTIVE_TAG); > + xfs_perag_clear_inactive_tag(pag); > +} These are just straight copies of the reclaim tag code. Do you have a plan for factoring these into a single implementation to clean this up? Something like this: static void xfs_inode_clear_tag( struct xfs_perag *pag, xfs_ino_t ino, int tag) { struct xfs_mount *mp = pag->pag_mount; lockdep_assert_held(&pag->pag_ici_lock); radix_tree_tag_clear(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ino), tag); switch(tag) { case XFS_ICI_INACTIVE_TAG: if (--pag->pag_ici_inactive) return; break; case XFS_ICI_RECLAIM_TAG: if (--pag->pag_ici_reclaim) return; break; default: ASSERT(0); return; } spin_lock(&mp->m_perag_lock); radix_tree_tag_clear(&mp->m_perag_tree, pag->pag_agno, tag); spin_unlock(&mp->m_perag_lock); } As a followup patch? The set tag case looks similarly easy to make generic... > + > static void > xfs_inew_wait( > struct xfs_inode *ip) > @@ -298,6 +395,13 @@ xfs_iget_check_free_state( > struct xfs_inode *ip, > int flags) > { > + /* > + * Unlinked inodes awaiting inactivation must not be reused until we > + * have a chance to clear the on-disk metadata. > + */ > + if (VFS_I(ip)->i_nlink == 0 && (ip->i_flags & XFS_NEED_INACTIVE)) > + return -ENOENT; > + > if (flags & XFS_IGET_CREATE) { > /* should be a free inode */ > if (VFS_I(ip)->i_mode != 0) { How do we get here with an XFS_NEED_INACTIVE inode? xfs_iget_check_free_state() is only called from the cache miss path, but we should never get here with a cached inode that is awaiting inactivation... > @@ -323,6 +427,67 @@ xfs_iget_check_free_state( > return 0; > } > > +/* > + * We've torn down the VFS part of this NEED_INACTIVE inode, so we need to get > + * it back into working state. > + */ > +static int > +xfs_iget_inactive( > + struct xfs_perag *pag, > + struct xfs_inode *ip) > +{ > + struct xfs_mount *mp = ip->i_mount; > + struct inode *inode = VFS_I(ip); > + int error; > + > + error = xfs_reinit_inode(mp, inode); > + if (error) { > + bool wake; > + /* > + * Re-initializing the inode failed, and we are in deep > + * trouble. Try to re-add it to the inactive list. > + */ > + rcu_read_lock(); > + spin_lock(&ip->i_flags_lock); > + wake = !!__xfs_iflags_test(ip, XFS_INEW); > + ip->i_flags &= ~(XFS_INEW | XFS_INACTIVATING); > + if (wake) > + wake_up_bit(&ip->i_flags, __XFS_INEW_BIT); > + ASSERT(ip->i_flags & XFS_NEED_INACTIVE); > + trace_xfs_iget_inactive_fail(ip); > + spin_unlock(&ip->i_flags_lock); > + rcu_read_unlock(); > + return error; > + } > + > + spin_lock(&pag->pag_ici_lock); > + spin_lock(&ip->i_flags_lock); > + > + /* > + * Clear the per-lifetime state in the inode as we are now effectively > + * a new inode and need to return to the initial state before reuse > + * occurs. > + */ > + ip->i_flags &= ~XFS_IRECLAIM_RESET_FLAGS; > + ip->i_flags |= XFS_INEW; > + xfs_inode_clear_inactive_tag(pag, ip->i_ino); > + inode->i_state = I_NEW; > + ip->i_sick = 0; > + ip->i_checked = 0; > + > + ASSERT(!rwsem_is_locked(&inode->i_rwsem)); > + init_rwsem(&inode->i_rwsem); > + > + spin_unlock(&ip->i_flags_lock); > + spin_unlock(&pag->pag_ici_lock); > + > + /* > + * Reattach dquots since we might have removed them when we put this > + * inode on the inactivation list. > + */ > + return xfs_qm_dqattach(ip); > +} Ah, we don't actually perform any of the inactivation stuff here, so we could be returning a unlinked inode that hasn't had it's data or attribute forks truncated away at this point. That seems... wrong. Also, this is largely a copy/paste of the XFS_IRECLAIMABLE reuse code path... ..... > @@ -713,6 +904,43 @@ xfs_icache_inode_is_allocated( > return 0; > } > > +/* > + * Grab the inode for inactivation exclusively. > + * Return true if we grabbed it. > + */ > +static bool > +xfs_inactive_grab( > + struct xfs_inode *ip) > +{ > + ASSERT(rcu_read_lock_held()); > + > + /* quick check for stale RCU freed inode */ > + if (!ip->i_ino) > + return false; > + > + /* > + * The radix tree lock here protects a thread in xfs_iget from racing > + * with us starting reclaim on the inode. > + * > + * Due to RCU lookup, we may find inodes that have been freed and only > + * have XFS_IRECLAIM set. Indeed, we may see reallocated inodes that > + * aren't candidates for reclaim at all, so we must check the > + * XFS_IRECLAIMABLE is set first before proceeding to reclaim. > + * Obviously if XFS_NEED_INACTIVE isn't set then we ignore this inode. > + */ > + spin_lock(&ip->i_flags_lock); > + if (!(ip->i_flags & XFS_NEED_INACTIVE) || > + (ip->i_flags & XFS_INACTIVATING)) { > + /* not a inactivation candidate. */ > + spin_unlock(&ip->i_flags_lock); > + return false; > + } > + > + ip->i_flags |= XFS_INACTIVATING; > + spin_unlock(&ip->i_flags_lock); > + return true; > +} > + > /* > * The inode lookup is done in batches to keep the amount of lock traffic and > * radix tree lookups to a minimum. The batch size is a trade off between > @@ -736,6 +964,9 @@ xfs_inode_walk_ag_grab( > > ASSERT(rcu_read_lock_held()); > > + if (flags & XFS_INODE_WALK_INACTIVE) > + return xfs_inactive_grab(ip); > + Hmmm. This doesn't actually grab the inode. It's an unreferenced inode walk, in a function that assumes that the grab() call returns a referenced inode. Why isn't this using the inode reclaim walk which is intended to walk unreferenced inodes? > /* Check for stale RCU freed inode */ > spin_lock(&ip->i_flags_lock); > if (!ip->i_ino) > @@ -743,7 +974,8 @@ xfs_inode_walk_ag_grab( > > /* avoid new or reclaimable inodes. Leave for reclaim code to flush */ > if ((!newinos && __xfs_iflags_test(ip, XFS_INEW)) || > - __xfs_iflags_test(ip, XFS_IRECLAIMABLE | XFS_IRECLAIM)) > + __xfs_iflags_test(ip, XFS_IRECLAIMABLE | XFS_IRECLAIM | > + XFS_NEED_INACTIVE | XFS_INACTIVATING)) Comment needs updating. Also need a mask define here... > goto out_unlock_noent; > spin_unlock(&ip->i_flags_lock); > > @@ -848,7 +1080,8 @@ xfs_inode_walk_ag( > xfs_iflags_test(batch[i], XFS_INEW)) > xfs_inew_wait(batch[i]); > error = execute(batch[i], args); > - xfs_irele(batch[i]); > + if (!(iter_flags & XFS_INODE_WALK_INACTIVE)) > + xfs_irele(batch[i]); > if (error == -EAGAIN) { > skipped++; > continue; Hmmmm. > + > +/* > + * Deferred Inode Inactivation > + * =========================== > + * > + * Sometimes, inodes need to have work done on them once the last program has > + * closed the file. Typically this means cleaning out any leftover post-eof or > + * CoW staging blocks for linked files. For inodes that have been totally > + * unlinked, this means unmapping data/attr/cow blocks, removing the inode > + * from the unlinked buckets, and marking it free in the inobt and inode table. > + * > + * This process can generate many metadata updates, which shows up as close() > + * and unlink() calls that take a long time. We defer all that work to a > + * per-AG workqueue which means that we can batch a lot of work and do it in > + * inode order for better performance. Furthermore, we can control the > + * workqueue, which means that we can avoid doing inactivation work at a bad > + * time, such as when the fs is frozen. > + * > + * Deferred inactivation introduces new inode flag states (NEED_INACTIVE and > + * INACTIVATING) and adds a new INACTIVE radix tree tag for fast access. We > + * maintain separate perag counters for both types, and move counts as inodes > + * wander the state machine, which now works as follows: > + * > + * If the inode needs inactivation, we: > + * - Set the NEED_INACTIVE inode flag > + * - Increment the per-AG inactive count > + * - Set the INACTIVE tag in the per-AG inode tree > + * - Set the INACTIVE tag in the per-fs AG tree > + * - Schedule background inode inactivation > + * > + * If the inode does not need inactivation, we: > + * - Set the RECLAIMABLE inode flag > + * - Increment the per-AG reclaim count > + * - Set the RECLAIM tag in the per-AG inode tree > + * - Set the RECLAIM tag in the per-fs AG tree > + * - Schedule background inode reclamation > + * > + * When it is time for background inode inactivation, we: > + * - Set the INACTIVATING inode flag > + * - Make all the on-disk updates > + * - Clear both INACTIVATING and NEED_INACTIVE inode flags > + * - Decrement the per-AG inactive count > + * - Clear the INACTIVE tag in the per-AG inode tree > + * - Clear the INACTIVE tag in the per-fs AG tree if that was the last one > + * - Kick the inode into reclamation per the previous paragraph. I suspect this needs to set the IRECLAIMABLE flag before it clears the INACTIVE flags so that inode_ag_walk() doesn't find it in a transient state. Hmmm - that may be why you factored the reclaim flag setting functions? > + * > + * When it is time for background inode reclamation, we: > + * - Set the IRECLAIM inode flag > + * - Detach all the resources and remove the inode from the per-AG inode tree > + * - Clear both IRECLAIM and RECLAIMABLE inode flags > + * - Decrement the per-AG reclaim count > + * - Clear the RECLAIM tag from the per-AG inode tree > + * - Clear the RECLAIM tag from the per-fs AG tree if there are no more > + * inodes waiting for reclamation or inactivation > + * > + * Note that xfs_inodegc_queue and xfs_inactive_grab are further up in > + * the source code so that we avoid static function declarations. > + */ > + > +/* Inactivate this inode. */ > +STATIC int static > +xfs_inactive_inode( > + struct xfs_inode *ip, > + void *args) > +{ > + struct xfs_eofblocks *eofb = args; > + struct xfs_perag *pag; > + > + ASSERT(ip->i_mount->m_super->s_writers.frozen < SB_FREEZE_FS); What condition is this trying to catch? It's something to do with freeze, but you haven't documented what happens to inodes with pending inactivation when a freeze is started.... > + > + /* > + * Not a match for our passed in scan filter? Put it back on the shelf > + * and move on. > + */ > + spin_lock(&ip->i_flags_lock); > + if (!xfs_inode_matches_eofb(ip, eofb)) { > + ip->i_flags &= ~XFS_INACTIVATING; > + spin_unlock(&ip->i_flags_lock); > + return 0; > + } > + spin_unlock(&ip->i_flags_lock); IDGI. What do EOF blocks have to do with running inode inactivation on this inode? > + > + trace_xfs_inode_inactivating(ip); > + > + xfs_inactive(ip); > + ASSERT(XFS_FORCED_SHUTDOWN(ip->i_mount) || ip->i_delayed_blks == 0); > + > + /* > + * Clear the inactive state flags and schedule a reclaim run once > + * we're done with the inactivations. We must ensure that the inode > + * smoothly transitions from inactivating to reclaimable so that iget > + * cannot see either data structure midway through the transition. > + */ > + pag = xfs_perag_get(ip->i_mount, > + XFS_INO_TO_AGNO(ip->i_mount, ip->i_ino)); > + spin_lock(&pag->pag_ici_lock); > + spin_lock(&ip->i_flags_lock); > + > + ip->i_flags &= ~(XFS_NEED_INACTIVE | XFS_INACTIVATING); > + xfs_inode_clear_inactive_tag(pag, ip->i_ino); > + > + __xfs_inode_set_reclaim_tag(pag, ip); > + > + spin_unlock(&ip->i_flags_lock); > + spin_unlock(&pag->pag_ici_lock); > + xfs_perag_put(pag); > + > + return 0; > +} /me wonders if we really need a separate radix tree tag for inactivation. > +/* > + * Walk the AGs and reclaim the inodes in them. Even if the filesystem is > + * corrupted, we still need to clear the INACTIVE iflag so that we can move > + * on to reclaiming the inode. > + */ > +static int > +xfs_inodegc_free_space( > + struct xfs_mount *mp, > + struct xfs_eofblocks *eofb) > +{ > + return xfs_inode_walk(mp, XFS_INODE_WALK_INACTIVE, > + xfs_inactive_inode, eofb, XFS_ICI_INACTIVE_TAG); > +} This could call the unreferenced reclaim AG walker now that all the reclaim throttling stuff has been removed from it... > +/* Try to get inode inactivation moving. */ > +void > +xfs_inodegc_worker( > + struct work_struct *work) > +{ > + struct xfs_mount *mp = container_of(to_delayed_work(work), > + struct xfs_mount, m_inodegc_work); > + int error; > + > + /* > + * We want to skip inode inactivation while the filesystem is frozen > + * because we don't want the inactivation thread to block while taking > + * sb_intwrite. Therefore, we try to take sb_write for the duration > + * of the inactive scan -- a freeze attempt will block until we're > + * done here, and if the fs is past stage 1 freeze we'll bounce out > + * until things unfreeze. If the fs goes down while frozen we'll > + * still have log recovery to clean up after us. > + */ > + if (!sb_start_write_trylock(mp->m_super)) > + return; > + > + error = xfs_inodegc_free_space(mp, NULL); > + if (error && error != -EAGAIN) > + xfs_err(mp, "inode inactivation failed, error %d", error); > + > + sb_end_write(mp->m_super); > + xfs_inodegc_queue(mp); Ok.... The way we've done this with other workqueue based background work is that the freeze flushes and stops the workqueue, then restarts it once the filesystem is thawed. This takes all the need for the background work to have to run the freeze gaunlet.... > +} > + > +/* Force all queued inode inactivation work to run immediately. */ > +void > +xfs_inodegc_force( > + struct xfs_mount *mp) > +{ > + /* > + * In order to reset the delay timer to run immediately, we have to > + * cancel the work item and requeue it with a zero timer value. We > + * don't care if the worker races with our requeue, because at worst > + * we iterate the radix tree and find no inodes to inactivate. > + */ > + if (!cancel_delayed_work(&mp->m_inodegc_work)) > + return; We do? I thought we could mod the timer. Yeah: mod_delayed_work(mp->m_gc_workqueue, &mp->m_inodegc_work, 0); will trigger the delayed work to run immediately... > + > + queue_delayed_work(mp->m_gc_workqueue, &mp->m_inodegc_work, 0); > + flush_delayed_work(&mp->m_inodegc_work); > +} Yeah, that's a flush operation, not a force :) > +/* Stop all queued inactivation work. */ > +void > +xfs_inodegc_stop( > + struct xfs_mount *mp) > +{ > + cancel_delayed_work_sync(&mp->m_inodegc_work); > +} Should this flush first? i.e. it will cancel pending work, but if there is work running, it will wait for it to complete. Do we want the queued work run before stopping, or just kill it dead? > diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c > index 65897cb0cf2a..f20694f220c8 100644 > --- a/fs/xfs/xfs_inode.c > +++ b/fs/xfs/xfs_inode.c > @@ -1665,6 +1665,35 @@ xfs_inactive_ifree( > return 0; > } > > +/* Prepare inode for inactivation. */ > +void > +xfs_inode_inactivation_prep( > + struct xfs_inode *ip) > +{ > + if (XFS_FORCED_SHUTDOWN(ip->i_mount)) > + return; > + > + /* > + * If this inode is unlinked (and now unreferenced) we need to dispose > + * of it in the on disk metadata. > + * > + * Change the generation so that the inode can't be opened by handle > + * now that the last external references has dropped. Bulkstat won't > + * return inodes with zero nlink so nobody will ever find this inode > + * again. Then add this inode & blocks to the counts of things that > + * will be freed during the next inactivation run. > + */ > + if (VFS_I(ip)->i_nlink == 0) > + VFS_I(ip)->i_generation = prandom_u32(); open by handle interfaces should not be able to open inodes that have a zero nlink, hence I'm not sure what changing the generation number actually buys us here... If we can open nlink = 0 files via handles, then I think we've got a bug or two to fix.... > + /* > + * Detach dquots just in case someone tries a quotaoff while the inode > + * is waiting on the inactive list. We'll reattach them (if needed) > + * when inactivating the inode. > + */ > + xfs_qm_dqdetach(ip); > +} I think the dquot handling needs better documentation as it impacts on the life cycle and interactions of dquots... > diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c > index 97f31308de03..b03b127e34cc 100644 > --- a/fs/xfs/xfs_log_recover.c > +++ b/fs/xfs/xfs_log_recover.c > @@ -2792,6 +2792,13 @@ xlog_recover_process_iunlinks( > } > xfs_buf_rele(agibp); > } > + > + /* > + * Now that we've put all the iunlink inodes on the lru, let's make > + * sure that we perform all the on-disk metadata updates to actually > + * free those inodes. > + */ What LRU are we putting these inodes on? They are evicted from cache immediately. A comment simply to say: /* * Flush the pending unlinked inodes to ensure they are * fully completed on disk and can be reclaimed before we * signal that recovery is complete. */ > + xfs_inodegc_force(mp); > } > > STATIC void ..... > diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c > index 1c97b155a8ee..cd015e3d72fc 100644 > --- a/fs/xfs/xfs_mount.c > +++ b/fs/xfs/xfs_mount.c > @@ -640,6 +640,10 @@ xfs_check_summary_counts( > * so we need to unpin them, write them back and/or reclaim them before unmount > * can proceed. > * > + * Start the process by pushing all inodes through the inactivation process > + * so that all file updates to on-disk metadata can be flushed with the log. > + * After the AIL push, all inodes should be ready for reclamation. > + * > * An inode cluster that has been freed can have its buffer still pinned in > * memory because the transaction is still sitting in a iclog. The stale inodes > * on that buffer will be pinned to the buffer until the transaction hits the > @@ -663,6 +667,7 @@ static void > xfs_unmount_flush_inodes( > struct xfs_mount *mp) > { > + xfs_inodegc_force(mp); > xfs_log_force(mp, XFS_LOG_SYNC); > xfs_extent_busy_wait_all(mp); > flush_workqueue(xfs_discard_wq); > @@ -670,6 +675,7 @@ xfs_unmount_flush_inodes( > mp->m_flags |= XFS_MOUNT_UNMOUNTING; > > xfs_ail_push_all_sync(mp->m_ail); > + xfs_inodegc_stop(mp); That looks wrong. Stopping the background inactivation should be done before we flush the AIL because bacground inactivation dirties inodes. So we should be stopping the inodegc the moment we've finished flushing out all the pending inactivations... Hmm. xfs_unmount_flush_inodes() doesn't ring a bell with me, and it's not in the current tree. Did I miss this in an earlier patch in this patchset, or something else? > cancel_delayed_work_sync(&mp->m_reclaim_work); > xfs_reclaim_inodes(mp); > xfs_health_unmount(mp); > @@ -1095,6 +1101,13 @@ xfs_unmountfs( > uint64_t resblks; > int error; > > + /* > + * Perform all on-disk metadata updates required to inactivate inodes. > + * Since this can involve finobt updates, do it now before we lose the > + * per-AG space reservations. > + */ > + xfs_inodegc_force(mp); > + I can't tell why this is necessary given what xfs_unmount_flush_inodes() does. Or, alternatively, why xfs_unmount_flush_inodes() can do what it does without caring about per-ag space reservations.... > diff --git a/fs/xfs/xfs_qm_syscalls.c b/fs/xfs/xfs_qm_syscalls.c > index ca1b57d291dc..0f9a1450fe0e 100644 > --- a/fs/xfs/xfs_qm_syscalls.c > +++ b/fs/xfs/xfs_qm_syscalls.c > @@ -104,6 +104,12 @@ xfs_qm_scall_quotaoff( > uint inactivate_flags; > struct xfs_qoff_logitem *qoffstart = NULL; > > + /* > + * Clean up the inactive list before we turn quota off, to reduce the > + * amount of quotaoff work we have to do with the mutex held. > + */ > + xfs_inodegc_force(mp); > + Hmmm. why not just stop background inactivation altogether while quotaoff runs? i.e. just do normal, inline inactivation when quotaoff is running, and then we can get rid of the whole "drop dquot references" issue that background inactivation has... > diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c > index e774358383d6..8d0142487fc7 100644 > --- a/fs/xfs/xfs_super.c > +++ b/fs/xfs/xfs_super.c > @@ -637,28 +637,34 @@ xfs_fs_destroy_inode( > struct inode *inode) > { > struct xfs_inode *ip = XFS_I(inode); > + struct xfs_mount *mp = ip->i_mount; > + bool need_inactive; > > trace_xfs_destroy_inode(ip); > > ASSERT(!rwsem_is_locked(&inode->i_rwsem)); > - XFS_STATS_INC(ip->i_mount, vn_rele); > - XFS_STATS_INC(ip->i_mount, vn_remove); > + XFS_STATS_INC(mp, vn_rele); > + XFS_STATS_INC(mp, vn_remove); > > - xfs_inactive(ip); > - > - if (!XFS_FORCED_SHUTDOWN(ip->i_mount) && ip->i_delayed_blks) { > + need_inactive = xfs_inode_needs_inactivation(ip); > + if (need_inactive) { > + trace_xfs_inode_set_need_inactive(ip); > + xfs_inode_inactivation_prep(ip); > + } else if (!XFS_FORCED_SHUTDOWN(ip->i_mount) && ip->i_delayed_blks) { > xfs_check_delalloc(ip, XFS_DATA_FORK); > xfs_check_delalloc(ip, XFS_COW_FORK); > ASSERT(0); > } Isn't this i_delayed_blks check still valid even for indoes that need background invalidation? i.e. all dirty data has been flushed at this point, and so i_delayed_blks should be zero for all inodes regardless of whether then need inactivation or not.... > - > - XFS_STATS_INC(ip->i_mount, vn_reclaim); > + XFS_STATS_INC(mp, vn_reclaim); > + trace_xfs_inode_set_reclaimable(ip); > > /* > * We should never get here with one of the reclaim flags already set. > */ > ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_IRECLAIMABLE)); > ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_IRECLAIM)); > + ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_NEED_INACTIVE)); > + ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_INACTIVATING)); This should probably be opencoded instead of taking the flags spinlock 4 times... > > /* > * We always use background reclaim here because even if the inode is > @@ -667,7 +673,10 @@ xfs_fs_destroy_inode( > * reclaim path handles this more efficiently than we can here, so > * simply let background reclaim tear down all inodes. > */ > - xfs_inode_set_reclaim_tag(ip); > + if (need_inactive) > + xfs_inode_set_inactive_tag(ip); > + else > + xfs_inode_set_reclaim_tag(ip); > } > > static void > @@ -797,6 +806,13 @@ xfs_fs_statfs( > xfs_extlen_t lsize; > int64_t ffree; > > + /* > + * Process all the queued file and speculative preallocation cleanup so > + * that the counter values we report here do not incorporate any > + * resources that were previously deleted. > + */ > + xfs_inodegc_force(mp); Same comment as for xfs_fs_counts().... > + > statp->f_type = XFS_SUPER_MAGIC; > statp->f_namelen = MAXNAMELEN - 1; > > @@ -911,6 +927,18 @@ xfs_fs_unfreeze( > return 0; > } > > +/* > + * Before we get to stage 1 of a freeze, force all the inactivation work so > + * that there's less work to do if we crash during the freeze. > + */ > +STATIC int > +xfs_fs_freeze_super( > + struct super_block *sb) > +{ > + xfs_inodegc_force(XFS_M(sb)); > + return freeze_super(sb); > +} Yeah, definitely need a description of freeze interactions... > @@ -1720,6 +1749,13 @@ xfs_remount_ro( > return error; > } > > + /* > + * Perform all on-disk metadata updates required to inactivate inodes. > + * Since this can involve finobt updates, do it now before we lose the > + * per-AG space reservations. > + */ > + xfs_inodegc_force(mp); Should we stop background inactivation, because we can't make modifications anymore and hence background inactication makes little sense... Cheers, Dave.
