2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* include/linux/backing-dev.h
|
|
|
|
*
|
|
|
|
* low-level device information and state which is propagated up through
|
|
|
|
* to high-level code.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _LINUX_BACKING_DEV_H
|
|
|
|
#define _LINUX_BACKING_DEV_H
|
|
|
|
|
2007-10-17 14:25:47 +08:00
|
|
|
#include <linux/percpu_counter.h>
|
|
|
|
#include <linux/log2.h>
|
2012-05-25 00:59:11 +08:00
|
|
|
#include <linux/flex_proportions.h>
|
2008-04-30 15:54:32 +08:00
|
|
|
#include <linux/kernel.h>
|
2008-04-30 15:54:37 +08:00
|
|
|
#include <linux/fs.h>
|
2009-09-09 15:08:54 +08:00
|
|
|
#include <linux/sched.h>
|
2010-04-06 20:25:14 +08:00
|
|
|
#include <linux/timer.h>
|
2009-09-09 15:08:54 +08:00
|
|
|
#include <linux/writeback.h>
|
2011-07-27 07:09:06 +08:00
|
|
|
#include <linux/atomic.h>
|
2012-08-01 07:41:52 +08:00
|
|
|
#include <linux/sysctl.h>
|
writeback: replace custom worker pool implementation with unbound workqueue
Writeback implements its own worker pool - each bdi can be associated
with a worker thread which is created and destroyed dynamically. The
worker thread for the default bdi is always present and serves as the
"forker" thread which forks off worker threads for other bdis.
there's no reason for writeback to implement its own worker pool when
using unbound workqueue instead is much simpler and more efficient.
This patch replaces custom worker pool implementation in writeback
with an unbound workqueue.
The conversion isn't too complicated but the followings are worth
mentioning.
* bdi_writeback->last_active, task and wakeup_timer are removed.
delayed_work ->dwork is added instead. Explicit timer handling is
no longer necessary. Everything works by either queueing / modding
/ flushing / canceling the delayed_work item.
* bdi_writeback_thread() becomes bdi_writeback_workfn() which runs off
bdi_writeback->dwork. On each execution, it processes
bdi->work_list and reschedules itself if there are more things to
do.
The function also handles low-mem condition, which used to be
handled by the forker thread. If the function is running off a
rescuer thread, it only writes out limited number of pages so that
the rescuer can serve other bdis too. This preserves the flusher
creation failure behavior of the forker thread.
* INIT_LIST_HEAD(&bdi->bdi_list) is used to tell
bdi_writeback_workfn() about on-going bdi unregistration so that it
always drains work_list even if it's running off the rescuer. Note
that the original code was broken in this regard. Under memory
pressure, a bdi could finish unregistration with non-empty
work_list.
* The default bdi is no longer special. It now is treated the same as
any other bdi and bdi_cap_flush_forker() is removed.
* BDI_pending is no longer used. Removed.
* Some tracepoints become non-applicable. The following TPs are
removed - writeback_nothread, writeback_wake_thread,
writeback_wake_forker_thread, writeback_thread_start,
writeback_thread_stop.
Everything, including devices coming and going away and rescuer
operation under simulated memory pressure, seems to work fine in my
test setup.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Fengguang Wu <fengguang.wu@intel.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
2013-04-02 10:08:06 +08:00
|
|
|
#include <linux/workqueue.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-10-20 14:28:16 +08:00
|
|
|
struct page;
|
2008-04-30 15:54:32 +08:00
|
|
|
struct device;
|
2008-04-30 15:54:36 +08:00
|
|
|
struct dentry;
|
2006-10-20 14:28:16 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Bits in backing_dev_info.state
|
|
|
|
*/
|
|
|
|
enum bdi_state {
|
2009-09-09 15:08:54 +08:00
|
|
|
BDI_wb_alloc, /* Default embedded wb allocated */
|
2009-04-06 20:48:01 +08:00
|
|
|
BDI_async_congested, /* The async (write) queue is getting full */
|
|
|
|
BDI_sync_congested, /* The sync queue is getting full */
|
2009-09-09 15:10:25 +08:00
|
|
|
BDI_registered, /* bdi_register() was done */
|
2010-08-12 05:17:44 +08:00
|
|
|
BDI_writeback_running, /* Writeback is in progress */
|
2005-04-17 06:20:36 +08:00
|
|
|
BDI_unused, /* Available bits start here */
|
|
|
|
};
|
|
|
|
|
|
|
|
typedef int (congested_fn)(void *, int);
|
|
|
|
|
2007-10-17 14:25:47 +08:00
|
|
|
enum bdi_stat_item {
|
2007-10-17 14:25:47 +08:00
|
|
|
BDI_RECLAIMABLE,
|
2007-10-17 14:25:48 +08:00
|
|
|
BDI_WRITEBACK,
|
2011-01-24 00:07:47 +08:00
|
|
|
BDI_DIRTIED,
|
2010-12-09 12:44:24 +08:00
|
|
|
BDI_WRITTEN,
|
2007-10-17 14:25:47 +08:00
|
|
|
NR_BDI_STAT_ITEMS
|
|
|
|
};
|
|
|
|
|
|
|
|
#define BDI_STAT_BATCH (8*(1+ilog2(nr_cpu_ids)))
|
|
|
|
|
2009-09-09 15:08:54 +08:00
|
|
|
struct bdi_writeback {
|
2010-07-25 19:29:18 +08:00
|
|
|
struct backing_dev_info *bdi; /* our parent bdi */
|
2009-09-09 15:08:54 +08:00
|
|
|
unsigned int nr;
|
|
|
|
|
2010-07-25 19:29:18 +08:00
|
|
|
unsigned long last_old_flush; /* last old data flush */
|
2009-09-09 15:08:54 +08:00
|
|
|
|
writeback: replace custom worker pool implementation with unbound workqueue
Writeback implements its own worker pool - each bdi can be associated
with a worker thread which is created and destroyed dynamically. The
worker thread for the default bdi is always present and serves as the
"forker" thread which forks off worker threads for other bdis.
there's no reason for writeback to implement its own worker pool when
using unbound workqueue instead is much simpler and more efficient.
