2018-06-06 02:42:14 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
2011-01-07 13:02:04 +00:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2010 Red Hat, Inc.
|
|
|
|
* All Rights Reserved.
|
|
|
|
*/
|
|
|
|
#include "xfs.h"
|
2019-06-29 02:25:35 +00:00
|
|
|
#include "xfs_shared.h"
|
2013-08-12 10:49:26 +00:00
|
|
|
#include "xfs_format.h"
|
2013-10-22 23:50:10 +00:00
|
|
|
#include "xfs_log_format.h"
|
|
|
|
#include "xfs_trans_resv.h"
|
2011-01-07 13:02:04 +00:00
|
|
|
#include "xfs_mount.h"
|
2013-10-22 23:51:50 +00:00
|
|
|
#include "xfs_btree.h"
|
|
|
|
#include "xfs_alloc_btree.h"
|
2011-01-07 13:02:04 +00:00
|
|
|
#include "xfs_alloc.h"
|
2019-11-07 01:19:33 +00:00
|
|
|
#include "xfs_discard.h"
|
2011-01-07 13:02:04 +00:00
|
|
|
#include "xfs_error.h"
|
2012-04-29 10:39:43 +00:00
|
|
|
#include "xfs_extent_busy.h"
|
2011-01-07 13:02:04 +00:00
|
|
|
#include "xfs_trace.h"
|
2013-10-22 23:50:10 +00:00
|
|
|
#include "xfs_log.h"
|
2021-06-02 00:48:24 +00:00
|
|
|
#include "xfs_ag.h"
|
2011-01-07 13:02:04 +00:00
|
|
|
|
|
|
|
STATIC int
|
|
|
|
xfs_trim_extents(
|
|
|
|
struct xfs_mount *mp,
|
|
|
|
xfs_agnumber_t agno,
|
2012-03-22 05:15:12 +00:00
|
|
|
xfs_daddr_t start,
|
|
|
|
xfs_daddr_t end,
|
|
|
|
xfs_daddr_t minlen,
|
2017-06-16 18:00:05 +00:00
|
|
|
uint64_t *blocks_trimmed)
|
2011-01-07 13:02:04 +00:00
|
|
|
{
|
|
|
|
struct block_device *bdev = mp->m_ddev_targp->bt_bdev;
|
|
|
|
struct xfs_btree_cur *cur;
|
|
|
|
struct xfs_buf *agbp;
|
2020-03-10 15:57:29 +00:00
|
|
|
struct xfs_agf *agf;
|
2011-01-07 13:02:04 +00:00
|
|
|
struct xfs_perag *pag;
|
|
|
|
int error;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
pag = xfs_perag_get(mp, agno);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Force out the log. This means any transactions that might have freed
|
Force log to disk before reading the AGF during a fstrim
Forcing the log to disk after reading the agf is wrong, we might be
calling xfs_log_force with XFS_LOG_SYNC with a metadata lock held.
This can cause a deadlock when racing a fstrim with a filesystem
shutdown.
The deadlock has been identified due a miscalculation bug in device-mapper
dm-thin, which returns lack of space to its users earlier than the device itself
really runs out of space, changing the device-mapper volume into an error state.
The problem happened while filling the filesystem with a single file,
triggering the bug in device-mapper, consequently causing an IO error
and shutting down the filesystem.
If such file is removed, and fstrim executed before the XFS finishes the
shut down process, the fstrim process will end up holding the buffer
lock, and going to sleep on the cil wait queue.
At this point, the shut down process will try to wake up all the threads
waiting on the cil wait queue, but for this, it will try to hold the
same buffer log already held my the fstrim, locking up the filesystem.
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2018-04-11 05:39:04 +00:00
|
|
|
* space before we take the AGF buffer lock are now on disk, and the
|
2011-01-07 13:02:04 +00:00
|
|
|
* volatile disk cache is flushed.
|
|
|
|
*/
|
|
|
|
xfs_log_force(mp, XFS_LOG_SYNC);
|
|
|
|
|
Force log to disk before reading the AGF during a fstrim
Forcing the log to disk after reading the agf is wrong, we might be
calling xfs_log_force with XFS_LOG_SYNC with a metadata lock held.
This can cause a deadlock when racing a fstrim with a filesystem
shutdown.
The deadlock has been identified due a miscalculation bug in device-mapper
dm-thin, which returns lack of space to its users earlier than the device itself
really runs out of space, changing the device-mapper volume into an error state.
