2021-01-26 08:33:47 +00:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
|
|
|
|
#ifndef BTRFS_SUBPAGE_H
|
|
|
|
#define BTRFS_SUBPAGE_H
|
|
|
|
|
|
|
|
#include <linux/spinlock.h>
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Maximum page size we support is 64K, minimum sector size is 4K, u16 bitmap
|
|
|
|
* is sufficient. Regular bitmap_* is not used due to size reasons.
|
|
|
|
*/
|
|
|
|
#define BTRFS_SUBPAGE_BITMAP_SIZE 16
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Structure to trace status of each sector inside a page, attached to
|
|
|
|
* page::private for both data and metadata inodes.
|
|
|
|
*/
|
|
|
|
struct btrfs_subpage {
|
|
|
|
/* Common members for both data and metadata pages */
|
|
|
|
spinlock_t lock;
|
2021-01-26 08:33:52 +00:00
|
|
|
u16 uptodate_bitmap;
|
2021-01-26 08:33:53 +00:00
|
|
|
u16 error_bitmap;
|
2021-03-25 07:14:37 +00:00
|
|
|
u16 dirty_bitmap;
|
2021-03-25 07:14:38 +00:00
|
|
|
u16 writeback_bitmap;
|
btrfs: subpage: fix a rare race between metadata endio and eb freeing
[BUG]
There is a very rare ASSERT() triggering during full fstests run for
subpage rw support.
No other reproducer so far.
The ASSERT() gets triggered for metadata read in
btrfs_page_set_uptodate() inside end_page_read().
[CAUSE]
There is still a small race window for metadata only, the race could
happen like this:
T1 | T2
------------------------------------+-----------------------------
end_bio_extent_readpage() |
|- btrfs_validate_metadata_buffer() |
| |- free_extent_buffer() |
| Still have 2 refs |
|- end_page_read() |
|- if (unlikely(PagePrivate()) |
| The page still has Private |
| | free_extent_buffer()
| | | Only one ref 1, will be
| | | released
| | |- detach_extent_buffer_page()
| | |- btrfs_detach_subpage()
|- btrfs_set_page_uptodate() |
The page no longer has Private|
>>> ASSERT() triggered <<< |
This race window is super small, thus pretty hard to hit, even with so
many runs of fstests.
But the race window is still there, we have to go another way to solve
it other than relying on random PagePrivate() check.
Data path is not affected, as it will lock the page before reading,
while unlocking the page after the last read has finished, thus no race
window.
[FIX]
This patch will fix the bug by repurposing btrfs_subpage::readers.
Now btrfs_subpage::readers will be a member shared by both metadata and
data.
For metadata path, we don't do the page unlock as metadata only relies
on extent locking.
At the same time, teach page_range_has_eb() to take
btrfs_subpage::readers into consideration.
So that even if the last eb of a page gets freed, page::private won't be
detached as long as there still are pending end_page_read() calls.
By this we eliminate the race window, this will slight increase the
metadata memory usage, as the page may not be released as frequently as
usual. But it should not be a big deal.
The code got introduced in ("btrfs: submit read time repair only for
each corrupted sector"), but the fix is in a separate patch to keep the
problem description and the crash is rare so it should not hurt
bisectability.
Signed-off-by: Qu Wegruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-06-07 09:02:58 +00:00
|
|
|
/*
|
|
|
|
* Both data and metadata needs to track how many readers are for the
|
|
|
|
* page.
|
|
|
|
* Data relies on @readers to unlock the page when last reader finished.
|
|
|
|
* While metadata doesn't need page unlock, it needs to prevent
|
|
|
|
* page::private get cleared before the last end_page_read().
|
|
|
|
*/
|
|
|
|
atomic_t readers;
|
2021-01-26 08:33:48 +00:00
|
|
|
union {
|
btrfs: support subpage for extent buffer page release
In btrfs_release_extent_buffer_pages(), we need to add extra handling
for subpage.
Introduce a helper, detach_extent_buffer_page(), to do different
handling for regular and subpage cases.
For subpage case, handle detaching page private.
For unmapped (dummy or cloned) ebs, we can detach the page private
immediately as the page can only be attached to one unmapped eb.
For mapped ebs, we have to ensure there are no eb in the page range
before we delete it, as page->private is shared between all ebs in the
same page.
But there is a subpage specific race, where we can race with extent
buffer allocation, and clear the page private while new eb is still
being utilized, like this:
Extent buffer A is the new extent buffer which will be allocated,
while extent buffer B is the last existing extent buffer of the page.