This patch replaces custom worker pool implementation in writeback
with an unbound workqueue.
The conversion isn't too complicated but the followings are worth
mentioning.
* bdi_writeback->last_active, task and wakeup_timer are removed.
delayed_work ->dwork is added instead. Explicit timer handling is
no longer necessary. Everything works by either queueing / modding
/ flushing / canceling the delayed_work item.
* bdi_writeback_thread() becomes bdi_writeback_workfn() which runs off
bdi_writeback->dwork. On each execution, it processes
bdi->work_list and reschedules itself if there are more things to
do.
The function also handles low-mem condition, which used to be
handled by the forker thread. If the function is running off a
rescuer thread, it only writes out limited number of pages so that
the rescuer can serve other bdis too. This preserves the flusher
creation failure behavior of the forker thread.
* INIT_LIST_HEAD(&bdi->bdi_list) is used to tell
bdi_writeback_workfn() about on-going bdi unregistration so that it
always drains work_list even if it's running off the rescuer. Note
that the original code was broken in this regard. Under memory
pressure, a bdi could finish unregistration with non-empty
work_list.
* The default bdi is no longer special. It now is treated the same as
any other bdi and bdi_cap_flush_forker() is removed.
* BDI_pending is no longer used. Removed.
* Some tracepoints become non-applicable. The following TPs are
removed - writeback_nothread, writeback_wake_thread,
writeback_wake_forker_thread, writeback_thread_start,
writeback_thread_stop.
Everything, including devices coming and going away and rescuer
operation under simulated memory pressure, seems to work fine in my
test setup.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Fengguang Wu <fengguang.wu@intel.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
2013-04-02 10:08:06 +08:00
|
|
|
struct delayed_work dwork; /* work item used for writeback */
|
2010-07-25 19:29:18 +08:00
|
|
|
struct list_head b_dirty; /* dirty inodes */
|
|
|
|
struct list_head b_io; /* parked for writeback */
|
|
|
|
struct list_head b_more_io; /* parked for more writeback */
|
2011-04-22 08:19:44 +08:00
|
|
|
spinlock_t list_lock; /* protects the b_* lists */
|
2009-09-09 15:08:54 +08:00
|
|
|
};
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
struct backing_dev_info {
|
2009-09-02 15:19:46 +08:00
|
|
|
struct list_head bdi_list;
|
2005-04-17 06:20:36 +08:00
|
|
|
unsigned long ra_pages; /* max readahead in PAGE_CACHE_SIZE units */
|
|
|
|
unsigned long state; /* Always use atomic bitops on this */
|
|
|
|
unsigned int capabilities; /* Device capabilities */
|
|
|
|
congested_fn *congested_fn; /* Function pointer if device is md/dm */
|
|
|
|
void *congested_data; /* Pointer to aux data for congested func */
|
2007-10-17 14:25:47 +08:00
|
|
|
|
2009-06-12 20:45:52 +08:00
|
|
|
char *name;
|
|
|
|
|
2007-10-17 14:25:47 +08:00
|
|
|
struct percpu_counter bdi_stat[NR_BDI_STAT_ITEMS];
|
2007-10-17 14:25:50 +08:00
|
|
|
|
2010-08-30 01:22:30 +08:00
|
|
|
unsigned long bw_time_stamp; /* last time write bw is updated */
|
writeback: dirty rate control
It's all about bdi->dirty_ratelimit, which aims to be (write_bw / N)
when there are N dd tasks.
On write() syscall, use bdi->dirty_ratelimit
============================================
balance_dirty_pages(pages_dirtied)
{
task_ratelimit = bdi->dirty_ratelimit * bdi_position_ratio();
pause = pages_dirtied / task_ratelimit;
sleep(pause);
}
On every 200ms, update bdi->dirty_ratelimit
===========================================
bdi_update_dirty_ratelimit()
{
task_ratelimit = bdi->dirty_ratelimit * bdi_position_ratio();
balanced_dirty_ratelimit = task_ratelimit * write_bw / dirty_rate;
bdi->dirty_ratelimit = balanced_dirty_ratelimit
}
Estimation of balanced bdi->dirty_ratelimit
===========================================
balanced task_ratelimit
-----------------------
balance_dirty_pages() needs to throttle tasks dirtying pages such that
the total amount of dirty pages stays below the specified dirty limit in
order to avoid memory deadlocks. Furthermore we desire fairness in that
tasks get throttled proportionally to the amount of pages they dirty.
IOW we want to throttle tasks such that we match the dirty rate to the
writeout bandwidth, this yields a stable amount of dirty pages:
dirty_rate == write_bw (1)
The fairness requirement gives us:
task_ratelimit = balanced_dirty_ratelimit
== write_bw / N (2)
where N is the number of dd tasks. We don't know N beforehand, but
still can estimate balanced_dirty_ratelimit within 200ms.