The problem happened while filling the filesystem with a single file,
triggering the bug in device-mapper, consequently causing an IO error
and shutting down the filesystem.
If such file is removed, and fstrim executed before the XFS finishes the
shut down process, the fstrim process will end up holding the buffer
lock, and going to sleep on the cil wait queue.
At this point, the shut down process will try to wake up all the threads
waiting on the cil wait queue, but for this, it will try to hold the
same buffer log already held my the fstrim, locking up the filesystem.
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2018-04-11 05:39:04 +00:00
|
|
|
error = xfs_alloc_read_agf(mp, NULL, agno, 0, &agbp);
|
2020-01-24 01:01:20 +00:00
|
|
|
if (error)
|
Force log to disk before reading the AGF during a fstrim
Forcing the log to disk after reading the agf is wrong, we might be
calling xfs_log_force with XFS_LOG_SYNC with a metadata lock held.
This can cause a deadlock when racing a fstrim with a filesystem
shutdown.
The deadlock has been identified due a miscalculation bug in device-mapper
dm-thin, which returns lack of space to its users earlier than the device itself
really runs out of space, changing the device-mapper volume into an error state.
The problem happened while filling the filesystem with a single file,
triggering the bug in device-mapper, consequently causing an IO error
and shutting down the filesystem.
If such file is removed, and fstrim executed before the XFS finishes the
shut down process, the fstrim process will end up holding the buffer
lock, and going to sleep on the cil wait queue.
At this point, the shut down process will try to wake up all the threads
waiting on the cil wait queue, but for this, it will try to hold the
same buffer log already held my the fstrim, locking up the filesystem.
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2018-04-11 05:39:04 +00:00
|
|
|
goto out_put_perag;
|
2020-03-10 15:57:29 +00:00
|
|
|
agf = agbp->b_addr;
|
Force log to disk before reading the AGF during a fstrim
Forcing the log to disk after reading the agf is wrong, we might be
calling xfs_log_force with XFS_LOG_SYNC with a metadata lock held.
This can cause a deadlock when racing a fstrim with a filesystem
shutdown.
The deadlock has been identified due a miscalculation bug in device-mapper
dm-thin, which returns lack of space to its users earlier than the device itself
really runs out of space, changing the device-mapper volume into an error state.
The problem happened while filling the filesystem with a single file,
triggering the bug in device-mapper, consequently causing an IO error
and shutting down the filesystem.
If such file is removed, and fstrim executed before the XFS finishes the
shut down process, the fstrim process will end up holding the buffer
lock, and going to sleep on the cil wait queue.
At this point, the shut down process will try to wake up all the threads
waiting on the cil wait queue, but for this, it will try to hold the
same buffer log already held my the fstrim, locking up the filesystem.
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2018-04-11 05:39:04 +00:00
|
|
|
|
2021-06-02 00:48:24 +00:00
|
|
|
cur = xfs_allocbt_init_cursor(mp, NULL, agbp, pag, XFS_BTNUM_CNT);
|
Force log to disk before reading the AGF during a fstrim
Forcing the log to disk after reading the agf is wrong, we might be
calling xfs_log_force with XFS_LOG_SYNC with a metadata lock held.
This can cause a deadlock when racing a fstrim with a filesystem
shutdown.
The deadlock has been identified due a miscalculation bug in device-mapper
dm-thin, which returns lack of space to its users earlier than the device itself
really runs out of space, changing the device-mapper volume into an error state.
The problem happened while filling the filesystem with a single file,
triggering the bug in device-mapper, consequently causing an IO error
and shutting down the filesystem.
If such file is removed, and fstrim executed before the XFS finishes the
shut down process, the fstrim process will end up holding the buffer
lock, and going to sleep on the cil wait queue.
At this point, the shut down process will try to wake up all the threads
waiting on the cil wait queue, but for this, it will try to hold the
same buffer log already held my the fstrim, locking up the filesystem.
