linux/fs/xfs/xfs_drain.c

// SPDX-License-Identifier: GPL-2.0-or-later
/*
 * Copyright (C) 2022-2023 Oracle.  All Rights Reserved.
 * Author: Darrick J. Wong <djwong@kernel.org>
 */
#include "xfs.h"
#include "xfs_fs.h"
#include "xfs_shared.h"
#include "xfs_format.h"
#include "xfs_trans_resv.h"
#include "xfs_mount.h"
#include "xfs_ag.h"
#include "xfs_trace.h"

/*
 * Use a static key here to reduce the overhead of xfs_drain_rele.  If the
 * compiler supports jump labels, the static branch will be replaced by a nop
 * sled when there are no xfs_drain_wait callers.  Online fsck is currently
 * the only caller, so this is a reasonable tradeoff.
 *
 * Note: Patching the kernel code requires taking the cpu hotplug lock.  Other
 * parts of the kernel allocate memory with that lock held, which means that
 * XFS callers cannot hold any locks that might be used by memory reclaim or
 * writeback when calling the static_branch_{inc,dec} functions.
 */
static DEFINE_STATIC_KEY_FALSE(xfs_drain_waiter_gate);

void
xfs_drain_wait_disable(void)
{
	static_branch_dec(&xfs_drain_waiter_gate);
}

void
xfs_drain_wait_enable(void)
{
	static_branch_inc(&xfs_drain_waiter_gate);
}

void
xfs_defer_drain_init(
	struct xfs_defer_drain	*dr)
{
	atomic_set(&dr->dr_count, 0);
	init_waitqueue_head(&dr->dr_waiters);
}

void
xfs_defer_drain_free(struct xfs_defer_drain	*dr)
{
	ASSERT(atomic_read(&dr->dr_count) == 0);
}

/* Increase the pending intent count. */
static inline void xfs_defer_drain_grab(struct xfs_defer_drain *dr)
{
	atomic_inc(&dr->dr_count);
}

static inline bool has_waiters(struct wait_queue_head *wq_head)
{
	/*
	 * This memory barrier is paired with the one in set_current_state on
	 * the waiting side.
	 */
	smp_mb__after_atomic();
	return waitqueue_active(wq_head);
}

/* Decrease the pending intent count, and wake any waiters, if appropriate. */
static inline void xfs_defer_drain_rele(struct xfs_defer_drain *dr)
{
	if (atomic_dec_and_test(&dr->dr_count) &&
	    static_branch_unlikely(&xfs_drain_waiter_gate) &&
	    has_waiters(&dr->dr_waiters))
		wake_up(&dr->dr_waiters);
}

/* Are there intents pending? */
static inline bool xfs_defer_drain_busy(struct xfs_defer_drain *dr)
{
	return atomic_read(&dr->dr_count) > 0;
}

/*
 * Wait for the pending intent count for a drain to hit zero.
 *
 * Callers must not hold any locks that would prevent intents from being
 * finished.
 */
static inline int xfs_defer_drain_wait(struct xfs_defer_drain *dr)
{
	return wait_event_killable(dr->dr_waiters, !xfs_defer_drain_busy(dr));
}

/*
 * Get a passive reference to an AG and declare an intent to update its
 * metadata.
 */
struct xfs_perag *
xfs_perag_intent_get(
	struct xfs_mount	*mp,
	xfs_agnumber_t		agno)
{
	struct xfs_perag	*pag;

	pag = xfs_perag_get(mp, agno);
	if (!pag)
		return NULL;

	xfs_perag_intent_hold(pag);
	return pag;
}

/*
 * Release our intent to update this AG's metadata, and then release our
 * passive ref to the AG.
 */
void
xfs_perag_intent_put(
	struct xfs_perag	*pag)
{
	xfs_perag_intent_rele(pag);
	xfs_perag_put(pag);
}

/*
 * Declare an intent to update AG metadata.  Other threads that need exclusive
 * access can decide to back off if they see declared intentions.
 */
void
xfs_perag_intent_hold(
	struct xfs_perag	*pag)
{
	trace_xfs_perag_intent_hold(pag, __return_address);
	xfs_defer_drain_grab(&pag->pag_intents_drain);
}

/* Release our intent to update this AG's metadata. */
void
xfs_perag_intent_rele(
	struct xfs_perag	*pag)
{
	trace_xfs_perag_intent_rele(pag, __return_address);
	xfs_defer_drain_rele(&pag->pag_intents_drain);
}

/*
 * Wait for the intent update count for this AG to hit zero.
 * Callers must not hold any AG header buffers.
 */
int
xfs_perag_intent_drain(
	struct xfs_perag	*pag)
{
	trace_xfs_perag_wait_intents(pag, __return_address);
	return xfs_defer_drain_wait(&pag->pag_intents_drain);
}