Start by throttling each dd task at rate
task_ratelimit = task_ratelimit_0 (3)
(any non-zero initial value is OK)
After 200ms, we measured
dirty_rate = # of pages dirtied by all dd's / 200ms
write_bw = # of pages written to the disk / 200ms
For the aggressive dd dirtiers, the equality holds
dirty_rate == N * task_rate
== N * task_ratelimit_0 (4)
Or
task_ratelimit_0 == dirty_rate / N (5)
Now we conclude that the balanced task ratelimit can be estimated by
write_bw
balanced_dirty_ratelimit = task_ratelimit_0 * ---------- (6)
dirty_rate
Because with (4) and (5) we can get the desired equality (1):
write_bw
balanced_dirty_ratelimit == (dirty_rate / N) * ----------
dirty_rate
== write_bw / N
Then using the balanced task ratelimit we can compute task pause times like:
task_pause = task->nr_dirtied / task_ratelimit
task_ratelimit with position control
------------------------------------
However, while the above gives us means of matching the dirty rate to
the writeout bandwidth, it at best provides us with a stable dirty page
count (assuming a static system). In order to control the dirty page
count such that it is high enough to provide performance, but does not
exceed the specified limit we need another control.
The dirty position control works by extending (2) to
task_ratelimit = balanced_dirty_ratelimit * pos_ratio (7)
where pos_ratio is a negative feedback function that subjects to
1) f(setpoint) = 1.0
2) df/dx < 0
That is, if the dirty pages are ABOVE the setpoint, we throttle each
task a bit more HEAVY than balanced_dirty_ratelimit, so that the dirty
pages are created less fast than they are cleaned, thus DROP to the
setpoints (and the reverse).
Based on (7) and the assumption that both dirty_ratelimit and pos_ratio
remains CONSTANT for the past 200ms, we get
task_ratelimit_0 = balanced_dirty_ratelimit * pos_ratio (8)
Putting (8) into (6), we get the formula used in
bdi_update_dirty_ratelimit():
write_bw
balanced_dirty_ratelimit *= pos_ratio * ---------- (9)
dirty_rate
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
2011-06-13 00:51:31 +08:00
|
|
|
unsigned long dirtied_stamp;
|
2010-08-30 01:22:30 +08:00
|
|
|
unsigned long written_stamp; /* pages written at bw_time_stamp */
|
|
|
|
unsigned long write_bandwidth; /* the estimated write bandwidth */
|
|
|
|
unsigned long avg_write_bandwidth; /* further smoothed write bw */
|
|
|
|
|
writeback: dirty rate control
It's all about bdi->dirty_ratelimit, which aims to be (write_bw / N)
when there are N dd tasks.
On write() syscall, use bdi->dirty_ratelimit
============================================
balance_dirty_pages(pages_dirtied)
{
task_ratelimit = bdi->dirty_ratelimit * bdi_position_ratio();
pause = pages_dirtied / task_ratelimit;
sleep(pause);
}
On every 200ms, update bdi->dirty_ratelimit
===========================================
bdi_update_dirty_ratelimit()
{
task_ratelimit = bdi->dirty_ratelimit * bdi_position_ratio();
balanced_dirty_ratelimit = task_ratelimit * write_bw / dirty_rate;
bdi->dirty_ratelimit = balanced_dirty_ratelimit
}
Estimation of balanced bdi->dirty_ratelimit
===========================================
balanced task_ratelimit
-----------------------
balance_dirty_pages() needs to throttle tasks dirtying pages such that
the total amount of dirty pages stays below the specified dirty limit in
order to avoid memory deadlocks. Furthermore we desire fairness in that
tasks get throttled proportionally to the amount of pages they dirty.
IOW we want to throttle tasks such that we match the dirty rate to the
writeout bandwidth, this yields a stable amount of dirty pages:
dirty_rate == write_bw (1)
The fairness requirement gives us:
task_ratelimit = balanced_dirty_ratelimit
== write_bw / N (2)
where N is the number of dd tasks. We don't know N beforehand, but
still can estimate balanced_dirty_ratelimit within 200ms.
Start by throttling each dd task at rate
task_ratelimit = task_ratelimit_0 (3)
(any non-zero initial value is OK)
After 200ms, we measured
dirty_rate = # of pages dirtied by all dd's / 200ms
write_bw = # of pages written to the disk / 200ms
For the aggressive dd dirtiers, the equality holds
dirty_rate == N * task_rate
== N * task_ratelimit_0 (4)
Or
task_ratelimit_0 == dirty_rate / N (5)
Now we conclude that the balanced task ratelimit can be estimated by
write_bw
balanced_dirty_ratelimit = task_ratelimit_0 * ---------- (6)
dirty_rate
Because with (4) and (5) we can get the desired equality (1):
write_bw
balanced_dirty_ratelimit == (dirty_rate / N) * ----------
dirty_rate
== write_bw / N
Then using the balanced task ratelimit we can compute task pause times like:
task_pause = task->nr_dirtied / task_ratelimit
task_ratelimit with position control
------------------------------------
However, while the above gives us means of matching the dirty rate to
the writeout bandwidth, it at best provides us with a stable dirty page
count (assuming a static system). In order to control the dirty page
count such that it is high enough to provide performance, but does not
exceed the specified limit we need another control.