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2018-04-11 05:39:04 +00:00
|
|
|
|
2011-01-07 13:02:04 +00:00
|
|
|
/*
|
|
|
|
* Look up the longest btree in the AGF and start with it.
|
|
|
|
*/
|
2020-03-10 15:57:29 +00:00
|
|
|
error = xfs_alloc_lookup_ge(cur, 0, be32_to_cpu(agf->agf_longest), &i);
|
2011-01-07 13:02:04 +00:00
|
|
|
if (error)
|
|
|
|
goto out_del_cursor;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Loop until we are done with all extents that are large
|
|
|
|
* enough to be worth discarding.
|
|
|
|
*/
|
|
|
|
while (i) {
|
2012-03-22 05:15:12 +00:00
|
|
|
xfs_agblock_t fbno;
|
|
|
|
xfs_extlen_t flen;
|
|
|
|
xfs_daddr_t dbno;
|
|
|
|
xfs_extlen_t dlen;
|
2011-01-07 13:02:04 +00:00
|
|
|
|
|
|
|
error = xfs_alloc_get_rec(cur, &fbno, &flen, &i);
|
|
|
|
if (error)
|
|
|
|
goto out_del_cursor;
|
xfs: kill the XFS_WANT_CORRUPT_* macros
The XFS_WANT_CORRUPT_* macros conceal subtle side effects such as the
creation of local variables and redirections of the code flow. This is
pretty ugly, so replace them with explicit XFS_IS_CORRUPT tests that
remove both of those ugly points. The change was performed with the
following coccinelle script:
@@
expression mp, test;
identifier label;
@@
- XFS_WANT_CORRUPTED_GOTO(mp, test, label);
+ if (XFS_IS_CORRUPT(mp, !test)) { error = -EFSCORRUPTED; goto label; }
@@
expression mp, test;
@@
- XFS_WANT_CORRUPTED_RETURN(mp, test);
+ if (XFS_IS_CORRUPT(mp, !test)) return -EFSCORRUPTED;
@@
expression mp, lval, rval;
@@
- XFS_IS_CORRUPT(mp, !(lval == rval))
+ XFS_IS_CORRUPT(mp, lval != rval)
@@
expression mp, e1, e2;
@@
- XFS_IS_CORRUPT(mp, !(e1 && e2))
+ XFS_IS_CORRUPT(mp, !e1 || !e2)
@@
expression e1, e2;
@@
- !(e1 == e2)
+ e1 != e2
@@
expression e1, e2, e3, e4, e5, e6;
@@
- !(e1 == e2 && e3 == e4) || e5 != e6
+ e1 != e2 || e3 != e4 || e5 != e6
@@
expression e1, e2, e3, e4, e5, e6;
@@
- !(e1 == e2 || (e3 <= e4 && e5 <= e6))
+ e1 != e2 && (e3 > e4 || e5 > e6)
@@
expression mp, e1, e2;
@@
- XFS_IS_CORRUPT(mp, !(e1 <= e2))
+ XFS_IS_CORRUPT(mp, e1 > e2)
@@
expression mp, e1, e2;
@@
- XFS_IS_CORRUPT(mp, !(e1 < e2))
+ XFS_IS_CORRUPT(mp, e1 >= e2)
@@
expression mp, e1;
@@
- XFS_IS_CORRUPT(mp, !!e1)
+ XFS_IS_CORRUPT(mp, e1)
@@
expression mp, e1, e2;
@@
- XFS_IS_CORRUPT(mp, !(e1 || e2))
+ XFS_IS_CORRUPT(mp, !e1 && !e2)
@@
expression mp, e1, e2, e3, e4;
@@
- XFS_IS_CORRUPT(mp, !(e1 == e2) && !(e3 == e4))
+ XFS_IS_CORRUPT(mp, e1 != e2 && e3 != e4)
@@
expression mp, e1, e2, e3, e4;
@@
- XFS_IS_CORRUPT(mp, !(e1 <= e2) || !(e3 >= e4))
+ XFS_IS_CORRUPT(mp, e1 > e2 || e3 < e4)
@@
expression mp, e1, e2, e3, e4;
@@
- XFS_IS_CORRUPT(mp, !(e1 == e2) && !(e3 <= e4))
+ XFS_IS_CORRUPT(mp, e1 != e2 && e3 > e4)
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2019-11-11 20:52:18 +00:00
|
|
|
if (XFS_IS_CORRUPT(mp, i != 1)) {
|
|
|
|
error = -EFSCORRUPTED;
|
|
|
|
goto out_del_cursor;
|
|
|
|
}
|
2020-03-10 15:57:29 +00:00
|
|
|
ASSERT(flen <= be32_to_cpu(agf->agf_longest));
|
2011-01-07 13:02:04 +00:00
|
|
|
|
2012-03-22 05:15:12 +00:00
|
|
|
/*
|
|
|
|
* use daddr format for all range/len calculations as that is
|
|
|
|
* the format the range/len variables are supplied in by
|
|
|
|
* userspace.