/* Has anyone declared an intent to update this AG? */
bool
xfs_perag_intent_busy(
	struct xfs_perag	*pag)
{
	return xfs_defer_drain_busy(&pag->pag_intents_drain);
}
xfs: allow queued AG intents to drain before scrubbing When a writer thread executes a chain of log intent items, the AG header buffer locks will cycle during a transaction roll to get from one intent item to the next in a chain. Although scrub takes all AG header buffer locks, this isn't sufficient to guard against scrub checking an AG while that writer thread is in the middle of finishing a chain because there's no higher level locking primitive guarding allocation groups. When there's a collision, cross-referencing between data structures (e.g. rmapbt and refcountbt) yields false corruption events; if repair is running, this results in incorrect repairs, which is catastrophic. Fix this by adding to the perag structure the count of active intents and make scrub wait until it has both AG header buffer locks and the intent counter reaches zero. One quirk of the drain code is that deferred bmap updates also bump and drop the intent counter. A fundamental decision made during the design phase of the reverse mapping feature is that updates to the rmapbt records are always made by the same code that updates the primary metadata. In other words, callers of bmapi functions expect that the bmapi functions will queue deferred rmap updates. Some parts of the reflink code queue deferred refcount (CUI) and bmap (BUI) updates in the same head transaction, but the deferred work manager completely finishes the CUI before the BUI work is started. As a result, the CUI drops the intent count long before the deferred rmap (RUI) update even has a chance to bump the intent count. The only way to keep the intent count elevated between the CUI and RUI is for the BUI to bump the counter until the RUI has been created. A second quirk of the intent drain code is that deferred work items must increment the intent counter as soon as the work item is added to the transaction. When a BUI completes and queues an RUI, the RUI must increment the counter before the BUI decrements it. The only way to accomplish this is to require that the counter be bumped as soon as the deferred work item is created in memory. In the next patches we'll improve on this facility, but this patch provides the basic functionality. Signed-off-by: Darrick J. Wong <djwong@kernel.org> Reviewed-by: Dave Chinner <dchinner@redhat.com> 2023-04-12 01:59:58 +00:00			`// SPDX-License-Identifier: GPL-2.0-or-later`
			`/*`
			`* Copyright (C) 2022-2023 Oracle. All Rights Reserved.`
			`* Author: Darrick J. Wong <djwong@kernel.org>`
			`*/`
			`#include "xfs.h"`
			`#include "xfs_fs.h"`
			`#include "xfs_shared.h"`
			`#include "xfs_format.h"`
			`#include "xfs_trans_resv.h"`
			`#include "xfs_mount.h"`
			`#include "xfs_ag.h"`
			`#include "xfs_trace.h"`

xfs: minimize overhead of drain wakeups by using jump labels To reduce the runtime overhead even further when online fsck isn't running, use a static branch key to decide if we call wake_up on the drain. For compilers that support jump labels, the call to wake_up is replaced by a nop sled when nobody is waiting for intents to drain. From my initial microbenchmarking, every transition of the static key between the on and off states takes about 22000ns to complete; this is paid entirely by the xfs_scrub process. When the static key is off (which it should be when fsck isn't running), the nop sled adds an overhead of approximately 0.36ns to runtime code. The post-atomic lockless waiter check adds about 0.03ns, which is basically free. For the few compilers that don't support jump labels, runtime code pays the cost of calling wake_up on an empty waitqueue, which was observed to be about 30ns. However, most architectures that have sufficient memory and CPU capacity to run XFS also support jump labels, so this is not much of a worry. Signed-off-by: Darrick J. Wong <djwong@kernel.org> Reviewed-by: Dave Chinner <dchinner@redhat.com> 2023-04-12 01:59:59 +00:00			`/*`
			`* Use a static key here to reduce the overhead of xfs_drain_rele. If the`
			`* compiler supports jump labels, the static branch will be replaced by a nop`
			`* sled when there are no xfs_drain_wait callers. Online fsck is currently`
			`* the only caller, so this is a reasonable tradeoff.`
			`*`
			`* Note: Patching the kernel code requires taking the cpu hotplug lock. Other`
			`* parts of the kernel allocate memory with that lock held, which means that`
			`* XFS callers cannot hold any locks that might be used by memory reclaim or`
			`* writeback when calling the static_branch_{inc,dec} functions.`
			`*/`
			`static DEFINE_STATIC_KEY_FALSE(xfs_drain_waiter_gate);`

			`void`
			`xfs_drain_wait_disable(void)`
			`{`
			`static_branch_dec(&xfs_drain_waiter_gate);`
			`}`