The dirty position control works by extending (2) to
task_ratelimit = balanced_dirty_ratelimit * pos_ratio (7)
where pos_ratio is a negative feedback function that subjects to
1) f(setpoint) = 1.0
2) df/dx < 0
That is, if the dirty pages are ABOVE the setpoint, we throttle each
task a bit more HEAVY than balanced_dirty_ratelimit, so that the dirty
pages are created less fast than they are cleaned, thus DROP to the
setpoints (and the reverse).
Based on (7) and the assumption that both dirty_ratelimit and pos_ratio
remains CONSTANT for the past 200ms, we get
task_ratelimit_0 = balanced_dirty_ratelimit * pos_ratio (8)
Putting (8) into (6), we get the formula used in
bdi_update_dirty_ratelimit():
write_bw
balanced_dirty_ratelimit *= pos_ratio * ---------- (9)
dirty_rate
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
2011-06-13 00:51:31 +08:00
|
|
|
/*
|
|
|
|
* The base dirty throttle rate, re-calculated on every 200ms.
|
|
|
|
* All the bdi tasks' dirty rate will be curbed under it.
|
writeback: stabilize bdi->dirty_ratelimit
There are some imperfections in balanced_dirty_ratelimit.
1) large fluctuations
The dirty_rate used for computing balanced_dirty_ratelimit is merely
averaged in the past 200ms (very small comparing to the 3s estimation
period for write_bw), which makes rather dispersed distribution of
balanced_dirty_ratelimit.
It's pretty hard to average out the singular points by increasing the
estimation period. Considering that the averaging technique will
introduce very undesirable time lags, I give it up totally. (btw, the 3s
write_bw averaging time lag is much more acceptable because its impact
is one-way and therefore won't lead to oscillations.)
The more practical way is filtering -- most singular
balanced_dirty_ratelimit points can be filtered out by remembering some
prev_balanced_rate and prev_prev_balanced_rate. However the more
reliable way is to guard balanced_dirty_ratelimit with task_ratelimit.
2) due to truncates and fs redirties, the (write_bw <=> dirty_rate)
match could become unbalanced, which may lead to large systematical
errors in balanced_dirty_ratelimit. The truncates, due to its possibly
bumpy nature, can hardly be compensated smoothly. So let's face it. When
some over-estimated balanced_dirty_ratelimit brings dirty_ratelimit
high, dirty pages will go higher than the setpoint. task_ratelimit will
in turn become lower than dirty_ratelimit. So if we consider both
balanced_dirty_ratelimit and task_ratelimit and update dirty_ratelimit
only when they are on the same side of dirty_ratelimit, the systematical
errors in balanced_dirty_ratelimit won't be able to bring
dirty_ratelimit far away.
The balanced_dirty_ratelimit estimation may also be inaccurate near
@limit or @freerun, however is less an issue.
3) since we ultimately want to
- keep the fluctuations of task ratelimit as small as possible
- keep the dirty pages around the setpoint as long time as possible
the update policy used for (2) also serves the above goals nicely:
if for some reason the dirty pages are high (task_ratelimit < dirty_ratelimit),
and dirty_ratelimit is low (dirty_ratelimit < balanced_dirty_ratelimit),
there is no point to bring up dirty_ratelimit in a hurry only to hurt
both the above two goals.
So, we make use of task_ratelimit to limit the update of dirty_ratelimit
in two ways:
1) avoid changing dirty rate when it's against the position control target
(the adjusted rate will slow down the progress of dirty pages going
back to setpoint).
2) limit the step size. task_ratelimit is changing values step by step,
leaving a consistent trace comparing to the randomly jumping
balanced_dirty_ratelimit. task_ratelimit also has the nice smaller
errors in stable state and typically larger errors when there are big
errors in rate. So it's a pretty good limiting factor for the step
size of dirty_ratelimit.
Note that bdi->dirty_ratelimit is always tracking balanced_dirty_ratelimit.
task_ratelimit is merely used as a limiting factor.
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
2011-08-27 05:53:24 +08:00
|
|
|
* @dirty_ratelimit tracks the estimated @balanced_dirty_ratelimit
|
|
|
|
* in small steps and is much more smooth/stable than the latter.
|
writeback: dirty rate control
It's all about bdi->dirty_ratelimit, which aims to be (write_bw / N)
when there are N dd tasks.
On write() syscall, use bdi->dirty_ratelimit
============================================
balance_dirty_pages(pages_dirtied)
{
task_ratelimit = bdi->dirty_ratelimit * bdi_position_ratio();
pause = pages_dirtied / task_ratelimit;
sleep(pause);
}
On every 200ms, update bdi->dirty_ratelimit
===========================================
bdi_update_dirty_ratelimit()
{
task_ratelimit = bdi->dirty_ratelimit * bdi_position_ratio();
balanced_dirty_ratelimit = task_ratelimit * write_bw / dirty_rate;
bdi->dirty_ratelimit = balanced_dirty_ratelimit
}
Estimation of balanced bdi->dirty_ratelimit
===========================================
balanced task_ratelimit
-----------------------
balance_dirty_pages() needs to throttle tasks dirtying pages such that
the total amount of dirty pages stays below the specified dirty limit in
order to avoid memory deadlocks. Furthermore we desire fairness in that
tasks get throttled proportionally to the amount of pages they dirty.