On Tue, Mar 23, 2021 at 12:44:17PM +1100, Dave Chinner wrote: > On Wed, Mar 10, 2021 at 07:06:13PM -0800, Darrick J. Wong wrote: > > From: Darrick J. Wong <djwong@kernel.org> > > > > Instead of calling xfs_inactive directly from xfs_fs_destroy_inode, > > defer the inactivation phase to a separate workqueue. With this we > > avoid blocking memory reclaim on filesystem metadata updates that are > > necessary to free an in-core inode, such as post-eof block freeing, COW > > staging extent freeing, and truncating and freeing unlinked inodes. Now > > that work is deferred to a workqueue where we can do the freeing in > > batches. > > > > We introduce two new inode flags -- NEEDS_INACTIVE and INACTIVATING. > > The first flag helps our worker find inodes needing inactivation, and > > the second flag marks inodes that are in the process of being > > inactivated. A concurrent xfs_iget on the inode can still resurrect the > > inode by clearing NEEDS_INACTIVE (or bailing if INACTIVATING is set). > > > > Unfortunately, deferring the inactivation has one huge downside -- > > eventual consistency. Since all the freeing is deferred to a worker > > thread, one can rm a file but the space doesn't come back immediately. > > This can cause some odd side effects with quota accounting and statfs, > > so we also force inactivation scans in order to maintain the existing > > behaviors, at least outwardly. > > > > For this patch we'll set the delay to zero to mimic the old timing as > > much as possible; in the next patch we'll play with different delay > > settings. > > > > Signed-off-by: Darrick J. Wong <djwong@kernel.org> > .... > > diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c > > index a2a407039227..3a3baf56198b 100644 > > --- a/fs/xfs/xfs_fsops.c > > +++ b/fs/xfs/xfs_fsops.c > > @@ -19,6 +19,8 @@ > > #include "xfs_log.h" > > #include "xfs_ag.h" > > #include "xfs_ag_resv.h" > > +#include "xfs_inode.h" > > +#include "xfs_icache.h" > > > > /* > > * growfs operations > > @@ -290,6 +292,13 @@ xfs_fs_counts( > > xfs_mount_t *mp, > > xfs_fsop_counts_t *cnt) > > { > > + /* > > + * Process all the queued file and speculative preallocation cleanup so > > + * that the counter values we report here do not incorporate any > > + * resources that were previously deleted. > > + */ > > + xfs_inodegc_force(mp); > > xfs_fs_counts() is supposed to be a quick, non-blocking summary of > the state - it can never supply userspace with accurate values > because they are wrong even before the ioctl returns to userspace. > Hence we do not attempt to make them correct, just use a fast, point > in time sample of the current counter values. > > So this seems like an unnecessarily heavyweight operation > to add to this function.... I agree, xfs_inodegc_force is a heavyweight operation to add to statvfs and (further down) the quota reporting ioctl. I added these calls to maintain the user-visible behavior that one can df a mount, rm -rf a 30T directory tree, df again, and observe a 30T difference in available space between the two df calls. There are a lot of fstests that require this kind of behavior to pass. In my internal testing without this bit applied, I also got complaints about breaking the user-behavior of XFS that people have gotten used to. Earlier revisions of this patchset tried to maintain counts of the resources used by the inactivated inode so that we could adjust the values reported by statvfs and the quota reporting ioctl. This meant we didn't have to delay either call at all, but it turns out that it's not feasible to maintain an accurate count of inactive resources because any resources that are shared at destroy_inode time cannot become part of this liar counter and consulting the refcountbt to decide which extents should be added just makes unlinking even slower. Worse yet, unsharing of shared blocks attached to queued inactive inodes implies either that we have to update the liar counter or that we have to be ok with the free block count fluctuating for a while after a deletion if that deletion ends up freeing more space than the liar counter thinks we can free by flushing inactivation. Hmm, maybe this could maintain an approxiate liar counter and only flush inactivation when the liar counter would cause us to be off by more than some configurable amount? The fstests that care about free space accounting are not going to be happy since they are measured with very tight tolerances. > Also, I don't like the word "force" in functions like this: force it > to do what, exactly? If you want a queue flush, then > xfs_inodegc_flush() matches with how flush_workqueue() works... Yes, I like that name better. xfs_inodegc_force it is. > > > cnt->allocino = percpu_counter_read_positive(&mp->m_icount); > > cnt->freeino = percpu_counter_read_positive(&mp->m_ifree); > > cnt->freedata = percpu_counter_read_positive(&mp->m_fdblocks) - > > diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c > > index e6a62f765422..1b7652af5ee5 100644 > > --- a/fs/xfs/xfs_icache.c > > +++ b/fs/xfs/xfs_icache.c > > @@ -195,6 +195,18 @@ xfs_perag_clear_reclaim_tag( > > trace_xfs_perag_clear_reclaim(mp, pag->pag_agno, -1, _RET_IP_); > > } > > > > +static void > > +__xfs_inode_set_reclaim_tag( > > + struct xfs_perag *pag, > > + struct xfs_inode *ip) > > +{ > > + struct xfs_mount *mp = ip->i_mount; > > + > > + radix_tree_tag_set(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ip->i_ino), > > + XFS_ICI_RECLAIM_TAG); > > + xfs_perag_set_reclaim_tag(pag); > > + __xfs_iflags_set(ip, XFS_IRECLAIMABLE); > > +} > > > > /* > > * We set the inode flag atomically with the radix tree tag. > > @@ -212,10 +224,7 @@ xfs_inode_set_reclaim_tag( > > spin_lock(&pag->pag_ici_lock); > > spin_lock(&ip->i_flags_lock); > > > > - radix_tree_tag_set(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ip->i_ino), > > - XFS_ICI_RECLAIM_TAG); > > - xfs_perag_set_reclaim_tag(pag); > > - __xfs_iflags_set(ip, XFS_IRECLAIMABLE); > > + __xfs_inode_set_reclaim_tag(pag, ip); > > > > spin_unlock(&ip->i_flags_lock); > > spin_unlock(&pag->pag_ici_lock); > > First thought: rename xfs_inode_set_reclaim_tag() to > xfs_inode_set_reclaim_tag_locked(), leave the guts as > xfs_inode_set_reclaim_tag(). > > > @@ -233,6 +242,94 @@ xfs_inode_clear_reclaim_tag( > > xfs_perag_clear_reclaim_tag(pag); > > } > > > > +/* Queue a new inode gc pass if there are inodes needing inactivation. */ > > +static void > > +xfs_inodegc_queue( > > + struct xfs_mount *mp) > > +{ > > + rcu_read_lock(); > > + if (radix_tree_tagged(&mp->m_perag_tree, XFS_ICI_INACTIVE_TAG)) > > + queue_delayed_work(mp->m_gc_workqueue, &mp->m_inodegc_work, > > + 2 * HZ); > > + rcu_read_unlock(); > > +} > > Why half a second and not something referenced against the inode > reclaim/sync period? It's actually 2 seconds, and the next patch adds a knob to tweak the default value. The first version of this patchset from 2017 actually did just use (6 * xfs_syncd_centisecs / 10) like reclaim does. This turned out to be pretty foolish because that meant that reclaim and inactivation would start at the same time, and because inactivation is slow, most of them would miss the reclaim window and sit around pointlessly until the next one. The next iteration from mid 2019 changed this to (xfs_syncd_centisecs/5) which fixed that, but large deltree storms could lead to so many inodes being inactivated that we'd still miss the reclaim window sometimes. Around this time I got my djwong-dev tree hooked up to the ktest robot and it started complaining about performance regressions and noticeably higher slab usage for xfs inodes and log items. The next time I got back to this was shortly after Dave cleaned up the reclaim behavior (2020) to be driven by the AIL, which mostly fixed the performance complaints, except for the one about AIM7. I was intrigued enough by this to instrument the patchset and fstests and the fstests cloud hosts <cough> to see if I could derive a reasonable default value. I've observed through experimentation that 2 seconds seems like a good default value -- it's long enough to enable a lot of batching of inactive inodes, but short enough that the background thread can throttle the foreground threads by competing for the log grant heads. I also noticed that the amount of overhead introduced by background inactivation (as measured by fstests run times and other <cough> performance tests) ranged from minimal at 0 seconds to about 20% at (6*xfs_syncd_centisecs/10). Honestly, this could just be zero. Assuming your distro has power efficient workqueues enabled, the ~4-10ms delay introduced by that is enough to realize some batching advantage with zero noticeable effect on performance. > > +/* Remember that an AG has one more inode to inactivate. */ > > +static void > > +xfs_perag_set_inactive_tag( > > + struct xfs_perag *pag) > > +{ > > + struct xfs_mount *mp = pag->pag_mount; > > + > > + lockdep_assert_held(&pag->pag_ici_lock); > > + if (pag->pag_ici_inactive++) > > + return; > > + > > + /* propagate the inactive tag up into the perag radix tree */ > > + spin_lock(&mp->m_perag_lock); > > + radix_tree_tag_set(&mp->m_perag_tree, pag->pag_agno, > > + XFS_ICI_INACTIVE_TAG); > > + spin_unlock(&mp->m_perag_lock); > > + > > + /* schedule periodic background inode inactivation */ > > + xfs_inodegc_queue(mp); > > + > > + trace_xfs_perag_set_inactive(mp, pag->pag_agno, -1, _RET_IP_); > > +} > > + > > +/* Set this inode's inactive tag and set the per-AG tag. */ > > +void > > +xfs_inode_set_inactive_tag( > > + struct xfs_inode *ip) > > +{ > > + struct xfs_mount *mp = ip->i_mount; > > + struct xfs_perag *pag; > > + > > + pag = xfs_perag_get(mp, XFS_INO_TO_AGNO(mp, ip->i_ino)); > > + spin_lock(&pag->pag_ici_lock); > > + spin_lock(&ip->i_flags_lock); > > + > > + radix_tree_tag_set(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ip->i_ino), > > + XFS_ICI_INACTIVE_TAG); > > + xfs_perag_set_inactive_tag(pag); > > + __xfs_iflags_set(ip, XFS_NEED_INACTIVE); > > + > > + spin_unlock(&ip->i_flags_lock); > > + spin_unlock(&pag->pag_ici_lock); > > + xfs_perag_put(pag); > > +} > > + > > +/* Remember that an AG has one less inode to inactivate. */ > > +static void > > +xfs_perag_clear_inactive_tag( > > + struct xfs_perag *pag) > > +{ > > + struct xfs_mount *mp = pag->pag_mount; > > + > > + lockdep_assert_held(&pag->pag_ici_lock); > > + if (--pag->pag_ici_inactive) > > + return; > > + > > + /* clear the inactive tag from the perag radix tree */ > > + spin_lock(&mp->m_perag_lock); > > + radix_tree_tag_clear(&mp->m_perag_tree, pag->pag_agno, > > + XFS_ICI_INACTIVE_TAG); > > + spin_unlock(&mp->m_perag_lock); > > + trace_xfs_perag_clear_inactive(mp, pag->pag_agno, -1, _RET_IP_); > > +} > > + > > +/* Clear this inode's inactive tag and try to clear the AG's. */ > > +STATIC void > > static > > > +xfs_inode_clear_inactive_tag( > > + struct xfs_perag *pag, > > + xfs_ino_t ino) > > +{ > > + radix_tree_tag_clear(&pag->pag_ici_root, > > + XFS_INO_TO_AGINO(pag->pag_mount, ino), > > + XFS_ICI_INACTIVE_TAG); > > + xfs_perag_clear_inactive_tag(pag); > > +} > > These are just straight copies of the reclaim tag code. Do you have > a plan for factoring these into a single implementation to clean > this up? Something like this: > > static void > xfs_inode_clear_tag( > struct xfs_perag *pag, > xfs_ino_t ino, > int tag) > { > struct xfs_mount *mp = pag->pag_mount; > > lockdep_assert_held(&pag->pag_ici_lock); > radix_tree_tag_clear(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ino), > tag); > switch(tag) { > case XFS_ICI_INACTIVE_TAG: > if (--pag->pag_ici_inactive) > return; > break; > case XFS_ICI_RECLAIM_TAG: > if (--pag->pag_ici_reclaim) > return; > break; > default: > ASSERT(0); > return; > } > > spin_lock(&mp->m_perag_lock); > radix_tree_tag_clear(&mp->m_perag_tree, pag->pag_agno, tag); > spin_unlock(&mp->m_perag_lock); > } > > As a followup patch? The set tag case looks similarly easy to make > generic... Yeah. At this point I might as well just clean all of this up for the next revision of this series, because as I said earlier I had thought that you were still working on a second rework of reclaim. Now that I know you're not, I'll hack away at this twisty pile too. > > + > > static void > > xfs_inew_wait( > > struct xfs_inode *ip) > > @@ -298,6 +395,13 @@ xfs_iget_check_free_state( > > struct xfs_inode *ip, > > int flags) > > { > > + /* > > + * Unlinked inodes awaiting inactivation must not be reused until we > > + * have a chance to clear the on-disk metadata. > > + */ > > + if (VFS_I(ip)->i_nlink == 0 && (ip->i_flags & XFS_NEED_INACTIVE)) > > + return -ENOENT; > > + > > if (flags & XFS_IGET_CREATE) { > > /* should be a free inode */ > > if (VFS_I(ip)->i_mode != 0) { > > How do we get here with an XFS_NEED_INACTIVE inode? > xfs_iget_check_free_state() is only called from the cache miss path, You added it to xfs_iget_cache_hit in 2018, commit afca6c5b2595f... > but we should never get here with a cached inode that is awaiting > inactivation... ...which means that any xfs_iget can get ahold of an inode that's awaiting inactivation but hasn't yet started that process. It's totally valid to iget an inode that has NEED_INACTIVE set, since we use inactivation for one final gc of post-eof and COW blocks on linked files. > > @@ -323,6 +427,67 @@ xfs_iget_check_free_state( > > return 0; > > } > > > > +/* > > + * We've torn down the VFS part of this NEED_INACTIVE inode, so we need to get > > + * it back into working state. > > + */ > > +static int > > +xfs_iget_inactive( > > + struct xfs_perag *pag, > > + struct xfs_inode *ip) > > +{ > > + struct xfs_mount *mp = ip->i_mount; > > + struct inode *inode = VFS_I(ip); > > + int error; > > + > > + error = xfs_reinit_inode(mp, inode); > > + if (error) { > > + bool wake; > > + /* > > + * Re-initializing the inode failed, and we are in deep > > + * trouble. Try to re-add it to the inactive list. > > + */ > > + rcu_read_lock(); > > + spin_lock(&ip->i_flags_lock); > > + wake = !!__xfs_iflags_test(ip, XFS_INEW); > > + ip->i_flags &= ~(XFS_INEW | XFS_INACTIVATING); > > + if (wake) > > + wake_up_bit(&ip->i_flags, __XFS_INEW_BIT); > > + ASSERT(ip->i_flags & XFS_NEED_INACTIVE); > > + trace_xfs_iget_inactive_fail(ip); > > + spin_unlock(&ip->i_flags_lock); > > + rcu_read_unlock(); > > + return error; > > + } > > + > > + spin_lock(&pag->pag_ici_lock); > > + spin_lock(&ip->i_flags_lock); > > + > > + /* > > + * Clear the per-lifetime state in the inode as we are now effectively > > + * a new inode and need to return to the initial state before reuse > > + * occurs. > > + */ > > + ip->i_flags &= ~XFS_IRECLAIM_RESET_FLAGS; > > + ip->i_flags |= XFS_INEW; > > + xfs_inode_clear_inactive_tag(pag, ip->i_ino); > > + inode->i_state = I_NEW; > > + ip->i_sick = 0; > > + ip->i_checked = 0; > > + > > + ASSERT(!rwsem_is_locked(&inode->i_rwsem)); > > + init_rwsem(&inode->i_rwsem); > > + > > + spin_unlock(&ip->i_flags_lock); > > + spin_unlock(&pag->pag_ici_lock); > > + > > + /* > > + * Reattach dquots since we might have removed them when we put this > > + * inode on the inactivation list. > > + */ > > + return xfs_qm_dqattach(ip); > > +} > > Ah, we don't actually perform any of the inactivation stuff here, so > we could be returning a unlinked inode that hasn't had it's data or > attribute forks truncated away at this point. That seems... wrong. If the inode is unlinked then the code you asked about earlier in xfs_inode_check_free_state will prevent us from returning the inode. If the inode is linked, then I don't see what's wrong with returning it to userspace with speculative preallocations still attached. > Also, this is largely a copy/paste of the XFS_IRECLAIMABLE reuse > code path... Yeah, I should try to merge them. > ..... > > > @@ -713,6 +904,43 @@ xfs_icache_inode_is_allocated( > > return 0; > > } > > > > +/* > > + * Grab the inode for inactivation exclusively. > > + * Return true if we grabbed it. > > + */ > > +static bool > > +xfs_inactive_grab( > > + struct xfs_inode *ip) > > +{ > > + ASSERT(rcu_read_lock_held()); > > + > > + /* quick check for stale RCU freed inode */ > > + if (!ip->i_ino) > > + return false; > > + > > + /* > > + * The radix tree lock here protects a thread in xfs_iget from racing > > + * with us starting reclaim on the inode. > > + * > > + * Due to RCU lookup, we may find inodes that have been freed and only > > + * have XFS_IRECLAIM set. Indeed, we may see reallocated inodes that > > + * aren't candidates for reclaim at all, so we must check the > > + * XFS_IRECLAIMABLE is set first before proceeding to reclaim. > > + * Obviously if XFS_NEED_INACTIVE isn't set then we ignore this inode. > > + */ > > + spin_lock(&ip->i_flags_lock); > > + if (!(ip->i_flags & XFS_NEED_INACTIVE) || > > + (ip->i_flags & XFS_INACTIVATING)) { > > + /* not a inactivation candidate. */ > > + spin_unlock(&ip->i_flags_lock); > > + return false; > > + } > > + > > + ip->i_flags |= XFS_INACTIVATING; > > + spin_unlock(&ip->i_flags_lock); > > + return true; > > +} > > + > > /* > > * The inode lookup is done in batches to keep the amount of lock traffic and > > * radix tree lookups to a minimum. The batch size is a trade off between > > @@ -736,6 +964,9 @@ xfs_inode_walk_ag_grab( > > > > ASSERT(rcu_read_lock_held()); > > > > + if (flags & XFS_INODE_WALK_INACTIVE) > > + return xfs_inactive_grab(ip); > > + > > Hmmm. This doesn't actually grab the inode. It's an unreferenced > inode walk, in a function that assumes that the grab() call returns > a referenced inode. Why isn't this using the inode reclaim walk > which is intended to walk unreferenced inodes? Because I thought that some day you might want to rebase the inode reclaim cleanups from 2019 and didn't want to slow either of us down by forcing a gigantic rebase. So I left the duplicative inode walk functions. FWIW these are current separate functions with separate call sites in xfs_inode_walk_ag since the "remove indirect calls from inode walk" series made it more convenient to have a separate function for each tag. As for the name ... reclaim also has a "grab" function even though it walks unreferenced inodes. > > > /* Check for stale RCU freed inode */ > > spin_lock(&ip->i_flags_lock); > > if (!ip->i_ino) > > @@ -743,7 +974,8 @@ xfs_inode_walk_ag_grab( > > > > /* avoid new or reclaimable inodes. Leave for reclaim code to flush */ > > if ((!newinos && __xfs_iflags_test(ip, XFS_INEW)) || > > - __xfs_iflags_test(ip, XFS_IRECLAIMABLE | XFS_IRECLAIM)) > > + __xfs_iflags_test(ip, XFS_IRECLAIMABLE | XFS_IRECLAIM | > > + XFS_NEED_INACTIVE | XFS_INACTIVATING)) > > Comment needs updating. Also need a mask define here... This function is now called xfs_blockgc_grab, and yes I did change it. > > > goto out_unlock_noent; > > spin_unlock(&ip->i_flags_lock); > > > > @@ -848,7 +1080,8 @@ xfs_inode_walk_ag( > > xfs_iflags_test(batch[i], XFS_INEW)) > > xfs_inew_wait(batch[i]); > > error = execute(batch[i], args); > > - xfs_irele(batch[i]); > > + if (!