|
|
|
|
*/
|
|
|
|
dbno = XFS_AGB_TO_DADDR(mp, agno, fbno);
|
|
|
|
dlen = XFS_FSB_TO_BB(mp, flen);
|
|
|
|
|
2011-01-07 13:02:04 +00:00
|
|
|
/*
|
|
|
|
* Too small? Give up.
|
|
|
|
*/
|
2012-03-22 05:15:12 +00:00
|
|
|
if (dlen < minlen) {
|
2011-01-07 13:02:04 +00:00
|
|
|
trace_xfs_discard_toosmall(mp, agno, fbno, flen);
|
|
|
|
goto out_del_cursor;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the extent is entirely outside of the range we are
|
|
|
|
* supposed to discard skip it. Do not bother to trim
|
|
|
|
* down partially overlapping ranges for now.
|
|
|
|
*/
|
2012-03-22 05:15:12 +00:00
|
|
|
if (dbno + dlen < start || dbno > end) {
|
2011-01-07 13:02:04 +00:00
|
|
|
trace_xfs_discard_exclude(mp, agno, fbno, flen);
|
|
|
|
goto next_extent;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If any blocks in the range are still busy, skip the
|
|
|
|
* discard and try again the next time.
|
|
|
|
*/
|
2021-06-02 00:48:24 +00:00
|
|
|
if (xfs_extent_busy_search(mp, pag, fbno, flen)) {
|
2011-01-07 13:02:04 +00:00
|
|
|
trace_xfs_discard_busy(mp, agno, fbno, flen);
|
|
|
|
goto next_extent;
|
|
|
|
}
|
|
|
|
|
|
|
|
trace_xfs_discard_extent(mp, agno, fbno, flen);
|
2014-06-25 04:58:08 +00:00
|
|
|
error = blkdev_issue_discard(bdev, dbno, dlen, GFP_NOFS, 0);
|
2011-01-07 13:02:04 +00:00
|
|
|
if (error)
|
|
|
|
goto out_del_cursor;
|
|
|
|
*blocks_trimmed += flen;
|
|
|
|
|
|
|
|
next_extent:
|
|
|
|
error = xfs_btree_decrement(cur, 0, &i);
|
|
|
|
if (error)
|
|
|
|
goto out_del_cursor;
|
2017-04-27 15:59:36 +00:00
|
|
|
|
|
|
|
if (fatal_signal_pending(current)) {
|
|
|
|
error = -ERESTARTSYS;
|
|
|
|
goto out_del_cursor;
|
|
|
|
}
|
2011-01-07 13:02:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
out_del_cursor:
|
2018-07-19 19:26:31 +00:00
|
|
|
xfs_btree_del_cursor(cur, error);
|
2011-01-07 13:02:04 +00:00
|
|
|
xfs_buf_relse(agbp);
|
|
|
|
out_put_perag:
|
|
|
|
xfs_perag_put(pag);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2012-03-22 05:15:12 +00:00
|
|
|
/*
|
|
|
|
* trim a range of the filesystem.
|
|
|
|
*
|
|
|
|
* Note: the parameters passed from userspace are byte ranges into the
|
|
|
|
* filesystem which does not match to the format we use for filesystem block
|
|
|
|
* addressing. FSB addressing is sparse (AGNO|AGBNO), while the incoming format
|
|
|
|
* is a linear address range. Hence we need to use DADDR based conversions and
|
|
|
|
* comparisons for determining the correct offset and regions to trim.
|
|
|
|
*/
|
2011-01-07 13:02:04 +00:00
|
|
|
int
|
|
|
|
xfs_ioc_trim(
|
|
|
|
struct xfs_mount *mp,
|
|
|
|
struct fstrim_range __user *urange)
|
|
|
|
{
|
2013-11-20 08:08:53 +00:00
|
|
|
struct request_queue *q = bdev_get_queue(mp->m_ddev_targp->bt_bdev);
|
2011-01-07 13:02:04 +00:00
|
|
|
unsigned int granularity = q->limits.discard_granularity;
|
|
|
|
struct fstrim_range range;
|
2012-03-22 05:15:12 +00:00
|
|
|
xfs_daddr_t start, end, minlen;
|
2011-01-07 13:02:04 +00:00
|
|
|
xfs_agnumber_t start_agno, end_agno, agno;
|
2017-06-16 18:00:05 +00:00
|
|
|
uint64_t blocks_trimmed = 0;
|
2011-01-07 13:02:04 +00:00
|
|
|
int error, last_error = 0;
|
|
|
|
|
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
2014-06-22 05:04:54 +00:00
|
|
|
return -EPERM;
|
2011-02-15 17:07:36 +00:00
|
|
|
if (!blk_queue_discard(q))
|
2014-06-22 05:04:54 +00:00
|
|
|
return -EOPNOTSUPP;
|
2019-03-23 01:10:22 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* We haven't recovered the log, so we cannot use our bnobt-guided
|
|
|
|
* storage zapping commands.