IOW we want to throttle tasks such that we match the dirty rate to the
writeout bandwidth, this yields a stable amount of dirty pages:
dirty_rate == write_bw (1)
The fairness requirement gives us:
task_ratelimit = balanced_dirty_ratelimit
== write_bw / N (2)
where N is the number of dd tasks. We don't know N beforehand, but
still can estimate balanced_dirty_ratelimit within 200ms.
Start by throttling each dd task at rate
task_ratelimit = task_ratelimit_0 (3)
(any non-zero initial value is OK)
After 200ms, we measured
dirty_rate = # of pages dirtied by all dd's / 200ms
write_bw = # of pages written to the disk / 200ms
For the aggressive dd dirtiers, the equality holds
dirty_rate == N * task_rate
== N * task_ratelimit_0 (4)
Or
task_ratelimit_0 == dirty_rate / N (5)
Now we conclude that the balanced task ratelimit can be estimated by
write_bw
balanced_dirty_ratelimit = task_ratelimit_0 * ---------- (6)
dirty_rate
Because with (4) and (5) we can get the desired equality (1):
write_bw
balanced_dirty_ratelimit == (dirty_rate / N) * ----------
dirty_rate
== write_bw / N
Then using the balanced task ratelimit we can compute task pause times like:
task_pause = task->nr_dirtied / task_ratelimit
task_ratelimit with position control
------------------------------------
However, while the above gives us means of matching the dirty rate to
the writeout bandwidth, it at best provides us with a stable dirty page
count (assuming a static system). In order to control the dirty page
count such that it is high enough to provide performance, but does not
exceed the specified limit we need another control.
The dirty position control works by extending (2) to
task_ratelimit = balanced_dirty_ratelimit * pos_ratio (7)
where pos_ratio is a negative feedback function that subjects to
1) f(setpoint) = 1.0
2) df/dx < 0
That is, if the dirty pages are ABOVE the setpoint, we throttle each
task a bit more HEAVY than balanced_dirty_ratelimit, so that the dirty
pages are created less fast than they are cleaned, thus DROP to the
setpoints (and the reverse).
Based on (7) and the assumption that both dirty_ratelimit and pos_ratio
remains CONSTANT for the past 200ms, we get
task_ratelimit_0 = balanced_dirty_ratelimit * pos_ratio (8)
Putting (8) into (6), we get the formula used in
bdi_update_dirty_ratelimit():
write_bw
balanced_dirty_ratelimit *= pos_ratio * ---------- (9)
dirty_rate
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
2011-06-13 00:51:31 +08:00
|
|
|
*/
|
|
|
|
unsigned long dirty_ratelimit;
|
writeback: stabilize bdi->dirty_ratelimit
There are some imperfections in balanced_dirty_ratelimit.
1) large fluctuations
The dirty_rate used for computing balanced_dirty_ratelimit is merely
averaged in the past 200ms (very small comparing to the 3s estimation
period for write_bw), which makes rather dispersed distribution of
balanced_dirty_ratelimit.
It's pretty hard to average out the singular points by increasing the
estimation period. Considering that the averaging technique will
introduce very undesirable time lags, I give it up totally. (btw, the 3s
write_bw averaging time lag is much more acceptable because its impact
is one-way and therefore won't lead to oscillations.)
The more practical way is filtering -- most singular
balanced_dirty_ratelimit points can be filtered out by remembering some
prev_balanced_rate and prev_prev_balanced_rate. However the more
reliable way is to guard balanced_dirty_ratelimit with task_ratelimit.
2) due to truncates and fs redirties, the (write_bw <=> dirty_rate)
match could become unbalanced, which may lead to large systematical
errors in balanced_dirty_ratelimit. The truncates, due to its possibly
bumpy nature, can hardly be compensated smoothly. So let's face it. When
some over-estimated balanced_dirty_ratelimit brings dirty_ratelimit
high, dirty pages will go higher than the setpoint. task_ratelimit will
in turn become lower than dirty_ratelimit. So if we consider both
balanced_dirty_ratelimit and task_ratelimit and update dirty_ratelimit
only when they are on the same side of dirty_ratelimit, the systematical
errors in balanced_dirty_ratelimit won't be able to bring
dirty_ratelimit far away.
The balanced_dirty_ratelimit estimation may also be inaccurate near
@limit or @freerun, however is less an issue.
3) since we ultimately want to
- keep the fluctuations of task ratelimit as small as possible
- keep the dirty pages around the setpoint as long time as possible
the update policy used for (2) also serves the above goals nicely:
if for some reason the dirty pages are high (task_ratelimit < dirty_ratelimit),
and dirty_ratelimit is low (dirty_ratelimit < balanced_dirty_ratelimit),
there is no point to bring up dirty_ratelimit in a hurry only to hurt
both the above two goals.
So, we make use of task_ratelimit to limit the update of dirty_ratelimit
in two ways:
1) avoid changing dirty rate when it's against the position control target
(the adjusted rate will slow down the progress of dirty pages going
back to setpoint).
2) limit the step size. task_ratelimit is changing values step by step,
leaving a consistent trace comparing to the randomly jumping
balanced_dirty_ratelimit. task_ratelimit also has the nice smaller
errors in stable state and typically larger errors when there are big
errors in rate. So it's a pretty good limiting factor for the step
size of dirty_ratelimit.
Note that bdi->dirty_ratelimit is always tracking balanced_dirty_ratelimit.
task_ratelimit is merely used as a limiting factor.