			`void`
			`xfs_drain_wait_enable(void)`
			`{`
			`static_branch_inc(&xfs_drain_waiter_gate);`
			`}`

xfs: allow queued AG intents to drain before scrubbing When a writer thread executes a chain of log intent items, the AG header buffer locks will cycle during a transaction roll to get from one intent item to the next in a chain. Although scrub takes all AG header buffer locks, this isn't sufficient to guard against scrub checking an AG while that writer thread is in the middle of finishing a chain because there's no higher level locking primitive guarding allocation groups. When there's a collision, cross-referencing between data structures (e.g. rmapbt and refcountbt) yields false corruption events; if repair is running, this results in incorrect repairs, which is catastrophic. Fix this by adding to the perag structure the count of active intents and make scrub wait until it has both AG header buffer locks and the intent counter reaches zero. One quirk of the drain code is that deferred bmap updates also bump and drop the intent counter. A fundamental decision made during the design phase of the reverse mapping feature is that updates to the rmapbt records are always made by the same code that updates the primary metadata. In other words, callers of bmapi functions expect that the bmapi functions will queue deferred rmap updates. Some parts of the reflink code queue deferred refcount (CUI) and bmap (BUI) updates in the same head transaction, but the deferred work manager completely finishes the CUI before the BUI work is started. As a result, the CUI drops the intent count long before the deferred rmap (RUI) update even has a chance to bump the intent count. The only way to keep the intent count elevated between the CUI and RUI is for the BUI to bump the counter until the RUI has been created. A second quirk of the intent drain code is that deferred work items must increment the intent counter as soon as the work item is added to the transaction. When a BUI completes and queues an RUI, the RUI must increment the counter before the BUI decrements it. The only way to accomplish this is to require that the counter be bumped as soon as the deferred work item is created in memory. In the next patches we'll improve on this facility, but this patch provides the basic functionality. Signed-off-by: Darrick J. Wong <djwong@kernel.org> Reviewed-by: Dave Chinner <dchinner@redhat.com> 2023-04-12 01:59:58 +00:00			`void`
			`xfs_defer_drain_init(`
			`struct xfs_defer_drain *dr)`
			`{`
			`atomic_set(&dr->dr_count, 0);`
			`init_waitqueue_head(&dr->dr_waiters);`
			`}`

			`void`
			`xfs_defer_drain_free(struct xfs_defer_drain *dr)`
			`{`
			`ASSERT(atomic_read(&dr->dr_count) == 0);`
			`}`

			`/* Increase the pending intent count. */`
			`static inline void xfs_defer_drain_grab(struct xfs_defer_drain *dr)`
			`{`
			`atomic_inc(&dr->dr_count);`
			`}`

			`static inline bool has_waiters(struct wait_queue_head *wq_head)`
			`{`
			`/*`
			`* This memory barrier is paired with the one in set_current_state on`
			`* the waiting side.`
			`*/`
			`smp_mb__after_atomic();`
			`return waitqueue_active(wq_head);`
			`}`