T1 (eb A) | T2 (eb B)
-------------------------------+------------------------------
alloc_extent_buffer() | btrfs_release_extent_buffer_pages()
|- p = find_or_create_page() | |
|- attach_extent_buffer_page() | |
| | |- detach_extent_buffer_page()
| | |- if (!page_range_has_eb())
| | | No new eb in the page range yet
| | | As new eb A hasn't yet been
| | | inserted into radix tree.
| | |- btrfs_detach_subpage()
| | |- detach_page_private();
|- radix_tree_insert() |
Then we have a metadata eb whose page has no private bit.
To avoid such race, we introduce a subpage metadata-specific member,
btrfs_subpage::eb_refs.
In alloc_extent_buffer() we increase eb_refs in the critical section of
private_lock. Then page_range_has_eb() will return true for
detach_extent_buffer_page(), and will not detach page private.
The section is marked by:
- btrfs_page_inc_eb_refs()
- btrfs_page_dec_eb_refs()
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-01-26 08:33:50 +00:00
|
|
|
/*
|
|
|
|
* Structures only used by metadata
|
|
|
|
*
|
|
|
|
* @eb_refs should only be operated under private_lock, as it
|
|
|
|
* manages whether the subpage can be detached.
|
|
|
|
*/
|
|
|
|
atomic_t eb_refs;
|
2021-01-26 08:33:48 +00:00
|
|
|
/* Structures only used by data */
|
btrfs: integrate page status update for data read path into begin/end_page_read
In btrfs data page read path, the page status update are handled in two
different locations:
btrfs_do_read_page()
{
while (cur <= end) {
/* No need to read from disk */
if (HOLE/PREALLOC/INLINE){
memset();
set_extent_uptodate();
continue;
}
/* Read from disk */
ret = submit_extent_page(end_bio_extent_readpage);
}
end_bio_extent_readpage()
{
endio_readpage_uptodate_page_status();
}
This is fine for sectorsize == PAGE_SIZE case, as for above loop we
should only hit one branch and then exit.
But for subpage, there is more work to be done in page status update:
- Page Unlock condition
Unlike regular page size == sectorsize case, we can no longer just
unlock a page.
Only the last reader of the page can unlock the page.
This means, we can unlock the page either in the while() loop, or in
the endio function.
- Page uptodate condition
Since we have multiple sectors to read for a page, we can only mark
the full page uptodate if all sectors are uptodate.
To handle both subpage and regular cases, introduce a pair of functions
to help handling page status update:
- begin_page_read()
For regular case, it does nothing.
For subpage case, it updates the reader counters so that later
end_page_read() can know who is the last one to unlock the page.
- end_page_read()
This is just endio_readpage_uptodate_page_status() renamed.
The original name is a little too long and too specific for endio.
The new thing added is the condition for page unlock.
Now for subpage data, we unlock the page if we're the last reader.
This does not only provide the basis for subpage data read, but also
hide the special handling of page read from the main read loop.
Also, since we're changing how the page lock is handled, there are two
existing error paths where we need to manually unlock the page before
calling begin_page_read().
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-02-02 02:28:36 +00:00
|
|
|
struct {
|
2021-05-31 08:50:44 +00:00
|
|
|
atomic_t writers;
|
2021-05-31 08:50:45 +00:00
|
|
|
|
|
|
|
/* Tracke pending ordered extent in this sector */
|
|
|
|
u16 ordered_bitmap;
|
btrfs: integrate page status update for data read path into begin/end_page_read
In btrfs data page read path, the page status update are handled in two
different locations:
btrfs_do_read_page()
{
while (cur <= end) {
/* No need to read from disk */
if (HOLE/PREALLOC/INLINE){
memset();
set_extent_uptodate();
continue;
}
/* Read from disk */
ret = submit_extent_page(end_bio_extent_readpage);
}
end_bio_extent_readpage()
{
endio_readpage_uptodate_page_status();
}
This is fine for sectorsize == PAGE_SIZE case, as for above loop we
should only hit one branch and then exit.
But for subpage, there is more work to be done in page status update:
- Page Unlock condition
Unlike regular page size == sectorsize case, we can no longer just
unlock a page.
Only the last reader of the page can unlock the page.
This means, we can unlock the page either in the while() loop, or in
the endio function.
- Page uptodate condition
Since we have multiple sectors to read for a page, we can only mark
the full page uptodate if all sectors are uptodate.
To handle both subpage and regular cases, introduce a pair of functions
to help handling page status update:
- begin_page_read()
For regular case, it does nothing.
For subpage case, it updates the reader counters so that later
end_page_read() can know who is the last one to unlock the page.
- end_page_read()
This is just endio_readpage_uptodate_page_status() renamed.
The original name is a little too long and too specific for endio.
The new thing added is the condition for page unlock.