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
2011-08-27 05:53:24 +08:00
|
|
|
unsigned long balanced_dirty_ratelimit;
|
writeback: dirty rate control
It's all about bdi->dirty_ratelimit, which aims to be (write_bw / N)
when there are N dd tasks.
On write() syscall, use bdi->dirty_ratelimit
============================================
balance_dirty_pages(pages_dirtied)
{
task_ratelimit = bdi->dirty_ratelimit * bdi_position_ratio();
pause = pages_dirtied / task_ratelimit;
sleep(pause);
}
On every 200ms, update bdi->dirty_ratelimit
===========================================
bdi_update_dirty_ratelimit()
{
task_ratelimit = bdi->dirty_ratelimit * bdi_position_ratio();
balanced_dirty_ratelimit = task_ratelimit * write_bw / dirty_rate;
bdi->dirty_ratelimit = balanced_dirty_ratelimit
}
Estimation of balanced bdi->dirty_ratelimit
===========================================
balanced task_ratelimit
-----------------------
balance_dirty_pages() needs to throttle tasks dirtying pages such that
the total amount of dirty pages stays below the specified dirty limit in
order to avoid memory deadlocks. Furthermore we desire fairness in that
tasks get throttled proportionally to the amount of pages they dirty.
IOW we want to throttle tasks such that we match the dirty rate to the
writeout bandwidth, this yields a stable amount of dirty pages:
dirty_rate == write_bw (1)
The fairness requirement gives us:
task_ratelimit = balanced_dirty_ratelimit
== write_bw / N (2)
where N is the number of dd tasks. We don't know N beforehand, but
still can estimate balanced_dirty_ratelimit within 200ms.
Start by throttling each dd task at rate
task_ratelimit = task_ratelimit_0 (3)
(any non-zero initial value is OK)
After 200ms, we measured
dirty_rate = # of pages dirtied by all dd's / 200ms
write_bw = # of pages written to the disk / 200ms
For the aggressive dd dirtiers, the equality holds
dirty_rate == N * task_rate
== N * task_ratelimit_0 (4)
Or
task_ratelimit_0 == dirty_rate / N (5)
Now we conclude that the balanced task ratelimit can be estimated by
write_bw
balanced_dirty_ratelimit = task_ratelimit_0 * ---------- (6)
dirty_rate
Because with (4) and (5) we can get the desired equality (1):
write_bw
balanced_dirty_ratelimit == (dirty_rate / N) * ----------
dirty_rate
== write_bw / N
Then using the balanced task ratelimit we can compute task pause times like:
task_pause = task->nr_dirtied / task_ratelimit
task_ratelimit with position control
------------------------------------
However, while the above gives us means of matching the dirty rate to
the writeout bandwidth, it at best provides us with a stable dirty page
count (assuming a static system). In order to control the dirty page
count such that it is high enough to provide performance, but does not
exceed the specified limit we need another control.
The dirty position control works by extending (2) to
task_ratelimit = balanced_dirty_ratelimit * pos_ratio (7)
where pos_ratio is a negative feedback function that subjects to
1) f(setpoint) = 1.0
2) df/dx < 0
That is, if the dirty pages are ABOVE the setpoint, we throttle each
task a bit more HEAVY than balanced_dirty_ratelimit, so that the dirty
pages are created less fast than they are cleaned, thus DROP to the
setpoints (and the reverse).
Based on (7) and the assumption that both dirty_ratelimit and pos_ratio
remains CONSTANT for the past 200ms, we get
task_ratelimit_0 = balanced_dirty_ratelimit * pos_ratio (8)
Putting (8) into (6), we get the formula used in
bdi_update_dirty_ratelimit():
write_bw
balanced_dirty_ratelimit *= pos_ratio * ---------- (9)
dirty_rate
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
2011-06-13 00:51:31 +08:00
|
|
|
|
2012-05-25 00:59:11 +08:00
|
|
|
struct fprop_local_percpu completions;
|
2007-10-17 14:25:50 +08:00
|
|
|
int dirty_exceeded;
|
2008-04-30 15:54:32 +08:00
|
|
|
|
2008-04-30 15:54:35 +08:00
|
|
|
unsigned int min_ratio;
|
2008-04-30 15:54:36 +08:00
|
|
|
unsigned int max_ratio, max_prop_frac;
|
2008-04-30 15:54:35 +08:00
|
|
|
|
2009-09-09 15:08:54 +08:00
|
|
|
struct bdi_writeback wb; /* default writeback info for this bdi */
|
2014-04-04 05:46:23 +08:00
|
|
|
spinlock_t wb_lock; /* protects work_list & wb.dwork scheduling */
|
2008-04-30 15:54:36 +08:00
|
|
|
|
2009-09-09 15:08:54 +08:00
|
|
|
struct list_head work_list;
|
|
|
|
|
|
|
|
struct device *dev;
|
2009-09-02 15:19:46 +08:00
|
|
|
|
2010-04-06 20:25:14 +08:00
|
|
|
struct timer_list laptop_mode_wb_timer;
|
|
|
|
|
2008-04-30 15:54:36 +08:00
|
|
|
#ifdef CONFIG_DEBUG_FS
|
|
|
|
struct dentry *debug_dir;
|
|
|
|
struct dentry *debug_stats;
|
|
|
|
#endif
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
2013-10-15 00:14:13 +08:00
|
|
|
int __must_check bdi_init(struct backing_dev_info *bdi);
|
2007-10-17 14:25:47 +08:00
|
|
|
void bdi_destroy(struct backing_dev_info *bdi);
|
|
|
|
|
2012-11-29 22:37:03 +08:00
|
|
|
__printf(3, 4)
|
2008-04-30 15:54:32 +08:00
|
|
|
int bdi_register(struct backing_dev_info *bdi, struct device *parent,
|
|
|
|
const char *fmt, ...);
|
|
|
|
int bdi_register_dev(struct backing_dev_info *bdi, dev_t dev);
|
|
|
|
void bdi_unregister(struct backing_dev_info *bdi);
|
2013-10-15 00:14:13 +08:00
|
|
|
int __must_check bdi_setup_and_register(struct backing_dev_info *, char *, unsigned int);
|
2011-10-08 11:54:10 +08:00
|
|
|
void bdi_start_writeback(struct backing_dev_info *bdi, long nr_pages,
|
|
|
|
enum wb_reason reason);
|
2010-06-09 00:15:15 +08:00
|
|
|
void bdi_start_background_writeback(struct backing_dev_info *bdi);
|
writeback: replace custom worker pool implementation with unbound workqueue
Writeback implements its own worker pool - each bdi can be associated
with a worker thread which is created and destroyed dynamically. The
worker thread for the default bdi is always present and serves as the
"forker" thread which forks off worker threads for other bdis.