			`/* Decrease the pending intent count, and wake any waiters, if appropriate. */`
			`static inline void xfs_defer_drain_rele(struct xfs_defer_drain *dr)`
			`{`
			`if (atomic_dec_and_test(&dr->dr_count) &&`
xfs: minimize overhead of drain wakeups by using jump labels To reduce the runtime overhead even further when online fsck isn't running, use a static branch key to decide if we call wake_up on the drain. For compilers that support jump labels, the call to wake_up is replaced by a nop sled when nobody is waiting for intents to drain. From my initial microbenchmarking, every transition of the static key between the on and off states takes about 22000ns to complete; this is paid entirely by the xfs_scrub process. When the static key is off (which it should be when fsck isn't running), the nop sled adds an overhead of approximately 0.36ns to runtime code. The post-atomic lockless waiter check adds about 0.03ns, which is basically free. For the few compilers that don't support jump labels, runtime code pays the cost of calling wake_up on an empty waitqueue, which was observed to be about 30ns. However, most architectures that have sufficient memory and CPU capacity to run XFS also support jump labels, so this is not much of a worry. Signed-off-by: Darrick J. Wong <djwong@kernel.org> Reviewed-by: Dave Chinner <dchinner@redhat.com> 2023-04-12 01:59:59 +00:00			`static_branch_unlikely(&xfs_drain_waiter_gate) &&`
xfs: allow queued AG intents to drain before scrubbing When a writer thread executes a chain of log intent items, the AG header buffer locks will cycle during a transaction roll to get from one intent item to the next in a chain. Although scrub takes all AG header buffer locks, this isn't sufficient to guard against scrub checking an AG while that writer thread is in the middle of finishing a chain because there's no higher level locking primitive guarding allocation groups. When there's a collision, cross-referencing between data structures (e.g. rmapbt and refcountbt) yields false corruption events; if repair is running, this results in incorrect repairs, which is catastrophic. Fix this by adding to the perag structure the count of active intents and make scrub wait until it has both AG header buffer locks and the intent counter reaches zero. One quirk of the drain code is that deferred bmap updates also bump and drop the intent counter. A fundamental decision made during the design phase of the reverse mapping feature is that updates to the rmapbt records are always made by the same code that updates the primary metadata. In other words, callers of bmapi functions expect that the bmapi functions will queue deferred rmap updates. Some parts of the reflink code queue deferred refcount (CUI) and bmap (BUI) updates in the same head transaction, but the deferred work manager completely finishes the CUI before the BUI work is started. As a result, the CUI drops the intent count long before the deferred rmap (RUI) update even has a chance to bump the intent count. The only way to keep the intent count elevated between the CUI and RUI is for the BUI to bump the counter until the RUI has been created. A second quirk of the intent drain code is that deferred work items must increment the intent counter as soon as the work item is added to the transaction. When a BUI completes and queues an RUI, the RUI must increment the counter before the BUI decrements it. The only way to accomplish this is to require that the counter be bumped as soon as the deferred work item is created in memory. In the next patches we'll improve on this facility, but this patch provides the basic functionality. Signed-off-by: Darrick J. Wong <djwong@kernel.org> Reviewed-by: Dave Chinner <dchinner@redhat.com> 2023-04-12 01:59:58 +00:00			`has_waiters(&dr->dr_waiters))`
			`wake_up(&dr->dr_waiters);`
			`}`

			`/* Are there intents pending? */`
			`static inline bool xfs_defer_drain_busy(struct xfs_defer_drain *dr)`
			`{`
			`return atomic_read(&dr->dr_count) > 0;`
			`}`

			`/*`
			`* Wait for the pending intent count for a drain to hit zero.`
			`*`
			`* Callers must not hold any locks that would prevent intents from being`
			`* finished.`
			`*/`
			`static inline int xfs_defer_drain_wait(struct xfs_defer_drain *dr)`
			`{`
			`return wait_event_killable(dr->dr_waiters, !xfs_defer_drain_busy(dr));`
			`}`

			`/*`
			`* Get a passive reference to an AG and declare an intent to update its`
			`* metadata.`
			`*/`
			`struct xfs_perag *`
			`xfs_perag_intent_get(`
			`struct xfs_mount *mp,`
			`xfs_agnumber_t agno)`
			`{`
			`struct xfs_perag *pag;`

			`pag = xfs_perag_get(mp, agno);`
			`if (!pag)`
			`return NULL;`

			`xfs_perag_intent_hold(pag);`
			`return pag;`
			`}`

			`/*`
			`* Release our intent to update this AG's metadata, and then release our`
			`* passive ref to the AG.`
			`*/`
			`void`
			`xfs_perag_intent_put(`
			`struct xfs_perag *pag)`
			`{`
			`xfs_perag_intent_rele(pag);`
			`xfs_perag_put(pag);`
			`}`

			`/*`
			`* Declare an intent to update AG metadata. Other threads that need exclusive`
			`* access can decide to back off if they see declared intentions.`
			`*/`
			`void`
			`xfs_perag_intent_hold(`
			`struct xfs_perag *pag)`
			`{`
			`trace_xfs_perag_intent_hold(pag, __return_address);`
			`xfs_defer_drain_grab(&pag->pag_intents_drain);`
			`}`

			`/* Release our intent to update this AG's metadata. */`
			`void`
			`xfs_perag_intent_rele(`
			`struct xfs_perag *pag)`
			`{`
			`trace_xfs_perag_intent_rele(pag, __return_address);`
			`xfs_defer_drain_rele(&pag->pag_intents_drain);`
			`}`

			`/*`
			`* Wait for the intent update count for this AG to hit zero.`
			`* Callers must not hold any AG header buffers.`
			`*/`
			`int`
			`xfs_perag_intent_drain(`
			`struct xfs_perag *pag)`
			`{`
			`trace_xfs_perag_wait_intents(pag, __return_address);`
			`return xfs_defer_drain_wait(&pag->pag_intents_drain);`
			`}`

			`/* Has anyone declared an intent to update this AG? */`
			`bool`
			`xfs_perag_intent_busy(`
			`struct xfs_perag *pag)`
			`{`
			`return xfs_defer_drain_busy(&pag->pag_intents_drain);`
			`}`