|
|
|
|
*/
|
2021-08-19 01:46:52 +00:00
|
|
|
if (xfs_has_norecovery(mp))
|
2019-03-23 01:10:22 +00:00
|
|
|
return -EROFS;
|
|
|
|
|
2011-01-07 13:02:04 +00:00
|
|
|
if (copy_from_user(&range, urange, sizeof(range)))
|
2014-06-22 05:04:54 +00:00
|
|
|
return -EFAULT;
|
2011-01-07 13:02:04 +00:00
|
|
|
|
2019-04-12 14:39:21 +00:00
|
|
|
range.minlen = max_t(u64, granularity, range.minlen);
|
|
|
|
minlen = BTOBB(range.minlen);
|
2011-01-07 13:02:04 +00:00
|
|
|
/*
|
|
|
|
* Truncating down the len isn't actually quite correct, but using
|
2012-03-22 05:15:12 +00:00
|
|
|
* BBTOB would mean we trivially get overflows for values
|
2011-01-07 13:02:04 +00:00
|
|
|
* of ULLONG_MAX or slightly lower. And ULLONG_MAX is the default
|
|
|
|
* used by the fstrim application. In the end it really doesn't
|
|
|
|
* matter as trimming blocks is an advisory interface.
|
|
|
|
*/
|
2012-08-14 08:35:04 +00:00
|
|
|
if (range.start >= XFS_FSB_TO_B(mp, mp->m_sb.sb_dblocks) ||
|
2016-08-03 01:38:24 +00:00
|
|
|
range.minlen > XFS_FSB_TO_B(mp, mp->m_ag_max_usable) ||
|
2013-11-20 08:08:53 +00:00
|
|
|
range.len < mp->m_sb.sb_blocksize)
|
2014-06-22 05:04:54 +00:00
|
|
|
return -EINVAL;
|
2012-08-14 08:35:04 +00:00
|
|
|
|
2012-03-22 05:15:12 +00:00
|
|
|
start = BTOBB(range.start);
|
|
|
|
end = start + BTOBBT(range.len) - 1;
|
2011-01-07 13:02:04 +00:00
|
|
|
|
2012-03-22 05:15:12 +00:00
|
|
|
if (end > XFS_FSB_TO_BB(mp, mp->m_sb.sb_dblocks) - 1)
|
|
|
|
end = XFS_FSB_TO_BB(mp, mp->m_sb.sb_dblocks)- 1;
|
2011-01-07 13:02:04 +00:00
|
|
|
|
2012-03-22 05:15:12 +00:00
|
|
|
start_agno = xfs_daddr_to_agno(mp, start);
|
|
|
|
end_agno = xfs_daddr_to_agno(mp, end);
|
2011-01-07 13:02:04 +00:00
|
|
|
|
|
|
|
for (agno = start_agno; agno <= end_agno; agno++) {
|
2014-06-25 04:58:08 +00:00
|
|
|
error = xfs_trim_extents(mp, agno, start, end, minlen,
|
2011-01-07 13:02:04 +00:00
|
|
|
&blocks_trimmed);
|
2017-04-27 15:59:36 +00:00
|
|
|
if (error) {
|
2011-01-07 13:02:04 +00:00
|
|
|
last_error = error;
|
2017-04-27 15:59:36 +00:00
|
|
|
if (error == -ERESTARTSYS)
|
|
|
|
break;
|
|
|
|
}
|
2011-01-07 13:02:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (last_error)
|
|
|
|
return last_error;
|
|
|
|
|
|
|
|
range.len = XFS_FSB_TO_B(mp, blocks_trimmed);
|
|
|
|
if (copy_to_user(urange, &range, sizeof(range)))
|
2014-06-22 05:04:54 +00:00
|
|
|
return -EFAULT;
|
2011-01-07 13:02:04 +00:00
|
|
|
return 0;
|
|
|
|
}
|