Now for subpage data, we unlock the page if we're the last reader.
This does not only provide the basis for subpage data read, but also
hide the special handling of page read from the main read loop.
Also, since we're changing how the page lock is handled, there are two
existing error paths where we need to manually unlock the page before
calling begin_page_read().
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-02-02 02:28:36 +00:00
|
|
|
};
|
2021-01-26 08:33:48 +00:00
|
|
|
};
|
2021-01-26 08:33:47 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
enum btrfs_subpage_type {
|
|
|
|
BTRFS_SUBPAGE_METADATA,
|
|
|
|
BTRFS_SUBPAGE_DATA,
|
|
|
|
};
|
|
|
|
|
|
|
|
int btrfs_attach_subpage(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct page *page, enum btrfs_subpage_type type);
|
|
|
|
void btrfs_detach_subpage(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct page *page);
|
|
|
|
|
2021-01-26 08:33:48 +00:00
|
|
|
/* Allocate additional data where page represents more than one sector */
|
|
|
|
int btrfs_alloc_subpage(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct btrfs_subpage **ret,
|
|
|
|
enum btrfs_subpage_type type);
|
|
|
|
void btrfs_free_subpage(struct btrfs_subpage *subpage);
|
|
|
|
|
btrfs: support subpage for extent buffer page release
In btrfs_release_extent_buffer_pages(), we need to add extra handling
for subpage.
Introduce a helper, detach_extent_buffer_page(), to do different
handling for regular and subpage cases.
For subpage case, handle detaching page private.
For unmapped (dummy or cloned) ebs, we can detach the page private
immediately as the page can only be attached to one unmapped eb.
For mapped ebs, we have to ensure there are no eb in the page range
before we delete it, as page->private is shared between all ebs in the
same page.
But there is a subpage specific race, where we can race with extent
buffer allocation, and clear the page private while new eb is still
being utilized, like this:
Extent buffer A is the new extent buffer which will be allocated,
while extent buffer B is the last existing extent buffer of the page.
T1 (eb A) | T2 (eb B)
-------------------------------+------------------------------
alloc_extent_buffer() | btrfs_release_extent_buffer_pages()
|- p = find_or_create_page() | |
|- attach_extent_buffer_page() | |
| | |- detach_extent_buffer_page()
| | |- if (!page_range_has_eb())
| | | No new eb in the page range yet
| | | As new eb A hasn't yet been
| | | inserted into radix tree.
| | |- btrfs_detach_subpage()
| | |- detach_page_private();
|- radix_tree_insert() |
Then we have a metadata eb whose page has no private bit.
To avoid such race, we introduce a subpage metadata-specific member,
btrfs_subpage::eb_refs.
In alloc_extent_buffer() we increase eb_refs in the critical section of
private_lock. Then page_range_has_eb() will return true for
detach_extent_buffer_page(), and will not detach page private.
The section is marked by:
- btrfs_page_inc_eb_refs()
- btrfs_page_dec_eb_refs()
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-01-26 08:33:50 +00:00
|
|
|
void btrfs_page_inc_eb_refs(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct page *page);
|
|
|
|
void btrfs_page_dec_eb_refs(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct page *page);
|
|
|
|
|
btrfs: integrate page status update for data read path into begin/end_page_read
In btrfs data page read path, the page status update are handled in two
different locations:
btrfs_do_read_page()
{
while (cur <= end) {
/* No need to read from disk */
if (HOLE/PREALLOC/INLINE){
memset();
set_extent_uptodate();
continue;
}
/* Read from disk */
ret = submit_extent_page(end_bio_extent_readpage);
}
end_bio_extent_readpage()
{
endio_readpage_uptodate_page_status();
}
This is fine for sectorsize == PAGE_SIZE case, as for above loop we
should only hit one branch and then exit.
But for subpage, there is more work to be done in page status update:
- Page Unlock condition
Unlike regular page size == sectorsize case, we can no longer just
unlock a page.
Only the last reader of the page can unlock the page.
This means, we can unlock the page either in the while() loop, or in
the endio function.
- Page uptodate condition
Since we have multiple sectors to read for a page, we can only mark
the full page uptodate if all sectors are uptodate.
To handle both subpage and regular cases, introduce a pair of functions
to help handling page status update:
- begin_page_read()
For regular case, it does nothing.
For subpage case, it updates the reader counters so that later
end_page_read() can know who is the last one to unlock the page.
- end_page_read()
This is just endio_readpage_uptodate_page_status() renamed.
The original name is a little too long and too specific for endio.
The new thing added is the condition for page unlock.
Now for subpage data, we unlock the page if we're the last reader.