(iter_flags & XFS_INODE_WALK_INACTIVE)) > > + xfs_irele(batch[i]); > > if (error == -EAGAIN) { > > skipped++; > > continue; > > Hmmmm. > > > + > > +/* > > + * Deferred Inode Inactivation > > + * =========================== > > + * > > + * Sometimes, inodes need to have work done on them once the last program has > > + * closed the file. Typically this means cleaning out any leftover post-eof or > > + * CoW staging blocks for linked files. For inodes that have been totally > > + * unlinked, this means unmapping data/attr/cow blocks, removing the inode > > + * from the unlinked buckets, and marking it free in the inobt and inode table. > > + * > > + * This process can generate many metadata updates, which shows up as close() > > + * and unlink() calls that take a long time. We defer all that work to a > > + * per-AG workqueue which means that we can batch a lot of work and do it in > > + * inode order for better performance. Furthermore, we can control the > > + * workqueue, which means that we can avoid doing inactivation work at a bad > > + * time, such as when the fs is frozen. > > + * > > + * Deferred inactivation introduces new inode flag states (NEED_INACTIVE and > > + * INACTIVATING) and adds a new INACTIVE radix tree tag for fast access. We > > + * maintain separate perag counters for both types, and move counts as inodes > > + * wander the state machine, which now works as follows: > > + * > > + * If the inode needs inactivation, we: > > + * - Set the NEED_INACTIVE inode flag > > + * - Increment the per-AG inactive count > > + * - Set the INACTIVE tag in the per-AG inode tree > > + * - Set the INACTIVE tag in the per-fs AG tree > > + * - Schedule background inode inactivation > > + * > > + * If the inode does not need inactivation, we: > > + * - Set the RECLAIMABLE inode flag > > + * - Increment the per-AG reclaim count > > + * - Set the RECLAIM tag in the per-AG inode tree > > + * - Set the RECLAIM tag in the per-fs AG tree > > + * - Schedule background inode reclamation > > + * > > + * When it is time for background inode inactivation, we: > > + * - Set the INACTIVATING inode flag > > + * - Make all the on-disk updates > > + * - Clear both INACTIVATING and NEED_INACTIVE inode flags > > + * - Decrement the per-AG inactive count > > + * - Clear the INACTIVE tag in the per-AG inode tree > > + * - Clear the INACTIVE tag in the per-fs AG tree if that was the last one > > + * - Kick the inode into reclamation per the previous paragraph. > > I suspect this needs to set the IRECLAIMABLE flag before it clears > the INACTIVE flags so that inode_ag_walk() doesn't find it in a > transient state. Hmmm - that may be why you factored the reclaim > flag setting functions? Yes and yes. > > + * > > + * When it is time for background inode reclamation, we: > > + * - Set the IRECLAIM inode flag > > + * - Detach all the resources and remove the inode from the per-AG inode tree > > + * - Clear both IRECLAIM and RECLAIMABLE inode flags > > + * - Decrement the per-AG reclaim count > > + * - Clear the RECLAIM tag from the per-AG inode tree > > + * - Clear the RECLAIM tag from the per-fs AG tree if there are no more > > + * inodes waiting for reclamation or inactivation > > + * > > + * Note that xfs_inodegc_queue and xfs_inactive_grab are further up in > > + * the source code so that we avoid static function declarations. > > + */ > > + > > +/* Inactivate this inode. */ > > +STATIC int > > static > > > +xfs_inactive_inode( > > + struct xfs_inode *ip, > > + void *args) > > +{ > > + struct xfs_eofblocks *eofb = args; > > + struct xfs_perag *pag; > > + > > + ASSERT(ip->i_mount->m_super->s_writers.frozen < SB_FREEZE_FS); > > What condition is this trying to catch? It's something to do with > freeze, but you haven't documented what happens to inodes with > pending inactivation when a freeze is started.... Inactivation creates transactions, which means that we should never be running this at FREEZE_FS time. IOWs, it's a check that we can never stall a kernel thread indefinitely because the fs is frozen. We can continue to queue inodes for inactivation on a frozen filesystem, and I was trying to avoid touching the umount lock in xfs_perag_set_inactive_tag to find out if the fs is actually frozen and therefore we shouldn't call xfs_inodegc_queue. > > + > > + /* > > + * Not a match for our passed in scan filter? Put it back on the shelf > > + * and move on. > > + */ > > + spin_lock(&ip->i_flags_lock); > > + if (!xfs_inode_matches_eofb(ip, eofb)) { > > + ip->i_flags &= ~XFS_INACTIVATING; > > + spin_unlock(&ip->i_flags_lock); > > + return 0; > > + } > > + spin_unlock(&ip->i_flags_lock); > > IDGI. What do EOF blocks have to do with running inode inactivation > on this inode? This enables foreground threads that hit EDQUOT to look for inodes to inactivate in order to free up quota'd resources. > > + > > + trace_xfs_inode_inactivating(ip); > > + > > + xfs_inactive(ip); > > + ASSERT(XFS_FORCED_SHUTDOWN(ip->i_mount) || ip->i_delayed_blks == 0); > > + > > + /* > > + * Clear the inactive state flags and schedule a reclaim run once > > + * we're done with the inactivations. We must ensure that the inode > > + * smoothly transitions from inactivating to reclaimable so that iget > > + * cannot see either data structure midway through the transition. > > + */ > > + pag = xfs_perag_get(ip->i_mount, > > + XFS_INO_TO_AGNO(ip->i_mount, ip->i_ino)); > > + spin_lock(&pag->pag_ici_lock); > > + spin_lock(&ip->i_flags_lock); > > + > > + ip->i_flags &= ~(XFS_NEED_INACTIVE | XFS_INACTIVATING); > > + xfs_inode_clear_inactive_tag(pag, ip->i_ino); > > + > > + __xfs_inode_set_reclaim_tag(pag, ip); > > + > > + spin_unlock(&ip->i_flags_lock); > > + spin_unlock(&pag->pag_ici_lock); > > + xfs_perag_put(pag); > > + > > + return 0; > > +} > > /me wonders if we really need a separate radix tree tag for > inactivation. No, we don't. I only used a separate one to keep this separate from the reclaim tag because you thought you might remove ICI_RECLAIM the last time you and I talked about inactivation at the last LSFMM we both went to. > > +/* > > + * Walk the AGs and reclaim the inodes in them. Even if the filesystem is > > + * corrupted, we still need to clear the INACTIVE iflag so that we can move > > + * on to reclaiming the inode. > > + */ > > +static int > > +xfs_inodegc_free_space( > > + struct xfs_mount *mp, > > + struct xfs_eofblocks *eofb) > > +{ > > + return xfs_inode_walk(mp, XFS_INODE_WALK_INACTIVE, > > + xfs_inactive_inode, eofb, XFS_ICI_INACTIVE_TAG); > > +} > > This could call the unreferenced reclaim AG walker now that all the reclaim > throttling stuff has been removed from it... Yep. I could probably combine all three of the walkers into one function since the series before this one shifts the usage model to the same basic loop with switch() statements to figure out which functions to call. > > +/* Try to get inode inactivation moving. */ > > +void > > +xfs_inodegc_worker( > > + struct work_struct *work) > > +{ > > + struct xfs_mount *mp = container_of(to_delayed_work(work), > > + struct xfs_mount, m_inodegc_work); > > + int error; > > + > > + /* > > + * We want to skip inode inactivation while the filesystem is frozen > > + * because we don't want the inactivation thread to block while taking > > + * sb_intwrite. Therefore, we try to take sb_write for the duration > > + * of the inactive scan -- a freeze attempt will block until we're > > + * done here, and if the fs is past stage 1 freeze we'll bounce out > > + * until things unfreeze. If the fs goes down while frozen we'll > > + * still have log recovery to clean up after us. > > + */ > > + if (!sb_start_write_trylock(mp->m_super)) > > + return; > > + > > + error = xfs_inodegc_free_space(mp, NULL); > > + if (error && error != -EAGAIN) > > + xfs_err(mp, "inode inactivation failed, error %d", error); > > + > > + sb_end_write(mp->m_super); > > + xfs_inodegc_queue(mp); > > Ok.... > > The way we've done this with other workqueue based background work > is that the freeze flushes and stops the workqueue, then restarts it > once the filesystem is thawed. This takes all the need for the > background work to have to run the freeze gaunlet.... > > > +} > > + > > +/* Force all queued inode inactivation work to run immediately. */ > > +void > > +xfs_inodegc_force( > > + struct xfs_mount *mp) > > +{ > > + /* > > + * In order to reset the delay timer to run immediately, we have to > > + * cancel the work item and requeue it with a zero timer value. We > > + * don't care if the worker races with our requeue, because at worst > > + * we iterate the radix tree and find no inodes to inactivate. > > + */ > > + if (!cancel_delayed_work(&mp->m_inodegc_work)) > > + return; > > We do? I thought we could mod the timer. Yeah: > > mod_delayed_work(mp->m_gc_workqueue, &mp->m_inodegc_work, 0); > > will trigger the delayed work to run immediately... > > > + > > + queue_delayed_work(mp->m_gc_workqueue, &mp->m_inodegc_work, 0); > > + flush_delayed_work(&mp->m_inodegc_work); > > +} > > Yeah, that's a flush operation, not a force :) > > > +/* Stop all queued inactivation work. */ > > +void > > +xfs_inodegc_stop( > > + struct xfs_mount *mp) > > +{ > > + cancel_delayed_work_sync(&mp->m_inodegc_work); > > +} > > Should this flush first? i.e. it will cancel pending work, but if > there is work running, it will wait for it to complete. Do we want > the queued work run before stopping, or just kill it dead? The only caller of this is unmount and freeze, so yes, I think it's fine to let _sync flush the work before returning. > > > diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c > > index 65897cb0cf2a..f20694f220c8 100644 > > --- a/fs/xfs/xfs_inode.c > > +++ b/fs/xfs/xfs_inode.c > > @@ -1665,6 +1665,35 @@ xfs_inactive_ifree( > > return 0; > > } > > > > +/* Prepare inode for inactivation. */ > > +void > > +xfs_inode_inactivation_prep( > > + struct xfs_inode *ip) > > +{ > > + if (XFS_FORCED_SHUTDOWN(ip->i_mount)) > > + return; > > + > > + /* > > + * If this inode is unlinked (and now unreferenced) we need to dispose > > + * of it in the on disk metadata. > > + * > > + * Change the generation so that the inode can't be opened by handle > > + * now that the last external references has dropped. Bulkstat won't > > + * return inodes with zero nlink so nobody will ever find this inode > > + * again. Then add this inode & blocks to the counts of things that > > + * will be freed during the next inactivation run. > > + */ > > + if (VFS_I(ip)->i_nlink == 0) > > + VFS_I(ip)->i_generation = prandom_u32(); > > open by handle interfaces should not be able to open inodes that > have a zero nlink, hence I'm not sure what changing the generation > number actually buys us here... > > If we can open nlink = 0 files via handles, then I think we've got > a bug or two to fix.... I'm pretty sure this is made redundant by the NEED_INACTIVE check in xfs_inode_check_free_state. > > + /* > > + * Detach dquots just in case someone tries a quotaoff while the inode > > + * is waiting on the inactive list. We'll reattach them (if needed) > > + * when inactivating the inode. > > + */ > > + xfs_qm_dqdetach(ip); > > +} > > I think the dquot handling needs better documentation as it impacts > on the life cycle and interactions of dquots... Ok. > > diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c > > index 97f31308de03..b03b127e34cc 100644 > > --- a/fs/xfs/xfs_log_recover.c > > +++ b/fs/xfs/xfs_log_recover.c > > @@ -2792,6 +2792,13 @@ xlog_recover_process_iunlinks( > > } > > xfs_buf_rele(agibp); > > } > > + > > + /* > > + * Now that we've put all the iunlink inodes on the lru, let's make > > + * sure that we perform all the on-disk metadata updates to actually > > + * free those inodes. > > + */ > > What LRU are we putting these inodes on? They are evicted from cache > immediately. A comment simply to say: > > /* > * Flush the pending unlinked inodes to ensure they are > * fully completed on disk and can be reclaimed before we > * signal that recovery is complete. > */ Ok, will fix. > > + xfs_inodegc_force(mp); > > } > > > > STATIC void > > ..... > > diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c > > index 1c97b155a8ee..cd015e3d72fc 100644 > > --- a/fs/xfs/xfs_mount.c > > +++ b/fs/xfs/xfs_mount.c > > @@ -640,6 +640,10 @@ xfs_check_summary_counts( > > * so we need to unpin them, write them back and/or reclaim them before unmount > > * can proceed. > > * > > + * Start the process by pushing all inodes through the inactivation process > > + * so that all file updates to on-disk metadata can be flushed with the log. > > + * After the AIL push, all inodes should be ready for reclamation. > > + * > > * An inode cluster that has been freed can have its buffer still pinned in > > * memory because the transaction is still sitting in a iclog. The stale inodes > > * on that buffer will be pinned to the buffer until the transaction hits the > > @@ -663,6 +667,7 @@ static void > > xfs_unmount_flush_inodes( > > struct xfs_mount *mp) > > { > > + xfs_inodegc_force(mp); > > xfs_log_force(mp, XFS_LOG_SYNC); > > xfs_extent_busy_wait_all(mp); > > flush_workqueue(xfs_discard_wq); > > @@ -670,6 +675,7 @@ xfs_unmount_flush_inodes( > > mp->m_flags |= XFS_MOUNT_UNMOUNTING; > > > > xfs_ail_push_all_sync(mp->m_ail); > > + xfs_inodegc_stop(mp); > > That looks wrong. Stopping the background inactivation should be > done before we flush the AIL because bacground inactivation dirties > inodes. So we should be stopping the inodegc the moment we've > finished flushing out all the pending inactivations... There shouldn't be any inactivation work queued at this point, so this is merely a safeguard to kill the work just in case I screwed up somewhere else. :) It can probably go. > Hmm. xfs_unmount_flush_inodes() doesn't ring a bell with me, and > it's not in the current tree. Did I miss this in an earlier patch in > this patchset, or something else? It was added as a bugfix to 5.12-rc3 to fix a bug where we could dirty a quota inode during mount, decide to abort the mount, and then stall because nobody would actually force the log to flush the quota inode changes to disk. > > cancel_delayed_work_sync(&mp->m_reclaim_work); > > xfs_reclaim_inodes(mp); > > xfs_health_unmount(mp); > > @@ -1095,6 +1101,13 @@ xfs_unmountfs( > > uint64_t resblks; > > int error; > > > > + /* > > + * Perform all on-disk metadata updates required to inactivate inodes. > > + * Since this can involve finobt updates, do it now before we lose the > > + * per-AG space reservations. > > + */ > > + xfs_inodegc_force(mp); > > + > > I can't tell why this is necessary given what > xfs_unmount_flush_inodes() does. Or, alternatively, why > xfs_unmount_flush_inodes() can do what it does without caring about > per-ag space reservations.... > > > diff --git a/fs/xfs/xfs_qm_syscalls.c b/fs/xfs/xfs_qm_syscalls.c > > index ca1b57d291dc..0f9a1450fe0e 100644 > > --- a/fs/xfs/xfs_qm_syscalls.c > > +++ b/fs/xfs/xfs_qm_syscalls.c > > @@ -104,6 +104,12 @@ xfs_qm_scall_quotaoff( > > uint inactivate_flags; > > struct xfs_qoff_logitem *qoffstart = NULL; > > > > + /* > > + * Clean up the inactive list before we turn quota off, to reduce the > > + * amount of quotaoff work we have to do with the mutex held. > > + */ > > + xfs_inodegc_force(mp); > > + > > Hmmm. why not just stop background inactivation altogether while > quotaoff runs? i.e. just do normal, inline inactivation when > quotaoff is running, and then we can get rid of the whole "drop > dquot references" issue that background inactivation has... I suppose that would have an advantage that quotaoff could switch to foreground inactivation, flush the pending inactivation work to release the dquot references, and then dqflush_all to dump the dquots altogether. How do we add the ability to switch behaviors, though? The usual percpu rwsem that protects a flag? > > diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c > > index e774358383d6..8d0142487fc7 100644 > > --- a/fs/xfs/xfs_super.c > > +++ b/fs/xfs/xfs_super.c > > @@ -637,28 +637,34 @@ xfs_fs_destroy_inode( > > struct inode *inode) > > { > > struct xfs_inode *ip = XFS_I(inode); > > + struct xfs_mount *mp = ip->i_mount; > > + bool need_inactive; > > > > trace_xfs_destroy_inode(ip); > > > > ASSERT(!rwsem_is_locked(&inode->i_rwsem)); > > - XFS_STATS_INC(ip->i_mount, vn_rele); > > - XFS_STATS_INC(ip->i_mount, vn_remove); > > + XFS_STATS_INC(mp, vn_rele); > > + XFS_STATS_INC(mp, vn_remove); > > > > - xfs_inactive(ip); > > - > > - if (!XFS_FORCED_SHUTDOWN(ip->i_mount) && ip->i_delayed_blks) { > > + need_inactive = xfs_inode_needs_inactivation(ip); > > + if (need_inactive) { > > + trace_xfs_inode_set_need_inactive(ip); > > + xfs_inode_inactivation_prep(ip); > > + } else if (!XFS_FORCED_SHUTDOWN(ip->i_mount) && ip->i_delayed_blks) { > > xfs_check_delalloc(ip, XFS_DATA_FORK); > > xfs_check_delalloc(ip, XFS_COW_FORK); > > ASSERT(0); > > } > > Isn't this i_delayed_blks check still valid even for indoes that > need background invalidation? i.e. all dirty data has been flushed > at this point, and so i_delayed_blks should be zero for all > inodes regardless of whether then need inactivation or not.... Hmm, I think that is true. > > > - > > - XFS_STATS_INC(ip->i_mount, vn_reclaim); > > + XFS_STATS_INC(mp, vn_reclaim); > > + trace_xfs_inode_set_reclaimable(ip); > > > > /* > > * We should never get here with one of the reclaim flags already set. > > */ > > ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_IRECLAIMABLE)); > > ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_IRECLAIM)); > > + ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_NEED_INACTIVE)); > > + ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_INACTIVATING)); > > This should probably be opencoded instead of taking the flags > spinlock 4 times... Urk, yes. > > > > /* > > * We always use background reclaim here because even if the inode is > > @@ -667,7 +673,10 @@ xfs_fs_destroy_inode( > > * reclaim path handles this more efficiently than we can here, so > > * simply let background reclaim tear down all inodes. > > */ > > - xfs_inode_set_reclaim_tag(ip); > > + if (need_inactive) > > + xfs_inode_set_inactive_tag(ip); > > + else > > + xfs_inode_set_reclaim_tag(ip); > > } > > > > static void > > @@ -797,6 +806,13 @@ xfs_fs_statfs( > > xfs_extlen_t lsize; > > int64_t ffree; > > > > + /* > > + * Process all the queued file and speculative preallocation cleanup so > > + * that the counter values we report here do not incorporate any > > + * resources that were previously deleted. > > + */ > > + xfs_inodegc_force(mp); > > Same comment as for xfs_fs_counts().... > > + > > statp->f_type = XFS_SUPER_MAGIC; > > statp->f_namelen = MAXNAMELEN - 1; > > > > @@ -911,6 +927,18 @@ xfs_fs_unfreeze( > > return 0; > > } > > > > +/* > > + * Before we get to stage 1 of a freeze, force all the inactivation work so > > + * that there's less work to do if we crash during the freeze. > > + */ > > +STATIC int > > +xfs_fs_freeze_super( > > + struct super_block *sb) > > +{ > > + xfs_inodegc_force(XFS_M(sb)); > > + return freeze_super(sb); > > +} > > Yeah, definitely need a description of freeze interactions... Flush all the pending work before we let the VFS start the freezing process, and then we don't run inactivation after that. > > @@ -1720,6 +1749,13 @@ xfs_remount_ro( > > return error; > > } > > > > + /* > > + * Perform all on-disk metadata updates required to inactivate inodes. > > + * Since this can involve finobt updates, do it now before we lose the > > + * per-AG space reservations. > > + */ > > + xfs_inodegc_force(mp); > > Should we stop background inactivation, because we can't make > modifications anymore and hence background inactication makes little > sense... We don't actually stop background gc transactions or other internal updates on readonly filesystems -- the ro part means only that we don't let /userspace/ change anything directly. If you open a file readonly, unlink it, freeze the fs, and close the file, we'll still free it. --D > Cheers, > > Dave. > -- > Dave Chinner > david@fromorbit.com