there's no reason for writeback to implement its own worker pool when
using unbound workqueue instead is much simpler and more efficient.
This patch replaces custom worker pool implementation in writeback
with an unbound workqueue.
The conversion isn't too complicated but the followings are worth
mentioning.
* bdi_writeback->last_active, task and wakeup_timer are removed.
delayed_work ->dwork is added instead. Explicit timer handling is
no longer necessary. Everything works by either queueing / modding
/ flushing / canceling the delayed_work item.
* bdi_writeback_thread() becomes bdi_writeback_workfn() which runs off
bdi_writeback->dwork. On each execution, it processes
bdi->work_list and reschedules itself if there are more things to
do.
The function also handles low-mem condition, which used to be
handled by the forker thread. If the function is running off a
rescuer thread, it only writes out limited number of pages so that
the rescuer can serve other bdis too. This preserves the flusher
creation failure behavior of the forker thread.
* INIT_LIST_HEAD(&bdi->bdi_list) is used to tell
bdi_writeback_workfn() about on-going bdi unregistration so that it
always drains work_list even if it's running off the rescuer. Note
that the original code was broken in this regard. Under memory
pressure, a bdi could finish unregistration with non-empty
work_list.
* The default bdi is no longer special. It now is treated the same as
any other bdi and bdi_cap_flush_forker() is removed.
* BDI_pending is no longer used. Removed.
* Some tracepoints become non-applicable. The following TPs are
removed - writeback_nothread, writeback_wake_thread,
writeback_wake_forker_thread, writeback_thread_start,
writeback_thread_stop.
Everything, including devices coming and going away and rescuer
operation under simulated memory pressure, seems to work fine in my
test setup.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Fengguang Wu <fengguang.wu@intel.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
2013-04-02 10:08:06 +08:00
|
|
|
void bdi_writeback_workfn(struct work_struct *work);
|
2009-09-09 15:08:54 +08:00
|
|
|
int bdi_has_dirty_io(struct backing_dev_info *bdi);
|
2010-07-25 19:29:22 +08:00
|
|
|
void bdi_wakeup_thread_delayed(struct backing_dev_info *bdi);
|
2011-04-22 08:19:44 +08:00
|
|
|
void bdi_lock_two(struct bdi_writeback *wb1, struct bdi_writeback *wb2);
|
2008-04-30 15:54:32 +08:00
|
|
|
|
2009-09-09 15:08:54 +08:00
|
|
|
extern spinlock_t bdi_lock;
|
2009-09-02 15:19:46 +08:00
|
|
|
extern struct list_head bdi_list;
|
|
|
|
|
writeback: replace custom worker pool implementation with unbound workqueue
Writeback implements its own worker pool - each bdi can be associated
with a worker thread which is created and destroyed dynamically. The
worker thread for the default bdi is always present and serves as the
"forker" thread which forks off worker threads for other bdis.
there's no reason for writeback to implement its own worker pool when
using unbound workqueue instead is much simpler and more efficient.
This patch replaces custom worker pool implementation in writeback
with an unbound workqueue.
The conversion isn't too complicated but the followings are worth
mentioning.
* bdi_writeback->last_active, task and wakeup_timer are removed.
delayed_work ->dwork is added instead. Explicit timer handling is
no longer necessary. Everything works by either queueing / modding
/ flushing / canceling the delayed_work item.
* bdi_writeback_thread() becomes bdi_writeback_workfn() which runs off
bdi_writeback->dwork. On each execution, it processes
bdi->work_list and reschedules itself if there are more things to
do.
The function also handles low-mem condition, which used to be
handled by the forker thread. If the function is running off a
rescuer thread, it only writes out limited number of pages so that
the rescuer can serve other bdis too. This preserves the flusher
creation failure behavior of the forker thread.
* INIT_LIST_HEAD(&bdi->bdi_list) is used to tell
bdi_writeback_workfn() about on-going bdi unregistration so that it
always drains work_list even if it's running off the rescuer. Note
that the original code was broken in this regard. Under memory
pressure, a bdi could finish unregistration with non-empty
work_list.