This does not only provide the basis for subpage data read, but also
hide the special handling of page read from the main read loop.
Also, since we're changing how the page lock is handled, there are two
existing error paths where we need to manually unlock the page before
calling begin_page_read().
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-02-02 02:28:36 +00:00
|
|
|
void btrfs_subpage_start_reader(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct page *page, u64 start, u32 len);
|
|
|
|
void btrfs_subpage_end_reader(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct page *page, u64 start, u32 len);
|
|
|
|
|
2021-05-31 08:50:44 +00:00
|
|
|
void btrfs_subpage_start_writer(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct page *page, u64 start, u32 len);
|
|
|
|
bool btrfs_subpage_end_and_test_writer(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct page *page, u64 start, u32 len);
|
|
|
|
int btrfs_page_start_writer_lock(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct page *page, u64 start, u32 len);
|
|
|
|
void btrfs_page_end_writer_lock(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct page *page, u64 start, u32 len);
|
|
|
|
|
2021-01-26 08:33:52 +00:00
|
|
|
/*
|
|
|
|
* Template for subpage related operations.
|
|
|
|
*
|
|
|
|
* btrfs_subpage_*() are for call sites where the page has subpage attached and
|
|
|
|
* the range is ensured to be inside the page.
|
|
|
|
*
|
|
|
|
* btrfs_page_*() are for call sites where the page can either be subpage
|
|
|
|
* specific or regular page. The function will handle both cases.
|
|
|
|
* But the range still needs to be inside the page.
|
2021-05-31 08:50:39 +00:00
|
|
|
*
|
|
|
|
* btrfs_page_clamp_*() are similar to btrfs_page_*(), except the range doesn't
|
|
|
|
* need to be inside the page. Those functions will truncate the range
|
|
|
|
* automatically.
|
2021-01-26 08:33:52 +00:00
|
|
|
*/
|
|
|
|
#define DECLARE_BTRFS_SUBPAGE_OPS(name) \
|
|
|
|
void btrfs_subpage_set_##name(const struct btrfs_fs_info *fs_info, \
|
|
|
|
struct page *page, u64 start, u32 len); \
|
|
|
|
void btrfs_subpage_clear_##name(const struct btrfs_fs_info *fs_info, \
|
|
|
|
struct page *page, u64 start, u32 len); \
|
|
|
|
bool btrfs_subpage_test_##name(const struct btrfs_fs_info *fs_info, \
|
|
|
|
struct page *page, u64 start, u32 len); \
|
|
|
|
void btrfs_page_set_##name(const struct btrfs_fs_info *fs_info, \
|
|
|
|
struct page *page, u64 start, u32 len); \
|
|
|
|
void btrfs_page_clear_##name(const struct btrfs_fs_info *fs_info, \
|
|
|
|
struct page *page, u64 start, u32 len); \
|
|
|
|
bool btrfs_page_test_##name(const struct btrfs_fs_info *fs_info, \
|
2021-05-31 08:50:39 +00:00
|
|
|
struct page *page, u64 start, u32 len); \
|
|
|
|
void btrfs_page_clamp_set_##name(const struct btrfs_fs_info *fs_info, \
|
|
|
|
struct page *page, u64 start, u32 len); \
|
|
|
|
void btrfs_page_clamp_clear_##name(const struct btrfs_fs_info *fs_info, \
|
|
|
|
struct page *page, u64 start, u32 len); \
|
|
|
|
bool btrfs_page_clamp_test_##name(const struct btrfs_fs_info *fs_info, \
|
2021-01-26 08:33:52 +00:00
|
|
|
struct page *page, u64 start, u32 len);
|
|
|
|
|
|
|
|
DECLARE_BTRFS_SUBPAGE_OPS(uptodate);
|
2021-01-26 08:33:53 +00:00
|
|
|
DECLARE_BTRFS_SUBPAGE_OPS(error);
|
2021-03-25 07:14:37 +00:00
|
|
|
DECLARE_BTRFS_SUBPAGE_OPS(dirty);
|
2021-03-25 07:14:38 +00:00
|
|
|
DECLARE_BTRFS_SUBPAGE_OPS(writeback);
|
2021-05-31 08:50:45 +00:00
|
|
|
DECLARE_BTRFS_SUBPAGE_OPS(ordered);
|
2021-03-25 07:14:37 +00:00
|
|
|
|
|
|
|
bool btrfs_subpage_clear_and_test_dirty(const struct btrfs_fs_info *fs_info,
|
|
|
|
struct page *page, u64 start, u32 len);
|
2021-01-26 08:33:52 +00:00
|
|
|
|
2021-01-26 08:33:47 +00:00
|
|
|
#endif
|