On Mon, Mar 22, 2021 at 09:00:37PM -0700, Darrick J. Wong wrote: > On Tue, Mar 23, 2021 at 12:44:17PM +1100, Dave Chinner wrote: > > On Wed, Mar 10, 2021 at 07:06:13PM -0800, Darrick J. Wong wrote: > > > From: Darrick J. Wong <djwong@kernel.org> > > > > > > Instead of calling xfs_inactive directly from xfs_fs_destroy_inode, > > > defer the inactivation phase to a separate workqueue. With this we > > > avoid blocking memory reclaim on filesystem metadata updates that are > > > necessary to free an in-core inode, such as post-eof block freeing, COW > > > staging extent freeing, and truncating and freeing unlinked inodes. Now > > > that work is deferred to a workqueue where we can do the freeing in > > > batches. > > > > > > We introduce two new inode flags -- NEEDS_INACTIVE and INACTIVATING. > > > The first flag helps our worker find inodes needing inactivation, and > > > the second flag marks inodes that are in the process of being > > > inactivated. A concurrent xfs_iget on the inode can still resurrect the > > > inode by clearing NEEDS_INACTIVE (or bailing if INACTIVATING is set). > > > > > > Unfortunately, deferring the inactivation has one huge downside -- > > > eventual consistency. Since all the freeing is deferred to a worker > > > thread, one can rm a file but the space doesn't come back immediately. > > > This can cause some odd side effects with quota accounting and statfs, > > > so we also force inactivation scans in order to maintain the existing > > > behaviors, at least outwardly. > > > > > > For this patch we'll set the delay to zero to mimic the old timing as > > > much as possible; in the next patch we'll play with different delay > > > settings. > > > > > > Signed-off-by: Darrick J. Wong <djwong@kernel.org> > > .... > > > diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c > > > index a2a407039227..3a3baf56198b 100644 > > > --- a/fs/xfs/xfs_fsops.c > > > +++ b/fs/xfs/xfs_fsops.c > > > @@ -19,6 +19,8 @@ > > > #include "xfs_log.h" > > > #include "xfs_ag.h" > > > #include "xfs_ag_resv.h" > > > +#include "xfs_inode.h" > > > +#include "xfs_icache.h" > > > > > > /* > > > * growfs operations > > > @@ -290,6 +292,13 @@ xfs_fs_counts( > > > xfs_mount_t *mp, > > > xfs_fsop_counts_t *cnt) > > > { > > > + /* > > > + * Process all the queued file and speculative preallocation cleanup so > > > + * that the counter values we report here do not incorporate any > > > + * resources that were previously deleted. > > > + */ > > > + xfs_inodegc_force(mp); > > > > xfs_fs_counts() is supposed to be a quick, non-blocking summary of > > the state - it can never supply userspace with accurate values > > because they are wrong even before the ioctl returns to userspace. > > Hence we do not attempt to make them correct, just use a fast, point > > in time sample of the current counter values. > > > > So this seems like an unnecessarily heavyweight operation > > to add to this function.... > > I agree, xfs_inodegc_force is a heavyweight operation to add to statvfs > and (further down) the quota reporting ioctl. I added these calls to > maintain the user-visible behavior that one can df a mount, rm -rf a > 30T directory tree, df again, and observe a 30T difference in available > space between the two df calls. > > There are a lot of fstests that require this kind of behavior to pass. > In my internal testing without this bit applied, I also got complaints > about breaking the user-behavior of XFS that people have gotten used to. Yeah, that's messy, but I see a potential problem here with space monitoring apps that poll the filesystem frequently to check space usage. That's going to override whatever your background "do work" setting is going to be... > Earlier revisions of this patchset tried to maintain counts of the > resources used by the inactivated inode so that we could adjust the > values reported by statvfs and the quota reporting ioctl. This meant we > didn't have to delay either call at all, but it turns out that it's > not feasible to maintain an accurate count of inactive resources because > any resources that are shared at destroy_inode time cannot become part > of this liar counter and consulting the refcountbt to decide which > extents should be added just makes unlinking even slower. Worse yet, > unsharing of shared blocks attached to queued inactive inodes implies > either that we have to update the liar counter or that we have to be ok > with the free block count fluctuating for a while after a deletion if > that deletion ends up freeing more space than the liar counter thinks > we can free by flushing inactivation. So the main problem is block accounting. Non-reflink stuff is easy (the equivalent of delalloc accounting) but reflink is hard. > Hmm, maybe this could maintain an approxiate liar counter and only flush > inactivation when the liar counter would cause us to be off by more than > some configurable amount? The fstests that care about free space > accounting are not going to be happy since they are measured with very > tight tolerances. I'd prefer something that doesn't require a magic heuristic. I don't have any better ideas right now, so let's just go with what you have and see what falls out... > > > @@ -233,6 +242,94 @@ xfs_inode_clear_reclaim_tag( > > > xfs_perag_clear_reclaim_tag(pag); > > > } > > > > > > +/* Queue a new inode gc pass if there are inodes needing inactivation. */ > > > +static void > > > +xfs_inodegc_queue( > > > + struct xfs_mount *mp) > > > +{ > > > + rcu_read_lock(); > > > + if (radix_tree_tagged(&mp->m_perag_tree, XFS_ICI_INACTIVE_TAG)) > > > + queue_delayed_work(mp->m_gc_workqueue, &mp->m_inodegc_work, > > > + 2 * HZ); > > > + rcu_read_unlock(); > > > +} > > > > Why half a second and not something referenced against the inode > > reclaim/sync period? > > It's actually 2 seconds, and the next patch adds a knob to tweak the > default value. Ugh, 2 * HZ != 2Hz. Stupid bad generic timer code, always trips me over. > The first version of this patchset from 2017 actually did just use > (6 * xfs_syncd_centisecs / 10) like reclaim does. This turned out to be > pretty foolish because that meant that reclaim and inactivation would > start at the same time, and because inactivation is slow, most of them > would miss the reclaim window and sit around pointlessly until the > next one. > > The next iteration from mid 2019 changed this to (xfs_syncd_centisecs/5) > which fixed that, but large deltree storms could lead to so many inodes > being inactivated that we'd still miss the reclaim window sometimes. > Around this time I got my djwong-dev tree hooked up to the ktest robot > and it started complaining about performance regressions and noticeably > higher slab usage for xfs inodes and log items. Right, I was thinking more along the lines of "run inactivation twice for every background inode reclaim pass". It's clear that what you were struggling with was that the interaction between the two running at similar periods is not good, and hence no matter what the background reclaim period is, we should process inactivated inodes a at least a couple of times per reclaim period... > The next time I got back to this was shortly after Dave cleaned up the > reclaim behavior (2020) to be driven by the AIL, which mostly fixed the > performance complaints, except for the one about AIM7. I was intrigued > enough by this to instrument the patchset and fstests and the fstests > cloud hosts <cough> to see if I could derive a reasonable default value. > > I've observed through experimentation that 2 seconds seems like a good > default value -- it's long enough to enable a lot of batching of > inactive inodes, but short enough that the background thread can > throttle the foreground threads by competing for the log grant heads. Right, it ends up about 2x per reclaim period by default. :) > I also noticed that the amount of overhead introduced by background > inactivation (as measured by fstests run times and other <cough> > performance tests) ranged from minimal at 0 seconds to about 20% at > (6*xfs_syncd_centisecs/10). Which is about 20s period. yeah, that's way too long... > Honestly, this could just be zero. Assuming your distro has power > efficient workqueues enabled, the ~4-10ms delay introduced by that is > enough to realize some batching advantage with zero noticeable effect on > performance. Yeah, the main benefit is moving it into the background so that the syscall completion isn't running the entire inode inactivation pass. That moves almost 50% of the unlink processing off to another thread which is what we want for rm -rf workloads. Keeping the batch size small is probably the best place to start with this - just enough inodes to keep a CPU busy for a scheduler tick? > > > static void > > > xfs_inew_wait( > > > struct xfs_inode *ip) > > > @@ -298,6 +395,13 @@ xfs_iget_check_free_state( > > > struct xfs_inode *ip, > > > int flags) > > > { > > > + /* > > > + * Unlinked inodes awaiting inactivation must not be reused until we > > > + * have a chance to clear the on-disk metadata. > > > + */ > > > + if (VFS_I(ip)->i_nlink == 0 && (ip->i_flags & XFS_NEED_INACTIVE)) > > > + return -ENOENT; > > > + > > > if (flags & XFS_IGET_CREATE) { > > > /* should be a free inode */ > > > if (VFS_I(ip)->i_mode != 0) { > > > > How do we get here with an XFS_NEED_INACTIVE inode? > > xfs_iget_check_free_state() is only called from the cache miss path, > > You added it to xfs_iget_cache_hit in 2018, commit afca6c5b2595f... Oh, cscope fail: File Function Line 0 xfs/xfs_icache.c xfs_iget_check_free_state 297 xfs_iget_check_free_state( 1 xfs/xfs_icache.c __releases 378 error = xfs_iget_check_free_state(ip, flags); 2 xfs/xfs_icache.c xfs_iget_cache_miss 530 error = xfs_iget_check_free_state(ip, flags); "__releases" is a sparse annotation, so it didn't trigger that this was actually in xfs_iget_cache_hit()... Never mind... > > > @@ -713,6 +904,43 @@ xfs_icache_inode_is_allocated( > > > return 0; > > > } > > > > > > +/* > > > + * Grab the inode for inactivation exclusively. > > > + * Return true if we grabbed it. > > > + */ > > > +static bool > > > +xfs_inactive_grab( > > > + struct xfs_inode *ip) > > > +{ > > > + ASSERT(rcu_read_lock_held()); > > > + > > > + /* quick check for stale RCU freed inode */ > > > + if (!ip->i_ino) > > > + return false; > > > + > > > + /* > > > + * The radix tree lock here protects a thread in xfs_iget from racing > > > + * with us starting reclaim on the inode. > > > + * > > > + * Due to RCU lookup, we may find inodes that have been freed and only > > > + * have XFS_IRECLAIM set. Indeed, we may see reallocated inodes that > > > + * aren't candidates for reclaim at all, so we must check the > > > + * XFS_IRECLAIMABLE is set first before proceeding to reclaim. > > > + * Obviously if XFS_NEED_INACTIVE isn't set then we ignore this inode. > > > + */ > > > + spin_lock(&ip->i_flags_lock); > > > + if (!(ip->i_flags & XFS_NEED_INACTIVE) || > > > + (ip->i_flags & XFS_INACTIVATING)) { > > > + /* not a inactivation candidate. */ > > > + spin_unlock(&ip->i_flags_lock); > > > + return false; > > > + } > > > + > > > + ip->i_flags |= XFS_INACTIVATING; > > > + spin_unlock(&ip->i_flags_lock); > > > + return true; > > > +} > > > + > > > /* > > > * The inode lookup is done in batches to keep the amount of lock traffic and > > > * radix tree lookups to a minimum. The batch size is a trade off between > > > @@ -736,6 +964,9 @@ xfs_inode_walk_ag_grab( > > > > > > ASSERT(rcu_read_lock_held()); > > > > > > + if (flags & XFS_INODE_WALK_INACTIVE) > > > + return xfs_inactive_grab(ip); > > > + > > > > Hmmm. This doesn't actually grab the inode. It's an unreferenced > > inode walk, in a function that assumes that the grab() call returns > > a referenced inode. Why isn't this using the inode reclaim walk > > which is intended to walk unreferenced inodes? > > Because I thought that some day you might want to rebase the inode > reclaim cleanups from 2019 and didn't want to slow either of us down by > forcing a gigantic rebase. So I left the duplicative inode walk > functions. > > FWIW these are current separate functions with separate call sites in > xfs_inode_walk_ag since the "remove indirect calls from inode walk" > series made it more convenient to have a separate function for each tag. > > As for the name ... reclaim also has a "grab" function even though it > walks unreferenced inodes. Sure, but the reclaim code was always a special "unreferenced" lookup that just used the same code structure. It never mixed "igrab()" with unreferenced inode pinning... > > > +xfs_inactive_inode( > > > + struct xfs_inode *ip, > > > + void *args) > > > +{ > > > + struct xfs_eofblocks *eofb = args; > > > + struct xfs_perag *pag; > > > + > > > + ASSERT(ip->i_mount->m_super->s_writers.frozen < SB_FREEZE_FS); > > > > What condition is this trying to catch? It's something to do with > > freeze, but you haven't documented what happens to inodes with > > pending inactivation when a freeze is started.... > > Inactivation creates transactions, which means that we should never be > running this at FREEZE_FS time. IOWs, it's a check that we can never > stall a kernel thread indefinitely because the fs is frozen. What's the problem with doing that to a dedicated worker thread? We currently stall inactivation on a frozen filesystem if a transaction is required > We can continue to queue inodes for inactivation on a frozen filesystem, > and I was trying to avoid touching the umount lock in > xfs_perag_set_inactive_tag to find out if the fs is actually frozen and > therefore we shouldn't call xfs_inodegc_queue. I think stopping background inactivation for frozen filesystems make more sense than this... > > > + > > > + /* > > > + * Not a match for our passed in scan filter? Put it back on the shelf > > > + * and move on. > > > + */ > > > + spin_lock(&ip->i_flags_lock); > > > + if (!xfs_inode_matches_eofb(ip, eofb)) { > > > + ip->i_flags &= ~XFS_INACTIVATING; > > > + spin_unlock(&ip->i_flags_lock); > > > + return 0; > > > + } > > > + spin_unlock(&ip->i_flags_lock); > > > > IDGI. What do EOF blocks have to do with running inode inactivation > > on this inode? > > This enables foreground threads that hit EDQUOT to look for inodes to > inactivate in order to free up quota'd resources. Not very obvious - better comment, please? > > I can't tell why this is necessary given what > > xfs_unmount_flush_inodes() does. Or, alternatively, why > > xfs_unmount_flush_inodes() can do what it does without caring about > > per-ag space reservations.... > > > > > diff --git a/fs/xfs/xfs_qm_syscalls.c b/fs/xfs/xfs_qm_syscalls.c > > > index ca1b57d291dc..0f9a1450fe0e 100644 > > > --- a/fs/xfs/xfs_qm_syscalls.c > > > +++ b/fs/xfs/xfs_qm_syscalls.c > > > @@ -104,6 +104,12 @@ xfs_qm_scall_quotaoff( > > > uint inactivate_flags; > > > struct xfs_qoff_logitem *qoffstart = NULL; > > > > > > + /* > > > + * Clean up the inactive list before we turn quota off, to reduce the > > > + * amount of quotaoff work we have to do with the mutex held. > > > + */ > > > + xfs_inodegc_force(mp); > > > + > > > > Hmmm. why not just stop background inactivation altogether while > > quotaoff runs? i.e. just do normal, inline inactivation when > > quotaoff is running, and then we can get rid of the whole "drop > > dquot references" issue that background inactivation has... > > I suppose that would have an advantage that quotaoff could switch to > foreground inactivation, flush the pending inactivation work to release > the dquot references, and then dqflush_all to dump the dquots > altogether. > > How do we add the ability to switch behaviors, though? The usual percpu > rwsem that protects a flag? That's overkill. Global synchronisation doesn't need complex structures, just a low cost reader path. All we need is an atomic bit that we can test via test_bit(). test_bit() is not a locked operation, but it is atomic. Hence most of the time it is a shared cacheline and hence has near zero cost to check as it can be shared across all CPUs. Set the flag to turn off background inactivation, then all future inactivations will be foreground. Then flush and stop the inodegc work queue. When we finish processing the last inactivated inode, the background work stops (i.e. it is not requeued). No more pending background work. Clear the flag to turn background inactivation back on. The first inode queued will restart that background work... > > > @@ -1720,6 +1749,13 @@ xfs_remount_ro( > > > return error; > > > } > > > > > > + /* > > > + * Perform all on-disk metadata updates required to inactivate inodes. > > > + * Since this can involve finobt updates, do it now before we lose the > > > + * per-AG space reservations. > > > + */ > > > + xfs_inodegc_force(mp); > > > > Should we stop background inactivation, because we can't make > > modifications anymore and hence background inactication makes little > > sense... > > We don't actually stop background gc transactions or other internal > updates on readonly filesystems Yes we do - that's what xfs_blockgc_stop() higher up in this function does. xfs_log_clean() further down in the function also stops the background log work (that covers the log when idle) because xfs_remount_ro() leaves the log clean. THese all get restarted in xfs_remount_rw().... > -- the ro part means only that we don't > let /userspace/ change anything directly. If you open a file readonly, > unlink it, freeze the fs, and close the file, we'll still free it. How do you unlink the file on a RO mount? And if it's a rw mount that is frozen, it will block on the first transaction in the inactivation process from close(), and block there until the filesystem is unfrozen. It's pretty clear to me that we want frozen filesystems to turn off background inactivation so that we can block things like this in the syscall context and not have to deal with the complexity of freeze or read-only mounts in the background inactivation code at all.. Cheers, Dave.
