mbox series

[0/3] btrfs: introduce 3 debug sysfs interface to tweak the error handling behavior

Message ID cover.1695535440.git.wqu@suse.com (mailing list archive)
Headers show
Series btrfs: introduce 3 debug sysfs interface to tweak the error handling behavior | expand

Message

Qu Wenruo Sept. 24, 2023, 6:14 a.m. UTC 
During a very interesting (and weird) debugging session, it turns out
that btrfs will ignore a lot of write errors until we hit some critical
location, then btrfs started reacting, normally by aborting the
transaction.

This can be problematic for developers

As sometimes we want to catch the earlies sign, continuing without any
obvious errors (other than kernel error messages) can make debugging
much harder.

On the other hand, I totally understand if just a single sector failed
to be write and we mark the whole fs read-only, it can be super
frustrating for regular end users, thus we can not make it the default
behavior.

So this patchset would introduce the following sysfs entries under
/sys/fs/btrfs/<uuid>/debug/:

- allow_backup_super_failure
  RW, binary (0 or 1), determines if btrfs would tolerace backup super
  blocks writeback failure.
  If set to 1 and a failure is hit, btrfs would treat backup super
  blocks writeback failure as critical (the same level as primary super
  blocks).

  The default value is 1, so the default behavior is not changed.

  NOTE: this doesn't mean such failure would immediately lead to
  trasaction abort. Check `super_failure_tolerance` for more details.

- allow_data_failure
  RW, binary (0 or 1), determines if btrfs would tolerace data sectors
  writeback failure.
  If set to 1 and a failure is hit, btrfs would flip read-only
  immediately.

  The default value is 1, so the default behavior is not changed.

- super_failure_tolerance
  RW, s8, determines the tolerance for devices super blocks writeback.

  Btrfs allows "nr_devices - 1" devices to fail their super blocks
  writeback. This means if we have 5 disks, btrfs allows 4 to fail their
  super block writeback.

  If the value >= 0, the value itself would be the tolerance.
  If the value < 0, nr_devices + the value would be the tolerance.
  If value + nr_devices is still minus, btrfs would allow all devices
  to fail their super blocks writeback (aka, very dangerous)

  The default value is -1, to match the existing behavior.

There would be another one for btrfs bio layer, but I have found
something weird in the code, thus it would only be introduced after I
solved the problem there, meanwhile we can discuss on the usefulness of
this patchset.

Qu Wenruo (3):
  btrfs: introduce allow_backup_super_failure sysfs interface
  btrfs: introduce super_failure_tolerance sysfs interface
  btrfs: introduce allow_data_failure sysfs interface

 fs/btrfs/disk-io.c   | 35 +++++++++++++---
 fs/btrfs/extent_io.c |  8 +++-
 fs/btrfs/fs.h        | 23 ++++++++++
 fs/btrfs/inode.c     |  9 +++-
 fs/btrfs/sysfs.c     | 99 ++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 167 insertions(+), 7 deletions(-)