On Tue, Mar 23, 2021 at 04:19:07PM +1100, Dave Chinner wrote: > On Mon, Mar 22, 2021 at 09:00:37PM -0700, Darrick J. Wong wrote: > > On Tue, Mar 23, 2021 at 12:44:17PM +1100, Dave Chinner wrote: > > > On Wed, Mar 10, 2021 at 07:06:13PM -0800, Darrick J. Wong wrote: > > > > From: Darrick J. Wong <djwong@kernel.org> > > > > > > > > Instead of calling xfs_inactive directly from xfs_fs_destroy_inode, > > > > defer the inactivation phase to a separate workqueue. With this we > > > > avoid blocking memory reclaim on filesystem metadata updates that are > > > > necessary to free an in-core inode, such as post-eof block freeing, COW > > > > staging extent freeing, and truncating and freeing unlinked inodes. Now > > > > that work is deferred to a workqueue where we can do the freeing in > > > > batches. > > > > > > > > We introduce two new inode flags -- NEEDS_INACTIVE and INACTIVATING. > > > > The first flag helps our worker find inodes needing inactivation, and > > > > the second flag marks inodes that are in the process of being > > > > inactivated. A concurrent xfs_iget on the inode can still resurrect the > > > > inode by clearing NEEDS_INACTIVE (or bailing if INACTIVATING is set). > > > > > > > > Unfortunately, deferring the inactivation has one huge downside -- > > > > eventual consistency. Since all the freeing is deferred to a worker > > > > thread, one can rm a file but the space doesn't come back immediately. > > > > This can cause some odd side effects with quota accounting and statfs, > > > > so we also force inactivation scans in order to maintain the existing > > > > behaviors, at least outwardly. > > > > > > > > For this patch we'll set the delay to zero to mimic the old timing as > > > > much as possible; in the next patch we'll play with different delay > > > > settings. > > > > > > > > Signed-off-by: Darrick J. Wong <djwong@kernel.org> > > > .... > > > > diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c > > > > index a2a407039227..3a3baf56198b 100644 > > > > --- a/fs/xfs/xfs_fsops.c > > > > +++ b/fs/xfs/xfs_fsops.c > > > > @@ -19,6 +19,8 @@ > > > > #include "xfs_log.h" > > > > #include "xfs_ag.h" > > > > #include "xfs_ag_resv.h" > > > > +#include "xfs_inode.h" > > > > +#include "xfs_icache.h" > > > > > > > > /* > > > > * growfs operations > > > > @@ -290,6 +292,13 @@ xfs_fs_counts( > > > > xfs_mount_t *mp, > > > > xfs_fsop_counts_t *cnt) > > > > { > > > > + /* > > > > + * Process all the queued file and speculative preallocation cleanup so > > > > + * that the counter values we report here do not incorporate any > > > > + * resources that were previously deleted. > > > > + */ > > > > + xfs_inodegc_force(mp); > > > > > > xfs_fs_counts() is supposed to be a quick, non-blocking summary of > > > the state - it can never supply userspace with accurate values > > > because they are wrong even before the ioctl returns to userspace. > > > Hence we do not attempt to make them correct, just use a fast, point > > > in time sample of the current counter values. > > > > > > So this seems like an unnecessarily heavyweight operation > > > to add to this function.... > > > > I agree, xfs_inodegc_force is a heavyweight operation to add to statvfs > > and (further down) the quota reporting ioctl. I added these calls to > > maintain the user-visible behavior that one can df a mount, rm -rf a > > 30T directory tree, df again, and observe a 30T difference in available > > space between the two df calls. > > > > There are a lot of fstests that require this kind of behavior to pass. > > In my internal testing without this bit applied, I also got complaints > > about breaking the user-behavior of XFS that people have gotten used to. > > Yeah, that's messy, but I see a potential problem here with space > monitoring apps that poll the filesystem frequently to check space > usage. That's going to override whatever your background "do work" > setting is going to be... > > > Earlier revisions of this patchset tried to maintain counts of the > > resources used by the inactivated inode so that we could adjust the > > values reported by statvfs and the quota reporting ioctl. This meant we > > didn't have to delay either call at all, but it turns out that it's > > not feasible to maintain an accurate count of inactive resources because > > any resources that are shared at destroy_inode time cannot become part > > of this liar counter and consulting the refcountbt to decide which > > extents should be added just makes unlinking even slower. Worse yet, > > unsharing of shared blocks attached to queued inactive inodes implies > > either that we have to update the liar counter or that we have to be ok > > with the free block count fluctuating for a while after a deletion if > > that deletion ends up freeing more space than the liar counter thinks > > we can free by flushing inactivation. > > So the main problem is block accounting. Non-reflink stuff is easy > (the equivalent of delalloc accounting) but reflink is hard. > > > Hmm, maybe this could maintain an approxiate liar counter and only flush > > inactivation when the liar counter would cause us to be off by more than > > some configurable amount? The fstests that care about free space > > accounting are not going to be happy since they are measured with very > > tight tolerances. > > I'd prefer something that doesn't require a magic heuristic. I don't > have any better ideas right now, so let's just go with what you have > and see what falls out... Ok. I'll leave a comment to this effect. > > > > @@ -233,6 +242,94 @@ xfs_inode_clear_reclaim_tag( > > > > xfs_perag_clear_reclaim_tag(pag); > > > > } > > > > > > > > +/* Queue a new inode gc pass if there are inodes needing inactivation. */ > > > > +static void > > > > +xfs_inodegc_queue( > > > > + struct xfs_mount *mp) > > > > +{ > > > > + rcu_read_lock(); > > > > + if (radix_tree_tagged(&mp->m_perag_tree, XFS_ICI_INACTIVE_TAG)) > > > > + queue_delayed_work(mp->m_gc_workqueue, &mp->m_inodegc_work, > > > > + 2 * HZ); > > > > + rcu_read_unlock(); > > > > +} > > > > > > Why half a second and not something referenced against the inode > > > reclaim/sync period? > > > > It's actually 2 seconds, and the next patch adds a knob to tweak the > > default value. > > Ugh, 2 * HZ != 2Hz. Stupid bad generic timer code, always trips me > over. > > > The first version of this patchset from 2017 actually did just use > > (6 * xfs_syncd_centisecs / 10) like reclaim does. This turned out to be > > pretty foolish because that meant that reclaim and inactivation would > > start at the same time, and because inactivation is slow, most of them > > would miss the reclaim window and sit around pointlessly until the > > next one. > > > > The next iteration from mid 2019 changed this to (xfs_syncd_centisecs/5) > > which fixed that, but large deltree storms could lead to so many inodes > > being inactivated that we'd still miss the reclaim window sometimes. > > Around this time I got my djwong-dev tree hooked up to the ktest robot > > and it started complaining about performance regressions and noticeably > > higher slab usage for xfs inodes and log items. > > Right, I was thinking more along the lines of "run inactivation > twice for every background inode reclaim pass". It's clear that what > you were struggling with was that the interaction between the two > running at similar periods is not good, and hence no matter what the > background reclaim period is, we should process inactivated inodes a > at least a couple of times per reclaim period... > > > The next time I got back to this was shortly after Dave cleaned up the > > reclaim behavior (2020) to be driven by the AIL, which mostly fixed the > > performance complaints, except for the one about AIM7. I was intrigued > > enough by this to instrument the patchset and fstests and the fstests > > cloud hosts <cough> to see if I could derive a reasonable default value. > > > > I've observed through experimentation that 2 seconds seems like a good > > default value -- it's long enough to enable a lot of batching of > > inactive inodes, but short enough that the background thread can > > throttle the foreground threads by competing for the log grant heads. > > Right, it ends up about 2x per reclaim period by default. :) > > > I also noticed that the amount of overhead introduced by background > > inactivation (as measured by fstests run times and other <cough> > > performance tests) ranged from minimal at 0 seconds to about 20% at > > (6*xfs_syncd_centisecs/10). > > Which is about 20s period. yeah, that's way too long... > > > Honestly, this could just be zero. Assuming your distro has power > > efficient workqueues enabled, the ~4-10ms delay introduced by that is > > enough to realize some batching advantage with zero noticeable effect on > > performance. > > Yeah, the main benefit is moving it into the background so that the > syscall completion isn't running the entire inode inactivation pass. > That moves almost 50% of the unlink processing off to another thread > which is what we want for rm -rf workloads. Keeping the batch size > small is probably the best place to start with this - just enough > inodes to keep a CPU busy for a scheduler tick? Yeah, I'll set it to a tick ... in the next patch, when we actually set a real delay. > > > > > static void > > > > xfs_inew_wait( > > > > struct xfs_inode *ip) > > > > @@ -298,6 +395,13 @@ xfs_iget_check_free_state( > > > > struct xfs_inode *ip, > > > > int flags) > > > > { > > > > + /* > > > > + * Unlinked inodes awaiting inactivation must not be reused until we > > > > + * have a chance to clear the on-disk metadata. > > > > + */ > > > > + if (VFS_I(ip)->i_nlink == 0 && (ip->i_flags & XFS_NEED_INACTIVE)) > > > > + return -ENOENT; > > > > + > > > > if (flags & XFS_IGET_CREATE) { > > > > /* should be a free inode */ > > > > if (VFS_I(ip)->i_mode != 0) { > > > > > > How do we get here with an XFS_NEED_INACTIVE inode? > > > xfs_iget_check_free_state() is only called from the cache miss path, > > > > You added it to xfs_iget_cache_hit in 2018, commit afca6c5b2595f... > > Oh, cscope fail: > > File Function Line > 0 xfs/xfs_icache.c xfs_iget_check_free_state 297 xfs_iget_check_free_state( > 1 xfs/xfs_icache.c __releases 378 error = xfs_iget_check_free_state(ip, flags); > 2 xfs/xfs_icache.c xfs_iget_cache_miss 530 error = xfs_iget_check_free_state(ip, flags); > > "__releases" is a sparse annotation, so it didn't trigger that this > was actually in xfs_iget_cache_hit()... > > Never mind... > > > > > @@ -713,6 +904,43 @@ xfs_icache_inode_is_allocated( > > > > return 0; > > > > } > > > > > > > > +/* > > > > + * Grab the inode for inactivation exclusively. > > > > + * Return true if we grabbed it. > > > > + */ > > > > +static bool > > > > +xfs_inactive_grab( > > > > + struct xfs_inode *ip) > > > > +{ > > > > + ASSERT(rcu_read_lock_held()); > > > > + > > > > + /* quick check for stale RCU freed inode */ > > > > + if (!ip->i_ino) > > > > + return false; > > > > + > > > > + /* > > > > + * The radix tree lock here protects a thread in xfs_iget from racing > > > > + * with us starting reclaim on the inode. > > > > + * > > > > + * Due to RCU lookup, we may find inodes that have been freed and only > > > > + * have XFS_IRECLAIM set. Indeed, we may see reallocated inodes that > > > > + * aren't candidates for reclaim at all, so we must check the > > > > + * XFS_IRECLAIMABLE is set first before proceeding to reclaim. > > > > + * Obviously if XFS_NEED_INACTIVE isn't set then we ignore this inode. > > > > + */ > > > > + spin_lock(&ip->i_flags_lock); > > > > + if (!(ip->i_flags & XFS_NEED_INACTIVE) || > > > > + (ip->i_flags & XFS_INACTIVATING)) { > > > > + /* not a inactivation candidate. */ > > > > + spin_unlock(&ip->i_flags_lock); > > > > + return false; > > > > + } > > > > + > > > > + ip->i_flags |= XFS_INACTIVATING; > > > > + spin_unlock(&ip->i_flags_lock); > > > > + return true; > > > > +} > > > > + > > > > /* > > > > * The inode lookup is done in batches to keep the amount of lock traffic and > > > > * radix tree lookups to a minimum. The batch size is a trade off between > > > > @@ -736,6 +964,9 @@ xfs_inode_walk_ag_grab( > > > > > > > > ASSERT(rcu_read_lock_held()); > > > > > > > > + if (flags & XFS_INODE_WALK_INACTIVE) > > > > + return xfs_inactive_grab(ip); > > > > + > > > > > > Hmmm. This doesn't actually grab the inode. It's an unreferenced > > > inode walk, in a function that assumes that the grab() call returns > > > a referenced inode. Why isn't this using the inode reclaim walk > > > which is intended to walk unreferenced inodes? > > > > Because I thought that some day you might want to rebase the inode > > reclaim cleanups from 2019 and didn't want to slow either of us down by > > forcing a gigantic rebase. So I left the duplicative inode walk > > functions. > > > > FWIW these are current separate functions with separate call sites in > > xfs_inode_walk_ag since the "remove indirect calls from inode walk" > > series made it more convenient to have a separate function for each tag. > > > > As for the name ... reclaim also has a "grab" function even though it > > walks unreferenced inodes. > > Sure, but the reclaim code was always a special "unreferenced" > lookup that just used the same code structure. It never mixed > "igrab()" with unreferenced inode pinning... Hmm well so long as I'm adding another patch to consolidate the reclaim loop with xfs_inodes_walk, maybe I'll just rename it to "selected_for_walk()" so then the code will read: if (done || !selected_for_walk(tag, ip)) batch[i] = NULL; > > > > +xfs_inactive_inode( > > > > + struct xfs_inode *ip, > > > > + void *args) > > > > +{ > > > > + struct xfs_eofblocks *eofb = args; > > > > + struct xfs_perag *pag; > > > > + > > > > + ASSERT(ip->i_mount->m_super->s_writers.frozen < SB_FREEZE_FS); > > > > > > What condition is this trying to catch? It's something to do with > > > freeze, but you haven't documented what happens to inodes with > > > pending inactivation when a freeze is started.... > > > > Inactivation creates transactions, which means that we should never be > > running this at FREEZE_FS time. IOWs, it's a check that we can never > > stall a kernel thread indefinitely because the fs is frozen. > > What's the problem with doing that to a dedicated worker thread? We > currently stall inactivation on a frozen filesystem if a transaction > is required It seems unnecessary to wedge a worker thread like that when I could just cancel the work and reschedule it after the freeze... > > We can continue to queue inodes for inactivation on a frozen filesystem, > > and I was trying to avoid touching the umount lock in > > xfs_perag_set_inactive_tag to find out if the fs is actually frozen and > > therefore we shouldn't call xfs_inodegc_queue. > > I think stopping background inactivation for frozen filesystems make > more sense than this... ...oh hey, you seem to have reached the same conclusion. :) > > > > + > > > > + /* > > > > + * Not a match for our passed in scan filter? Put it back on the shelf > > > > + * and move on. > > > > + */ > > > > + spin_lock(&ip->i_flags_lock); > > > > + if (!xfs_inode_matches_eofb(ip, eofb)) { > > > > + ip->i_flags &= ~XFS_INACTIVATING; > > > > + spin_unlock(&ip->i_flags_lock); > > > > + return 0; > > > > + } > > > > + spin_unlock(&ip->i_flags_lock); > > > > > > IDGI. What do EOF blocks have to do with running inode inactivation > > > on this inode? > > > > This enables foreground threads that hit EDQUOT to look for inodes to > > inactivate in order to free up quota'd resources. > > Not very obvious - better comment, please? /* * Foreground threads that have hit ENOSPC or EDQUOT are allowed * to pass in a eofb structure to look for inodes to inactivate * immediately to free some resources. If this inode isn't a * match, put it back on the shelf and move on. */ Better? > > > I can't tell why this is necessary given what > > > xfs_unmount_flush_inodes() does. Or, alternatively, why > > > xfs_unmount_flush_inodes() can do what it does without caring about > > > per-ag space reservations.... > > > > > > > diff --git a/fs/xfs/xfs_qm_syscalls.c b/fs/xfs/xfs_qm_syscalls.c > > > > index ca1b57d291dc..0f9a1450fe0e 100644 > > > > --- a/fs/xfs/xfs_qm_syscalls.c > > > > +++ b/fs/xfs/xfs_qm_syscalls.c > > > > @@ -104,6 +104,12 @@ xfs_qm_scall_quotaoff( > > > > uint inactivate_flags; > > > > struct xfs_qoff_logitem *qoffstart = NULL; > > > > > > > > + /* > > > > + * Clean up the inactive list before we turn quota off, to reduce the > > > > + * amount of quotaoff work we have to do with the mutex held. > > > > + */ > > > > + xfs_inodegc_force(mp); > > > > + > > > > > > Hmmm. why not just stop background inactivation altogether while > > > quotaoff runs? i.e. just do normal, inline inactivation when > > > quotaoff is running, and then we can get rid of the whole "drop > > > dquot references" issue that background inactivation has... > > > > I suppose that would have an advantage that quotaoff could switch to > > foreground inactivation, flush the pending inactivation work to release > > the dquot references, and then dqflush_all to dump the dquots > > altogether. > > > > How do we add the ability to switch behaviors, though? The usual percpu > > rwsem that protects a flag? > > That's overkill. Global synchronisation doesn't need complex > structures, just a low cost reader path. > > All we need is an atomic bit that we can test via test_bit(). > test_bit() is not a locked operation, but it is atomic. Hence most > of the time it is a shared cacheline and hence has near zero cost to > check as it can be shared across all CPUs. > > Set the flag to turn off background inactivation, then all future > inactivations will be foreground. Then flush and stop the inodegc > work queue. When we finish processing the last inactivated inode, > the background work stops (i.e. it is not requeued). No more > pending background work. > > Clear the flag to turn background inactivation back on. The first > inode queued will restart that background work... > > > > > @@ -1720,6 +1749,13 @@ xfs_remount_ro( > > > > return error; > > > > } > > > > > > > > + /* > > > > + * Perform all on-disk metadata updates required to inactivate inodes. > > > > + * Since this can involve finobt updates, do it now before we lose the > > > > + * per-AG space reservations. > > > > + */ > > > > + xfs_inodegc_force(mp); > > > > > > Should we stop background inactivation, because we can't make > > > modifications anymore and hence background inactication makes little > > > sense... > > > > We don't actually stop background gc transactions or other internal > > updates on readonly filesystems > > Yes we do - that's what xfs_blockgc_stop() higher up in this > function does. xfs_log_clean() further down in the function also > stops the background log work (that covers the log when idle) > because xfs_remount_ro() leaves the log clean. > > THese all get restarted in xfs_remount_rw().... > > > -- the ro part means only that we don't > > let /userspace/ change anything directly. If you open a file readonly, > > unlink it, freeze the fs, and close the file, we'll still free it. > > How do you unlink the file on a RO mount? I got confused here. If you open a file readonly on a rw mount, unlink it, remount the fs readonly, and close the file, we'll still free it. > And if it's a rw mount that is frozen, it will block on the first > transaction in the inactivation process from close(), and block > there until the filesystem is unfrozen. > > It's pretty clear to me that we want frozen filesystems to > turn off background inactivation so that we can block things like > this in the syscall context and not have to deal with the complexity > of freeze or read-only mounts in the background inactivation code at > all.. Ok, will do. > Cheers, > > Dave. > -- > Dave Chinner > david@fromorbit.com
On Tue, Mar 23, 2021 at 07:04:07PM -0700, Darrick J. Wong wrote: > On Tue, Mar 23, 2021 at 04:19:07PM +1100, Dave Chinner wrote: > > On Mon, Mar 22, 2021 at 09:00:37PM -0700, Darrick J. Wong wrote: > > > On Tue, Mar 23, 2021 at 12:44:17PM +1100, Dave Chinner wrote: > > > > On Wed, Mar 10, 2021 at 07:06:13PM -0800, Darrick J. Wong wrote: > > > > > + /* > > > > > + * Not a match for our passed in scan filter? Put it back on the shelf > > > > > + * and move on. > > > > > + */ > > > > > + spin_lock(&ip->i_flags_lock); > > > > > + if (!xfs_inode_matches_eofb(ip, eofb)) { > > > > > + ip->i_flags &= ~XFS_INACTIVATING; > > > > > + spin_unlock(&ip->i_flags_lock); > > > > > + return 0; > > > > > + } > > > > > + spin_unlock(&ip->i_flags_lock); > > > > > > > > IDGI. What do EOF blocks have to do with running inode inactivation > > > > on this inode? > > > > > > This enables foreground threads that hit EDQUOT to look for inodes to > > > inactivate in order to free up quota'd resources. > > > > Not very obvious - better comment, please? > > /* > * Foreground threads that have hit ENOSPC or EDQUOT are allowed > * to pass in a eofb structure to look for inodes to inactivate > * immediately to free some resources. If this inode isn't a > * match, put it back on the shelf and move on. > */ > > Better? Yes. > > > > > + /* > > > > > + * Perform all on-disk metadata updates required to inactivate inodes. > > > > > + * Since this can involve finobt updates, do it now before we lose the > > > > > + * per-AG space reservations. > > > > > + */ > > > > > + xfs_inodegc_force(mp); > > > > > > > > Should we stop background inactivation, because we can't make > > > > modifications anymore and hence background inactication makes little > > > > sense... > > > > > > We don't actually stop background gc transactions or other internal > > > updates on readonly filesystems > > > > Yes we do - that's what xfs_blockgc_stop() higher up in this > > function does. xfs_log_clean() further down in the function also > > stops the background log work (that covers the log when idle) > > because xfs_remount_ro() leaves the log clean. > > > > THese all get restarted in xfs_remount_rw().... > > > > > -- the ro part means only that we don't > > > let /userspace/ change anything directly. If you open a file readonly, > > > unlink it, freeze the fs, and close the file, we'll still free it. > > > > How do you unlink the file on a RO mount? > > I got confused here. If you open a file readonly on a rw mount, unlink > it, remount the fs readonly, and close the file, we'll still free it. Not even that way. :) You can't remount-ro while there are open-but-unlinked files. See sb->s_remove_count. It's incremented when drop_link() drops the link count to zero in the unlink() syscall, then decremented when __destroy_inode() is called during inode eviction when the final reference goes away. Hence while we have open but unlinked inodes in active use, that superblock counter is non-zero. In sb_prepare_remount_readonly() we have: if (atomic_long_read(&sb->s_remove_count)) return -EBUSY; So a remount-ro will fail with -EBUSY while there are open but unlinked files. Except, of course, if you are doing an emergency remount-ro from sysrq, in which case these open-but-unlinked checks are not done, but when we are forcing the fs to be read-only this way, it's not being done for correctness (i.e the system is about to be shot down) so we don't really care... Cheers, Dave.
On Mon, Mar 22, 2021 at 09:00:37PM -0700, Darrick J. Wong wrote: > Hmm, maybe this could maintain an approxiate liar counter and only flush > inactivation when the liar counter would cause us to be off by more than > some configurable amount? The fstests that care about free space > accounting are not going to be happy since they are measured with very > tight tolerances. Yes, I think some kind of fuzzy logic instead of the heavy weight flush on supposedly light weight operations. > > static void > > xfs_inode_clear_tag( > > struct xfs_perag *pag, > > xfs_ino_t ino, > > int tag) > > { > > struct xfs_mount *mp = pag->pag_mount; > > > > lockdep_assert_held(&pag->pag_ici_lock); > > radix_tree_tag_clear(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ino), > > tag); > > switch(tag) { > > case XFS_ICI_INACTIVE_TAG: > > if (--pag->pag_ici_inactive) > > return; > > break; > > case XFS_ICI_RECLAIM_TAG: > > if (--pag->pag_ici_reclaim) > > return; > > break; > > default: > > ASSERT(0); > > return; > > } > > > > spin_lock(&mp->m_perag_lock); > > radix_tree_tag_clear(&mp->m_perag_tree, pag->pag_agno, tag); > > spin_unlock(&mp->m_perag_lock); > > } > > > > As a followup patch? The set tag case looks similarly easy to make > > generic... > > Yeah. At this point I might as well just clean all of this up for the > next revision of this series, because as I said earlier I had thought > that you were still working on a second rework of reclaim. Now that I > know you're not, I'll hack away at this twisty pile too. If the separate tags aren't going to disappear entirely: it would be nice to move the counters (or any other duplicated variable) into an array index by the tax, which would clean the above and similar code even more. > We don't actually stop background gc transactions or other internal > updates on readonly filesystems -- the ro part means only that we don't > let /userspace/ change anything directly. If you open a file readonly, > unlink it, freeze the fs, and close the file, we'll still free it. Note that there are two different read-only concepts in Linux: 1) the read-only mount, as reflected in the vfsmount. For this your description above is spot-on 2) the read-only superblock, as indicated by the sb flag. This is usually due to an read-only block device, and we must not write anything to the device, as that typically will lead to an I/O error.
On Wed, Mar 24, 2021 at 03:57:06PM +1100, Dave Chinner wrote: > On Tue, Mar 23, 2021 at 07:04:07PM -0700, Darrick J. Wong wrote: > > On Tue, Mar 23, 2021 at 04:19:07PM +1100, Dave Chinner wrote: > > > On Mon, Mar 22, 2021 at 09:00:37PM -0700, Darrick J. Wong wrote: > > > > On Tue, Mar 23, 2021 at 12:44:17PM +1100, Dave Chinner wrote: > > > > > On Wed, Mar 10, 2021 at 07:06:13PM -0800, Darrick J. Wong wrote: > > > > > > + /* > > > > > > + * Not a match for our passed in scan filter? Put it back on the shelf > > > > > > + * and move on. > > > > > > + */ > > > > > > + spin_lock(&ip->i_flags_lock); > > > > > > + if (!xfs_inode_matches_eofb(ip, eofb)) { > > > > > > + ip->i_flags &= ~XFS_INACTIVATING; > > > > > > + spin_unlock(&ip->i_flags_lock); > > > > > > + return 0; > > > > > > + } > > > > > > + spin_unlock(&ip->i_flags_lock); > > > > > > > > > > IDGI. What do EOF blocks have to do with running inode inactivation > > > > > on this inode? > > > > > > > > This enables foreground threads that hit EDQUOT to look for inodes to > > > > inactivate in order to free up quota'd resources. > > > > > > Not very obvious - better comment, please? > > > > /* > > * Foreground threads that have hit ENOSPC or EDQUOT are allowed > > * to pass in a eofb structure to look for inodes to inactivate > > * immediately to free some resources. If this inode isn't a > > * match, put it back on the shelf and move on. > > */ > > > > Better? > > Yes. > > > > > > > + /* > > > > > > + * Perform all on-disk metadata updates required to inactivate inodes. > > > > > > + * Since this can involve finobt updates, do it now before we lose the > > > > > > + * per-AG space reservations. > > > > > > + */ > > > > > > + xfs_inodegc_force(mp); > > > > > > > > > > Should we stop background inactivation, because we can't make > > > > > modifications anymore and hence background inactication makes little > > > > > sense... Ahhh, now I remember why the blockgc and inodegc workers call sb_start_write before running any transactions. We don't want the threads to stall on transaction allocation when the fs is at FREEZE_FS, which means that we have to cancel the work before we get there. That means it's too late to cancel the work items in xfs_fs_freeze. We can't cancel the work items from a ->freeze_super handler before calling freeze_super(), because we haven't taken any locks yet, and we're still unfrozen. For blockgc I solved this problem by making the worker get FREEZE_WRITE protection so that we can't freeze the fs until the work is done. Then we don't have to care that much about ensuring that the worker threads cannot run while the fs is frozen. But that's a bit sloppy, since they're still consuming CPU time. I could solve this problem by observing that freeze_super calls sync_filesystem when the fs is in FREEZE_PAGEFAULTS and is about to move to FREEZE_FS, but that seems ugly and hacky. > > > > > > > > We don't actually stop background gc transactions or other internal > > > > updates on readonly filesystems > > > > > > Yes we do - that's what xfs_blockgc_stop() higher up in this > > > function does. xfs_log_clean() further down in the function also > > > stops the background log work (that covers the log when idle) > > > because xfs_remount_ro() leaves the log clean. > > > > > > THese all get restarted in xfs_remount_rw().... > > > > > > > -- the ro part means only that we don't > > > > let /userspace/ change anything directly. If you open a file readonly, > > > > unlink it, freeze the fs, and close the file, we'll still free it. > > > > > > How do you unlink the file on a RO mount? > > > > I got confused here. If you open a file readonly on a rw mount, unlink > > it, remount the fs readonly, and close the file, we'll still free it. > > Not even that way. :) > > You can't remount-ro while there are open-but-unlinked files. See > sb->s_remove_count. It's incremented when drop_link() drops the link > count to zero in the unlink() syscall, then decremented when > __destroy_inode() is called during inode eviction when the final > reference goes away. Hence while we have open but unlinked inodes in > active use, that superblock counter is non-zero. > > In sb_prepare_remount_readonly() we have: > > if (atomic_long_read(&sb->s_remove_count)) > return -EBUSY; > > So a remount-ro will fail with -EBUSY while there are open but > unlinked files. Ah, ok. > Except, of course, if you are doing an emergency remount-ro from > sysrq, in which case these open-but-unlinked checks are not done, > but when we are forcing the fs to be read-only this way, it's not > being done for correctness (i.e the system is about to be shot down) > so we don't really care... Well yes, most bets are off during emergency ro-remounts. :) --D > > Cheers, > > Dave. > -- > Dave Chinner > david@fromorbit.com
On Wed, Mar 24, 2021 at 05:53:11PM +0000, Christoph Hellwig wrote: > On Mon, Mar 22, 2021 at 09:00:37PM -0700, Darrick J. Wong wrote: > > Hmm, maybe this could maintain an approxiate liar counter and only flush > > inactivation when the liar counter would cause us to be off by more than > > some configurable amount? The fstests that care about free space > > accounting are not going to be happy since they are measured with very > > tight tolerances. > > Yes, I think some kind of fuzzy logic instead of the heavy weight flush > on supposedly light weight operations. Any suggestions? I'll try adding a ratelimit to see if that shuts up fstests while preventing userspace from pounding too hard on inactivation. > > > static void > > > xfs_inode_clear_tag( > > > struct xfs_perag *pag, > > > xfs_ino_t ino, > > > int tag) > > > { > > > struct xfs_mount *mp = pag->pag_mount; > > > > > > lockdep_assert_held(&pag->pag_ici_lock); > > > radix_tree_tag_clear(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ino), > > > tag); > > > switch(tag) { > > > case XFS_ICI_INACTIVE_TAG: > > > if (--pag->pag_ici_inactive) > > > return; > > > break; > > > case XFS_ICI_RECLAIM_TAG: > > > if (--pag->pag_ici_reclaim) > > > return; > > > break; > > > default: > > > ASSERT(0); > > > return; > > > } > > > > > > spin_lock(&mp->m_perag_lock); > > > radix_tree_tag_clear(&mp->m_perag_tree, pag->pag_agno, tag); > > > spin_unlock(&mp->m_perag_lock); > > > } > > > > > > As a followup patch? The set tag case looks similarly easy to make > > > generic... > > > > Yeah. At this point I might as well just clean all of this up for the > > next revision of this series, because as I said earlier I had thought > > that you were still working on a second rework of reclaim. Now that I > > know you're not, I'll hack away at this twisty pile too. > > If the separate tags aren't going to disappear entirely: it would be nice > to move the counters (or any other duplicated variable) into an array > index by the tax, which would clean the above and similar code even more. Ok done. I refactored xfs_perag_{clear,set}_reclaim_tag into a generic helper that sets an ICI tag on the inode radix tree and the perag radix tree. This cleaned up a bunch of redundant code, and enabled me to trim down the inactivation patch quite a bit. Now each function that wants to set inode flags does so directly (after taking the locks) and calls the ICI helper to deal with the radix trees. Also, refactoring reclaim to use xfs_inode_walk was pretty simple, and I even integrated (rather heavily modified) code from the "void *args" -> "eofb" and the "get rid of iter_flags" patches you posted. > > We don't actually stop background gc transactions or other internal > > updates on readonly filesystems -- the ro part means only that we don't > > let /userspace/ change anything directly. If you open a file readonly, > > unlink it, freeze the fs, and close the file, we'll still free it. > > Note that there are two different read-only concepts in Linux: > > 1) the read-only mount, as reflected in the vfsmount. For this your > description above is spot-on > 2) the read-only superblock, as indicated by the sb flag. This is > usually due to an read-only block device, and we must not write > anything to the device, as that typically will lead to an I/O error. <nod> I /think/ we handle this properly, but it's late... --D
diff --git a/Documentation/admin-guide/xfs.rst b/Documentation/admin-guide/xfs.rst index 8de008c0c5ad..f9b109bfc6a6 100644 --- a/Documentation/admin-guide/xfs.rst +++ b/Documentation/admin-guide/xfs.rst @@ -524,7 +524,8 @@ and the short name of the data device. They all can be found in: mount time quotacheck. xfs-gc Background garbage collection of disk space that have been speculatively allocated beyond EOF or for staging copy on - write operations. + write operations; and files that are no longer linked into + the directory tree. ================ =========== For example, the knobs for the quotacheck workqueue for /dev/nvme0n1 would be diff --git a/fs/xfs/scrub/common.c b/fs/xfs/scrub/common.c index da60e7d1f895..8bc824515e0b 100644 --- a/fs/xfs/scrub/common.c +++ b/fs/xfs/scrub/common.c @@ -886,6 +886,7 @@ xchk_stop_reaping( { sc->flags |= XCHK_REAPING_DISABLED; xfs_blockgc_stop(sc->mp); + xfs_inodegc_stop(sc->mp); } /* Restart background reaping of resources. */ @@ -893,6 +894,7 @@ void xchk_start_reaping( struct xfs_scrub *sc) { + xfs_inodegc_start(sc->mp); xfs_blockgc_start(sc->mp); sc->flags &= ~XCHK_REAPING_DISABLED; } diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c index a2a407039227..3a3baf56198b 100644 --- a/fs/xfs/xfs_fsops.c +++ b/fs/xfs/xfs_fsops.c @@ -19,6 +19,8 @@ #include "xfs_log.h" #include "xfs_ag.h" #include "xfs_ag_resv.h" +#include "xfs_inode.h" +#include "xfs_icache.h" /* * growfs operations @@ -290,6 +292,13 @@ xfs_fs_counts( xfs_mount_t *mp, xfs_fsop_counts_t *cnt) { + /* + * Process all the queued file and speculative preallocation cleanup so + * that the counter values we report here do not incorporate any + * resources that were previously deleted. + */ + xfs_inodegc_force(mp); + cnt->allocino = percpu_counter_read_positive(&mp->m_icount); cnt->freeino = percpu_counter_read_positive(&mp->m_ifree); cnt->freedata = percpu_counter_read_positive(&mp->m_fdblocks) - diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c index e6a62f765422..1b7652af5ee5 100644 --- a/fs/xfs/xfs_icache.c +++ b/fs/xfs/xfs_icache.c @@ -195,6 +195,18 @@ xfs_perag_clear_reclaim_tag( trace_xfs_perag_clear_reclaim(mp, pag->pag_agno, -1, _RET_IP_); } +static void +__xfs_inode_set_reclaim_tag( + struct xfs_perag *pag, + struct xfs_inode *ip) +{ + struct xfs_mount *mp = ip->i_mount; + + radix_tree_tag_set(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ip->i_ino), + XFS_ICI_RECLAIM_TAG); + xfs_perag_set_reclaim_tag(pag); + __xfs_iflags_set(ip, XFS_IRECLAIMABLE); +} /* * We set the inode flag atomically with the radix tree tag. @@ -212,10 +224,7 @@ xfs_inode_set_reclaim_tag( spin_lock(&pag->pag_ici_lock); spin_lock(&ip->i_flags_lock); - radix_tree_tag_set(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ip->i_ino), - XFS_ICI_RECLAIM_TAG); - xfs_perag_set_reclaim_tag(pag); - __xfs_iflags_set(ip, XFS_IRECLAIMABLE); + __xfs_inode_set_reclaim_tag(pag, ip); spin_unlock(&ip->i_flags_lock); spin_unlock(&pag->pag_ici_lock); @@ -233,6 +242,94 @@ xfs_inode_clear_reclaim_tag( xfs_perag_clear_reclaim_tag(pag); } +/* Queue a new inode gc pass if there are inodes needing inactivation. */ +static void +xfs_inodegc_queue( + struct xfs_mount *mp) +{ + rcu_read_lock(); + if (radix_tree_tagged(&mp->m_perag_tree, XFS_ICI_INACTIVE_TAG)) + queue_delayed_work(mp->m_gc_workqueue, &mp->m_inodegc_work, + 2 * HZ); + rcu_read_unlock(); +} + +/* Remember that an AG has one more inode to inactivate. */ +static void +xfs_perag_set_inactive_tag( + struct xfs_perag *pag) +{ + struct xfs_mount *mp = pag->pag_mount; + + lockdep_assert_held(&pag->pag_ici_lock); + if (pag->pag_ici_inactive++) + return; + + /* propagate the inactive tag up into the perag radix tree */ + spin_lock(&mp->m_perag_lock); + radix_tree_tag_set(&mp->m_perag_tree, pag->pag_agno, + XFS_ICI_INACTIVE_TAG); + spin_unlock(&mp->m_perag_lock); + + /* schedule periodic background inode inactivation */ + xfs_inodegc_queue(mp); + + trace_xfs_perag_set_inactive(mp, pag->pag_agno, -1, _RET_IP_); +} + +/* Set this inode's inactive tag and set the per-AG tag. */ +void +xfs_inode_set_inactive_tag( + struct xfs_inode *ip) +{ + struct xfs_mount *mp = ip->i_mount; + struct xfs_perag *pag; + + pag = xfs_perag_get(mp, XFS_INO_TO_AGNO(mp, ip->i_ino)); + spin_lock(&pag->pag_ici_lock); + spin_lock(&ip->i_flags_lock); + + radix_tree_tag_set(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ip->i_ino), + XFS_ICI_INACTIVE_TAG); + xfs_perag_set_inactive_tag(pag); + __xfs_iflags_set(ip, XFS_NEED_INACTIVE); + + spin_unlock(&ip->i_flags_lock); + spin_unlock(&pag->pag_ici_lock); + xfs_perag_put(pag); +} + +/* Remember that an AG has one less inode to inactivate. */ +static void +xfs_perag_clear_inactive_tag( + struct xfs_perag *pag) +{ + struct xfs_mount *mp = pag->pag_mount; + + lockdep_assert_held(&pag->pag_ici_lock); + if (--pag->pag_ici_inactive) + return; + + /* clear the inactive tag from the perag radix tree */ + spin_lock(&mp->m_perag_lock); + radix_tree_tag_clear(&mp->m_perag_tree, pag->pag_agno, + XFS_ICI_INACTIVE_TAG); + spin_unlock(&mp->m_perag_lock); + trace_xfs_perag_clear_inactive(mp, pag->pag_agno, -1, _RET_IP_); +} + +/* Clear this inode's inactive tag and try to clear the AG's. */ +STATIC void +xfs_inode_clear_inactive_tag( + struct xfs_perag *pag, + xfs_ino_t ino) +{ + radix_tree_tag_clear(&pag->pag_ici_root, + XFS_INO_TO_AGINO(pag->pag_mount, ino), + XFS_ICI_INACTIVE_TAG); + xfs_perag_clear_inactive_tag(pag); +} + static void xfs_inew_wait( struct xfs_inode *ip) @@ -298,6 +395,13 @@ xfs_iget_check_free_state( struct xfs_inode *ip, int flags) { + /* + * Unlinked inodes awaiting inactivation must not be reused until we + * have a chance to clear the on-disk metadata. + */ + if (VFS_I(ip)->i_nlink == 0 && (ip->i_flags & XFS_NEED_INACTIVE)) + return -ENOENT; + if (flags & XFS_IGET_CREATE) { /* should be a free inode */ if (VFS_I(ip)->i_mode != 0) { @@ -323,6 +427,67 @@ xfs_iget_check_free_state( return 0; } +/* + * We've torn down the VFS part of this NEED_INACTIVE inode, so we need to get + * it back into working state. + */ +static int +xfs_iget_inactive( + struct xfs_perag *pag, + struct xfs_inode *ip) +{ + struct xfs_mount *mp = ip->i_mount; + struct inode *inode = VFS_I(ip); + int error; + + error = xfs_reinit_inode(mp, inode); + if (error) { + bool wake; + /* + * Re-initializing the inode failed, and we are in deep + * trouble. Try to re-add it to the inactive list. + */ + rcu_read_lock(); + spin_lock(&ip->i_flags_lock); + wake = !!__xfs_iflags_test(ip, XFS_INEW); + ip->i_flags &= ~(XFS_INEW | XFS_INACTIVATING); + if (wake) + wake_up_bit(&ip->i_flags, __XFS_INEW_BIT); + ASSERT(ip->i_flags & XFS_NEED_INACTIVE); + trace_xfs_iget_inactive_fail(ip); + spin_unlock(&ip->i_flags_lock); + rcu_read_unlock(); + return error; + } + + spin_lock(&pag->pag_ici_lock); + spin_lock(&ip->i_flags_lock); + + /* + * Clear the per-lifetime state in the inode as we are now effectively + * a new inode and need to return to the initial state before reuse + * occurs. + */ + ip->i_flags &= ~XFS_IRECLAIM_RESET_FLAGS; + ip->i_flags |= XFS_INEW; + xfs_inode_clear_inactive_tag(pag, ip->i_ino); + inode->i_state = I_NEW; + ip->i_sick = 0; + ip->i_checked = 0; + + ASSERT(!rwsem_is_locked(&inode->i_rwsem)); + init_rwsem(&inode->i_rwsem); + + spin_unlock(&ip->i_flags_lock); + spin_unlock(&pag->pag_ici_lock); + + /* + * Reattach dquots since we might have removed them when we put this + * inode on the inactivation list. + */ + return xfs_qm_dqattach(ip); +} + /* * Check the validity of the inode we just found it the cache */ @@ -357,14 +522,14 @@ xfs_iget_cache_hit( /* * If we are racing with another cache hit that is currently * instantiating this inode or currently recycling it out of - * reclaimabe state, wait for the initialisation to complete + * reclaimable state, wait for the initialisation to complete * before continuing. * * XXX(hch): eventually we should do something equivalent to * wait_on_inode to wait for these flags to be cleared * instead of polling for it. */ - if (ip->i_flags & (XFS_INEW|XFS_IRECLAIM)) { + if (ip->i_flags & (XFS_INEW | XFS_IRECLAIM | XFS_INACTIVATING)) { trace_xfs_iget_skip(ip); XFS_STATS_INC(mp, xs_ig_frecycle); error = -EAGAIN; @@ -438,6 +603,32 @@ xfs_iget_cache_hit( spin_unlock(&ip->i_flags_lock); spin_unlock(&pag->pag_ici_lock); + } else if (ip->i_flags & XFS_NEED_INACTIVE) { + /* + * If NEED_INACTIVE is set, we've torn down the VFS inode and + * need to carefully get it back into useable state. + */ + trace_xfs_iget_inactive(ip); + + if (flags & XFS_IGET_INCORE) { + error = -EAGAIN; + goto out_error; + } + + /* + * We need to set XFS_INACTIVATING to prevent + * xfs_inactive_inode from stomping over us while we recycle + * the inode. We can't clear the radix tree inactive tag yet + * as it requires pag_ici_lock to be held exclusive. + */ + ip->i_flags |= XFS_INACTIVATING; + + spin_unlock(&ip->i_flags_lock); + rcu_read_unlock(); + + error = xfs_iget_inactive(pag, ip); + if (error) + return error; } else { /* If the VFS inode is being torn down, pause and try again. */ if (!igrab(inode)) { @@ -713,6 +904,43 @@ xfs_icache_inode_is_allocated( return 0; } +/* + * Grab the inode for inactivation exclusively. + * Return true if we grabbed it. + */ +static bool +xfs_inactive_grab( + struct xfs_inode *ip) +{ + ASSERT(rcu_read_lock_held()); + + /* quick check for stale RCU freed inode */ + if (!ip->i_ino) + return false; + + /* + * The radix tree lock here protects a thread in xfs_iget from racing + * with us starting reclaim on the inode. + * + * Due to RCU lookup, we may find inodes that have been freed and only + * have XFS_IRECLAIM set. Indeed, we may see reallocated inodes that + * aren't candidates for reclaim at all, so we must check the + * XFS_IRECLAIMABLE is set first before proceeding to reclaim. + * Obviously if XFS_NEED_INACTIVE isn't set then we ignore this inode. + */ + spin_lock(&ip->i_flags_lock); + if (!(ip->i_flags & XFS_NEED_INACTIVE) || + (ip->i_flags & XFS_INACTIVATING)) { + /* not a inactivation candidate. */ + spin_unlock(&ip->i_flags_lock); + return false; + } + + ip->i_flags |= XFS_INACTIVATING; + spin_unlock(&ip->i_flags_lock); + return true; +} + /* * The inode lookup is done in batches to keep the amount of lock traffic and * radix tree lookups to a minimum. The batch size is a trade off between @@ -736,6 +964,9 @@ xfs_inode_walk_ag_grab( ASSERT(rcu_read_lock_held()); + if (flags & XFS_INODE_WALK_INACTIVE) + return xfs_inactive_grab(ip); + /* Check for stale RCU freed inode */ spin_lock(&ip->i_flags_lock); if (!ip->i_ino) @@ -743,7 +974,8 @@ xfs_inode_walk_ag_grab( /* avoid new or reclaimable inodes. Leave for reclaim code to flush */ if ((!newinos && __xfs_iflags_test(ip, XFS_INEW)) || - __xfs_iflags_test(ip, XFS_IRECLAIMABLE | XFS_IRECLAIM)) + __xfs_iflags_test(ip, XFS_IRECLAIMABLE | XFS_IRECLAIM | + XFS_NEED_INACTIVE | XFS_INACTIVATING)) goto out_unlock_noent; spin_unlock(&ip->i_flags_lock); @@ -848,7 +1080,8 @@ xfs_inode_walk_ag( xfs_iflags_test(batch[i], XFS_INEW)) xfs_inew_wait(batch[i]); error = execute(batch[i], args); - xfs_irele(batch[i]); + if (!(iter_flags & XFS_INODE_WALK_INACTIVE)) + xfs_irele(batch[i]); if (error == -EAGAIN) { skipped++; continue; @@ -986,6 +1219,7 @@ xfs_reclaim_inode( xfs_iflags_clear(ip, XFS_IFLUSHING); reclaim: + trace_xfs_inode_reclaiming(ip); /* * Because we use RCU freeing we need to ensure the inode always appears @@ -1705,3 +1939,189 @@ xfs_blockgc_free_quota( xfs_inode_dquot(ip, XFS_DQTYPE_GROUP), xfs_inode_dquot(ip, XFS_DQTYPE_PROJ), eof_flags); } + +/* + * Deferred Inode Inactivation + * =========================== + * + * Sometimes, inodes need to have work done on them once the last program has + * closed the file. Typically this means cleaning out any leftover post-eof or + * CoW staging blocks for linked files. For inodes that have been totally + * unlinked, this means unmapping data/attr/cow blocks, removing the inode + * from the unlinked buckets, and marking it free in the inobt and inode table. + * + * This process can generate many metadata updates, which shows up as close() + * and unlink() calls that take a long time. We defer all that work to a + * per-AG workqueue which means that we can batch a lot of work and do it in + * inode order for better performance. Furthermore, we can control the + * workqueue, which means that we can avoid doing inactivation work at a bad + * time, such as when the fs is frozen. + * + * Deferred inactivation introduces new inode flag states (NEED_INACTIVE and + * INACTIVATING) and adds a new INACTIVE radix tree tag for fast access. We + * maintain separate perag counters for both types, and move counts as inodes + * wander the state machine, which now works as follows: + * + * If the inode needs inactivation, we: + * - Set the NEED_INACTIVE inode flag + * - Increment the per-AG inactive count + * - Set the INACTIVE tag in the per-AG inode tree + * - Set the INACTIVE tag in the per-fs AG tree + * - Schedule background inode inactivation + * + * If the inode does not need inactivation, we: + * - Set the RECLAIMABLE inode flag + * - Increment the per-AG reclaim count + * - Set the RECLAIM tag in the per-AG inode tree + * - Set the RECLAIM tag in the per-fs AG tree + * - Schedule background inode reclamation + * + * When it is time for background inode inactivation, we: + * - Set the INACTIVATING inode flag + * - Make all the on-disk updates + * - Clear both INACTIVATING and NEED_INACTIVE inode flags + * - Decrement the per-AG inactive count + * - Clear the INACTIVE tag in the per-AG inode tree + * - Clear the INACTIVE tag in the per-fs AG tree if that was the last one + * - Kick the inode into reclamation per the previous paragraph. + * + * When it is time for background inode reclamation, we: + * - Set the IRECLAIM inode flag + * - Detach all the resources and remove the inode from the per-AG inode tree + * - Clear both IRECLAIM and RECLAIMABLE inode flags + * - Decrement the per-AG reclaim count + * - Clear the RECLAIM tag from the per-AG inode tree + * - Clear the RECLAIM tag from the per-fs AG tree if there are no more + * inodes waiting for reclamation or inactivation + * + * Note that xfs_inodegc_queue and xfs_inactive_grab are further up in + * the source code so that we avoid static function declarations. + */ + +/* Inactivate this inode. */ +STATIC int +xfs_inactive_inode( + struct xfs_inode *ip, + void *args) +{ + struct xfs_eofblocks *eofb = args; + struct xfs_perag *pag; + + ASSERT(ip->i_mount->m_super->s_writers.frozen < SB_FREEZE_FS); + + /* + * Not a match for our passed in scan filter? Put it back on the shelf + * and move on. + */ + spin_lock(&ip->i_flags_lock); + if (!xfs_inode_matches_eofb(ip, eofb)) { + ip->i_flags &= ~XFS_INACTIVATING; + spin_unlock(&ip->i_flags_lock); + return 0; + } + spin_unlock(&ip->i_flags_lock); + + trace_xfs_inode_inactivating(ip); + + xfs_inactive(ip); + ASSERT(XFS_FORCED_SHUTDOWN(ip->i_mount) || ip->i_delayed_blks == 0); + + /* + * Clear the inactive state flags and schedule a reclaim run once + * we're done with the inactivations. We must ensure that the inode + * smoothly transitions from inactivating to reclaimable so that iget + * cannot see either data structure midway through the transition. + */ + pag = xfs_perag_get(ip->i_mount, + XFS_INO_TO_AGNO(ip->i_mount, ip->i_ino)); + spin_lock(&pag->pag_ici_lock); + spin_lock(&ip->i_flags_lock); + + ip->i_flags &= ~(XFS_NEED_INACTIVE | XFS_INACTIVATING); + xfs_inode_clear_inactive_tag(pag, ip->i_ino); + + __xfs_inode_set_reclaim_tag(pag, ip); + + spin_unlock(&ip->i_flags_lock); + spin_unlock(&pag->pag_ici_lock); + xfs_perag_put(pag); + + return 0; +} + +/* + * Walk the AGs and reclaim the inodes in them. Even if the filesystem is + * corrupted, we still need to clear the INACTIVE iflag so that we can move + * on to reclaiming the inode. + */ +static int +xfs_inodegc_free_space( + struct xfs_mount *mp, + struct xfs_eofblocks *eofb) +{ + return xfs_inode_walk(mp, XFS_INODE_WALK_INACTIVE, + xfs_inactive_inode, eofb, XFS_ICI_INACTIVE_TAG); +} + +/* Try to get inode inactivation moving. */ +void +xfs_inodegc_worker( + struct work_struct *work) +{ + struct xfs_mount *mp = container_of(to_delayed_work(work), + struct xfs_mount, m_inodegc_work); + int error; + + /* + * We want to skip inode inactivation while the filesystem is frozen + * because we don't want the inactivation thread to block while taking + * sb_intwrite. Therefore, we try to take sb_write for the duration + * of the inactive scan -- a freeze attempt will block until we're + * done here, and if the fs is past stage 1 freeze we'll bounce out + * until things unfreeze. If the fs goes down while frozen we'll + * still have log recovery to clean up after us. + */ + if (!sb_start_write_trylock(mp->m_super)) + return; + + error = xfs_inodegc_free_space(mp, NULL); + if (error && error != -EAGAIN) + xfs_err(mp, "inode inactivation failed, error %d", error); + + sb_end_write(mp->m_super); + xfs_inodegc_queue(mp); +} + +/* Force all queued inode inactivation work to run immediately. */ +void +xfs_inodegc_force( + struct xfs_mount *mp) +{ + /* + * In order to reset the delay timer to run immediately, we have to + * cancel the work item and requeue it with a zero timer value. We + * don't care if the worker races with our requeue, because at worst + * we iterate the radix tree and find no inodes to inactivate. + */ + if (!cancel_delayed_work(&mp->m_inodegc_work)) + return; + + queue_delayed_work(mp->m_gc_workqueue, &mp->m_inodegc_work, 0); + flush_delayed_work(&mp->m_inodegc_work); +} + +/* Stop all queued inactivation work. */ +void +xfs_inodegc_stop( + struct xfs_mount *mp) +{ + cancel_delayed_work_sync(&mp->m_inodegc_work); +} + +/* Schedule deferred inode inactivation work. */ +void +xfs_inodegc_start( + struct xfs_mount *mp) +{ + xfs_inodegc_queue(mp); +} diff --git a/fs/xfs/xfs_icache.h b/fs/xfs/xfs_icache.h index d1fddb152420..c199b920722a 100644 --- a/fs/xfs/xfs_icache.h +++ b/fs/xfs/xfs_icache.h @@ -25,6 +25,8 @@ struct xfs_eofblocks { #define XFS_ICI_RECLAIM_TAG 0 /* inode is to be reclaimed */ /* Inode has speculative preallocations (posteof or cow) to clean. */ #define XFS_ICI_BLOCKGC_TAG 1 +/* Inode can be inactivated. */ +#define XFS_ICI_INACTIVE_TAG 2 /* * Flags for xfs_iget() @@ -38,6 +40,7 @@ struct xfs_eofblocks { * flags for AG inode iterator */ #define XFS_INODE_WALK_INEW_WAIT 0x1 /* wait on new inodes */ +#define XFS_INODE_WALK_INACTIVE 0x2 /* inactivation loop */ int xfs_iget(struct xfs_mount *mp, struct xfs_trans *tp, xfs_ino_t ino, uint flags, uint lock_flags, xfs_inode_t **ipp); @@ -53,6 +56,7 @@ int xfs_reclaim_inodes_count(struct xfs_mount *mp); long xfs_reclaim_inodes_nr(struct xfs_mount *mp, int nr_to_scan); void xfs_inode_set_reclaim_tag(struct xfs_inode *ip); +void xfs_inode_set_inactive_tag(struct xfs_inode *ip); int xfs_blockgc_free_dquots(struct xfs_mount *mp, struct xfs_dquot *udqp, struct xfs_dquot *gdqp, struct xfs_dquot *pdqp, @@ -78,4 +82,9 @@ int xfs_icache_inode_is_allocated(struct xfs_mount *mp, struct xfs_trans *tp, void xfs_blockgc_stop(struct xfs_mount *mp); void xfs_blockgc_start(struct xfs_mount *mp); +void xfs_inodegc_worker(struct work_struct *work); +void xfs_inodegc_force(struct xfs_mount *mp); +void xfs_inodegc_stop(struct xfs_mount *mp); +void xfs_inodegc_start(struct xfs_mount *mp); + #endif diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 65897cb0cf2a..f20694f220c8 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -1665,6 +1665,35 @@ xfs_inactive_ifree( return 0; } +/* Prepare inode for inactivation. */ +void +xfs_inode_inactivation_prep( + struct xfs_inode *ip) +{ + if (XFS_FORCED_SHUTDOWN(ip->i_mount)) + return; + + /* + * If this inode is unlinked (and now unreferenced) we need to dispose + * of it in the on disk metadata. + * + * Change the generation so that the inode can't be opened by handle + * now that the last external references has dropped. Bulkstat won't + * return inodes with zero nlink so nobody will ever find this inode + * again. Then add this inode & blocks to the counts of things that + * will be freed during the next inactivation run. + */ + if (VFS_I(ip)->i_nlink == 0) + VFS_I(ip)->i_generation = prandom_u32(); + + /* + * Detach dquots just in case someone tries a quotaoff while the inode + * is waiting on the inactive list. We'll reattach them (if needed) + * when inactivating the inode. + */ + xfs_qm_dqdetach(ip); +} + /* * Returns true if we need to update the on-disk metadata before we can free * the memory used by this inode. Updates include freeing post-eof @@ -1738,7 +1767,7 @@ xfs_inode_needs_inactivation( */ void xfs_inactive( - xfs_inode_t *ip) + struct xfs_inode *ip) { struct xfs_mount *mp; int error; @@ -1764,6 +1793,16 @@ xfs_inactive( if (xfs_is_metadata_inode(ip)) return; + /* + * Re-attach dquots prior to freeing EOF blocks or CoW staging extents. + * We dropped the dquot prior to inactivation (because quotaoff can't + * resurrect inactive inodes to force-drop the dquot) so we /must/ + * do this before touching any block mappings. + */ + error = xfs_qm_dqattach(ip); + if (error) + return; + /* Try to clean out the cow blocks if there are any. */ if (xfs_inode_has_cow_data(ip)) xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF, true); @@ -1789,10 +1828,6 @@ xfs_inactive( ip->i_df.if_nextents > 0 || ip->i_delayed_blks > 0)) truncate = 1; - error = xfs_qm_dqattach(ip); - if (error) - return; - if (S_ISLNK(VFS_I(ip)->i_mode)) error = xfs_inactive_symlink(ip); else if (truncate) diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h index 3fe8c8afbc72..7aaff07d1210 100644 --- a/fs/xfs/xfs_inode.h +++ b/fs/xfs/xfs_inode.h @@ -222,6 +222,7 @@ static inline bool xfs_inode_has_bigtime(struct xfs_inode *ip) #define XFS_IRECLAIMABLE (1 << 2) /* inode can be reclaimed */ #define __XFS_INEW_BIT 3 /* inode has just been allocated */ #define XFS_INEW (1 << __XFS_INEW_BIT) +#define XFS_NEED_INACTIVE (1 << 4) /* see XFS_INACTIVATING below */ #define XFS_ITRUNCATED (1 << 5) /* truncated down so flush-on-close */ #define XFS_IDIRTY_RELEASE (1 << 6) /* dirty release already seen */ #define XFS_IFLUSHING (1 << 7) /* inode is being flushed */ @@ -236,6 +237,15 @@ static inline bool xfs_inode_has_bigtime(struct xfs_inode *ip) #define XFS_IRECOVERY (1 << 11) #define XFS_ICOWBLOCKS (1 << 12)/* has the cowblocks tag set */ +/* + * If we need to update on-disk metadata before this IRECLAIMABLE inode can be + * freed, then NEED_INACTIVE will be set. Once we start the updates, the + * INACTIVATING bit will be set to keep iget away from this inode. After the + * inactivation completes, both flags will be cleared and the inode is a + * plain old IRECLAIMABLE inode. + */ +#define XFS_INACTIVATING (1 << 13) + /* * Per-lifetime flags need to be reset when re-using a reclaimable inode during * inode lookup. This prevents unintended behaviour on the new inode from @@ -243,7 +253,8 @@ static inline bool xfs_inode_has_bigtime(struct xfs_inode *ip) */ #define XFS_IRECLAIM_RESET_FLAGS \ (XFS_IRECLAIMABLE | XFS_IRECLAIM | \ - XFS_IDIRTY_RELEASE | XFS_ITRUNCATED) + XFS_IDIRTY_RELEASE | XFS_ITRUNCATED | XFS_NEED_INACTIVE | \ + XFS_INACTIVATING) /* * Flags for inode locking. @@ -481,6 +492,7 @@ extern struct kmem_zone *xfs_inode_zone; #define XFS_DEFAULT_COWEXTSZ_HINT 32 bool xfs_inode_needs_inactivation(struct xfs_inode *ip); +void xfs_inode_inactivation_prep(struct xfs_inode *ip); int xfs_iunlink_init(struct xfs_perag *pag); void xfs_iunlink_destroy(struct xfs_perag *pag); diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c index 97f31308de03..b03b127e34cc 100644 --- a/fs/xfs/xfs_log_recover.c +++ b/fs/xfs/xfs_log_recover.c @@ -2792,6 +2792,13 @@ xlog_recover_process_iunlinks( } xfs_buf_rele(agibp); } + + /* + * Now that we've put all the iunlink inodes on the lru, let's make + * sure that we perform all the on-disk metadata updates to actually + * free those inodes. + */ + xfs_inodegc_force(mp); } STATIC void diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c index 1c97b155a8ee..cd015e3d72fc 100644 --- a/fs/xfs/xfs_mount.c +++ b/fs/xfs/xfs_mount.c @@ -640,6 +640,10 @@ xfs_check_summary_counts( * so we need to unpin them, write them back and/or reclaim them before unmount * can proceed. * + * Start the process by pushing all inodes through the inactivation process + * so that all file updates to on-disk metadata can be flushed with the log. + * After the AIL push, all inodes should be ready for reclamation. + * * An inode cluster that has been freed can have its buffer still pinned in * memory because the transaction is still sitting in a iclog. The stale inodes * on that buffer will be pinned to the buffer until the transaction hits the @@ -663,6 +667,7 @@ static void xfs_unmount_flush_inodes( struct xfs_mount *mp) { + xfs_inodegc_force(mp); xfs_log_force(mp, XFS_LOG_SYNC); xfs_extent_busy_wait_all(mp); flush_workqueue(xfs_discard_wq); @@ -670,6 +675,7 @@ xfs_unmount_flush_inodes( mp->m_flags |= XFS_MOUNT_UNMOUNTING; xfs_ail_push_all_sync(mp->m_ail); + xfs_inodegc_stop(mp); cancel_delayed_work_sync(&mp->m_reclaim_work); xfs_reclaim_inodes(mp); xfs_health_unmount(mp); @@ -1095,6 +1101,13 @@ xfs_unmountfs( uint64_t resblks; int error; + /* + * Perform all on-disk metadata updates required to inactivate inodes. + * Since this can involve finobt updates, do it now before we lose the + * per-AG space reservations. + */ + xfs_inodegc_force(mp); + xfs_blockgc_stop(mp); xfs_fs_unreserve_ag_blocks(mp); xfs_qm_unmount_quotas(mp); diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h index 81829d19596e..ce00ad47b8ea 100644 --- a/fs/xfs/xfs_mount.h +++ b/fs/xfs/xfs_mount.h @@ -177,6 +177,7 @@ typedef struct xfs_mount { uint64_t m_resblks_avail;/* available reserved blocks */ uint64_t m_resblks_save; /* reserved blks @ remount,ro */ struct delayed_work m_reclaim_work; /* background inode reclaim */ + struct delayed_work m_inodegc_work; /* background inode inactive */ struct xfs_kobj m_kobj; struct xfs_kobj m_error_kobj; struct xfs_kobj m_error_meta_kobj; @@ -349,7 +350,8 @@ typedef struct xfs_perag { spinlock_t pag_ici_lock; /* incore inode cache lock */ struct radix_tree_root pag_ici_root; /* incore inode cache root */ - int pag_ici_reclaimable; /* reclaimable inodes */ + unsigned int pag_ici_reclaimable; /* reclaimable inodes */ + unsigned int pag_ici_inactive; /* inactive inodes */ unsigned long pag_ici_reclaim_cursor; /* reclaim restart point */ /* buffer cache index */ diff --git a/fs/xfs/xfs_qm_syscalls.c b/fs/xfs/xfs_qm_syscalls.c index ca1b57d291dc..0f9a1450fe0e 100644 --- a/fs/xfs/xfs_qm_syscalls.c +++ b/fs/xfs/xfs_qm_syscalls.c @@ -104,6 +104,12 @@ xfs_qm_scall_quotaoff( uint inactivate_flags; struct xfs_qoff_logitem *qoffstart = NULL; + /* + * Clean up the inactive list before we turn quota off, to reduce the + * amount of quotaoff work we have to do with the mutex held. + */ + xfs_inodegc_force(mp); + /* * No file system can have quotas enabled on disk but not in core. * Note that quota utilities (like quotaoff) _expect_ @@ -697,6 +703,13 @@ xfs_qm_scall_getquota( struct xfs_dquot *dqp; int error; + /* + * Process all the queued file and speculative preallocation cleanup so + * that the counter values we report here do not incorporate any + * resources that were previously deleted. + */ + xfs_inodegc_force(mp); + /* * Try to get the dquot. We don't want it allocated on disk, so don't * set doalloc. If it doesn't exist, we'll get ENOENT back. @@ -735,6 +748,13 @@ xfs_qm_scall_getquota_next( struct xfs_dquot *dqp; int error; + /* + * Process all the queued file and speculative preallocation cleanup so + * that the counter values we report here do not incorporate any + * resources that were previously deleted. + */ + xfs_inodegc_force(mp); + error = xfs_qm_dqget_next(mp, *id, type, &dqp); if (error) return error; diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index e774358383d6..8d0142487fc7 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -637,28 +637,34 @@ xfs_fs_destroy_inode( struct inode *inode) { struct xfs_inode *ip = XFS_I(inode); + struct xfs_mount *mp = ip->i_mount; + bool need_inactive; trace_xfs_destroy_inode(ip); ASSERT(!rwsem_is_locked(&inode->i_rwsem)); - XFS_STATS_INC(ip->i_mount, vn_rele); - XFS_STATS_INC(ip->i_mount, vn_remove); + XFS_STATS_INC(mp, vn_rele); + XFS_STATS_INC(mp, vn_remove); - xfs_inactive(ip); - - if (!XFS_FORCED_SHUTDOWN(ip->i_mount) && ip->i_delayed_blks) { + need_inactive = xfs_inode_needs_inactivation(ip); + if (need_inactive) { + trace_xfs_inode_set_need_inactive(ip); + xfs_inode_inactivation_prep(ip); + } else if (!XFS_FORCED_SHUTDOWN(ip->i_mount) && ip->i_delayed_blks) { xfs_check_delalloc(ip, XFS_DATA_FORK); xfs_check_delalloc(ip, XFS_COW_FORK); ASSERT(0); } - - XFS_STATS_INC(ip->i_mount, vn_reclaim); + XFS_STATS_INC(mp, vn_reclaim); + trace_xfs_inode_set_reclaimable(ip); /* * We should never get here with one of the reclaim flags already set. */ ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_IRECLAIMABLE)); ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_IRECLAIM)); + ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_NEED_INACTIVE)); + ASSERT_ALWAYS(!xfs_iflags_test(ip, XFS_INACTIVATING)); /* * We always use background reclaim here because even if the inode is @@ -667,7 +673,10 @@ xfs_fs_destroy_inode( * reclaim path handles this more efficiently than we can here, so * simply let background reclaim tear down all inodes. */ - xfs_inode_set_reclaim_tag(ip); + if (need_inactive) + xfs_inode_set_inactive_tag(ip); + else + xfs_inode_set_reclaim_tag(ip); } static void @@ -797,6 +806,13 @@ xfs_fs_statfs( xfs_extlen_t lsize; int64_t ffree; + /* + * Process all the queued file and speculative preallocation cleanup so + * that the counter values we report here do not incorporate any + * resources that were previously deleted. + */ + xfs_inodegc_force(mp); + statp->f_type = XFS_SUPER_MAGIC; statp->f_namelen = MAXNAMELEN - 1; @@ -911,6 +927,18 @@ xfs_fs_unfreeze( return 0; } +/* + * Before we get to stage 1 of a freeze, force all the inactivation work so + * that there's less work to do if we crash during the freeze. + */ +STATIC int +xfs_fs_freeze_super( + struct super_block *sb) +{ + xfs_inodegc_force(XFS_M(sb)); + return freeze_super(sb); +} + /* * This function fills in xfs_mount_t fields based on mount args. * Note: the superblock _has_ now been read in. @@ -1089,6 +1117,7 @@ static const struct super_operations xfs_super_operations = { .show_options = xfs_fs_show_options, .nr_cached_objects = xfs_fs_nr_cached_objects, .free_cached_objects = xfs_fs_free_cached_objects, + .freeze_super = xfs_fs_freeze_super, }; static int @@ -1720,6 +1749,13 @@ xfs_remount_ro( return error; } + /* + * Perform all on-disk metadata updates required to inactivate inodes. + * Since this can involve finobt updates, do it now before we lose the + * per-AG space reservations. + */ + xfs_inodegc_force(mp); + /* Free the per-AG metadata reservation pool. */ error = xfs_fs_unreserve_ag_blocks(mp); if (error) { @@ -1843,6 +1879,7 @@ static int xfs_init_fs_context( mutex_init(&mp->m_growlock); INIT_WORK(&mp->m_flush_inodes_work, xfs_flush_inodes_worker); INIT_DELAYED_WORK(&mp->m_reclaim_work, xfs_reclaim_worker); + INIT_DELAYED_WORK(&mp->m_inodegc_work, xfs_inodegc_worker); mp->m_kobj.kobject.kset = xfs_kset; /* * We don't create the finobt per-ag space reservation until after log diff --git a/fs/xfs/xfs_trace.h b/fs/xfs/xfs_trace.h index e74bbb648f83..9193cfbb02ef 100644 --- a/fs/xfs/xfs_trace.h +++ b/fs/xfs/xfs_trace.h @@ -157,6 +157,8 @@ DEFINE_PERAG_REF_EVENT(xfs_perag_set_reclaim); DEFINE_PERAG_REF_EVENT(xfs_perag_clear_reclaim); DEFINE_PERAG_REF_EVENT(xfs_perag_set_blockgc); DEFINE_PERAG_REF_EVENT(xfs_perag_clear_blockgc); +DEFINE_PERAG_REF_EVENT(xfs_perag_set_inactive); +DEFINE_PERAG_REF_EVENT(xfs_perag_clear_inactive); DECLARE_EVENT_CLASS(xfs_ag_class, TP_PROTO(struct xfs_mount *mp, xfs_agnumber_t agno), @@ -617,14 +619,17 @@ DECLARE_EVENT_CLASS(xfs_inode_class, TP_STRUCT__entry( __field(dev_t, dev) __field(xfs_ino_t, ino) + __field(unsigned long, iflags) ), TP_fast_assign( __entry->dev = VFS_I(ip)->i_sb->s_dev; __entry->ino = ip->i_ino; + __entry->iflags = ip->i_flags; ), - TP_printk("dev %d:%d ino 0x%llx", + TP_printk("dev %d:%d ino 0x%llx iflags 0x%lx", MAJOR(__entry->dev), MINOR(__entry->dev), - __entry->ino) + __entry->ino, + __entry->iflags) ) #define DEFINE_INODE_EVENT(name) \ @@ -634,6 +639,8 @@ DEFINE_EVENT(xfs_inode_class, name, \ DEFINE_INODE_EVENT(xfs_iget_skip); DEFINE_INODE_EVENT(xfs_iget_reclaim); DEFINE_INODE_EVENT(xfs_iget_reclaim_fail); +DEFINE_INODE_EVENT(xfs_iget_inactive); +DEFINE_INODE_EVENT(xfs_iget_inactive_fail); DEFINE_INODE_EVENT(xfs_iget_hit); DEFINE_INODE_EVENT(xfs_iget_miss); @@ -668,6 +675,10 @@ DEFINE_INODE_EVENT(xfs_inode_free_eofblocks_invalid); DEFINE_INODE_EVENT(xfs_inode_set_cowblocks_tag); DEFINE_INODE_EVENT(xfs_inode_clear_cowblocks_tag); DEFINE_INODE_EVENT(xfs_inode_free_cowblocks_invalid); +DEFINE_INODE_EVENT(xfs_inode_set_reclaimable); +DEFINE_INODE_EVENT(xfs_inode_reclaiming); +DEFINE_INODE_EVENT(xfs_inode_set_need_inactive); +DEFINE_INODE_EVENT(xfs_inode_inactivating); /* * ftrace's __print_symbolic requires that all enum values be wrapped in the