* The default bdi is no longer special. It now is treated the same as
any other bdi and bdi_cap_flush_forker() is removed.
* BDI_pending is no longer used. Removed.
* Some tracepoints become non-applicable. The following TPs are
removed - writeback_nothread, writeback_wake_thread,
writeback_wake_forker_thread, writeback_thread_start,
writeback_thread_stop.
Everything, including devices coming and going away and rescuer
operation under simulated memory pressure, seems to work fine in my
test setup.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Fengguang Wu <fengguang.wu@intel.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
2013-04-02 10:08:06 +08:00
|
|
|
extern struct workqueue_struct *bdi_wq;
|
|
|
|
|
2009-09-09 15:08:54 +08:00
|
|
|
static inline int wb_has_dirty_io(struct bdi_writeback *wb)
|
|
|
|
{
|
|
|
|
return !list_empty(&wb->b_dirty) ||
|
|
|
|
!list_empty(&wb->b_io) ||
|
|
|
|
!list_empty(&wb->b_more_io);
|
|
|
|
}
|
|
|
|
|
2007-10-17 14:25:47 +08:00
|
|
|
static inline void __add_bdi_stat(struct backing_dev_info *bdi,
|
|
|
|
enum bdi_stat_item item, s64 amount)
|
|
|
|
{
|
|
|
|
__percpu_counter_add(&bdi->bdi_stat[item], amount, BDI_STAT_BATCH);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void __inc_bdi_stat(struct backing_dev_info *bdi,
|
|
|
|
enum bdi_stat_item item)
|
|
|
|
{
|
|
|
|
__add_bdi_stat(bdi, item, 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void inc_bdi_stat(struct backing_dev_info *bdi,
|
|
|
|
enum bdi_stat_item item)
|
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
local_irq_save(flags);
|
|
|
|
__inc_bdi_stat(bdi, item);
|
|
|
|
local_irq_restore(flags);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void __dec_bdi_stat(struct backing_dev_info *bdi,
|
|
|
|
enum bdi_stat_item item)
|
|
|
|
{
|
|
|
|
__add_bdi_stat(bdi, item, -1);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void dec_bdi_stat(struct backing_dev_info *bdi,
|
|
|
|
enum bdi_stat_item item)
|
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
local_irq_save(flags);
|
|
|
|
__dec_bdi_stat(bdi, item);
|
|
|
|
local_irq_restore(flags);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline s64 bdi_stat(struct backing_dev_info *bdi,
|
|
|
|
enum bdi_stat_item item)
|
|
|
|
{
|
|
|
|
return percpu_counter_read_positive(&bdi->bdi_stat[item]);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline s64 __bdi_stat_sum(struct backing_dev_info *bdi,
|
|
|
|
enum bdi_stat_item item)
|
|
|
|
{
|
|
|
|
return percpu_counter_sum_positive(&bdi->bdi_stat[item]);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline s64 bdi_stat_sum(struct backing_dev_info *bdi,
|
|
|
|
enum bdi_stat_item item)
|
2007-10-17 14:25:46 +08:00
|
|
|
{
|
2007-10-17 14:25:47 +08:00
|
|
|
s64 sum;
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
local_irq_save(flags);
|
|
|
|
sum = __bdi_stat_sum(bdi, item);
|
|
|
|
local_irq_restore(flags);
|
|
|
|
|
|
|
|
return sum;
|
2007-10-17 14:25:46 +08:00
|
|
|
}
|
|
|
|
|
2008-04-30 15:54:37 +08:00
|
|
|
extern void bdi_writeout_inc(struct backing_dev_info *bdi);
|
|
|
|
|
2007-10-17 14:25:47 +08:00
|
|
|
/*
|
|
|
|
* maximal error of a stat counter.
|
|
|
|
*/
|
|
|
|
static inline unsigned long bdi_stat_error(struct backing_dev_info *bdi)
|
2007-10-17 14:25:46 +08:00
|
|
|
{
|
2007-10-17 14:25:47 +08:00
|
|
|
#ifdef CONFIG_SMP
|
|
|
|
return nr_cpu_ids * BDI_STAT_BATCH;
|
|
|
|
#else
|
|
|
|
return 1;
|
|
|
|
#endif
|
2007-10-17 14:25:46 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-04-30 15:54:35 +08:00
|
|
|
int bdi_set_min_ratio(struct backing_dev_info *bdi, unsigned int min_ratio);
|
2008-04-30 15:54:36 +08:00
|
|
|
int bdi_set_max_ratio(struct backing_dev_info *bdi, unsigned int max_ratio);
|
2008-04-30 15:54:35 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Flags in backing_dev_info::capability
|
2008-04-30 15:54:37 +08:00
|
|
|
*
|
|
|
|
* The first three flags control whether dirty pages will contribute to the
|
|
|
|
* VM's accounting and whether writepages() should be called for dirty pages
|
|
|
|
* (something that would not, for example, be appropriate for ramfs)
|
|
|
|
*
|
|
|
|
* WARNING: these flags are closely related and should not normally be
|
|
|
|
* used separately. The BDI_CAP_NO_ACCT_AND_WRITEBACK combines these
|
|
|
|
* three flags into a single convenience macro.
|
|
|
|
*
|
|
|
|
* BDI_CAP_NO_ACCT_DIRTY: Dirty pages shouldn't contribute to accounting
|
|
|
|
* BDI_CAP_NO_WRITEBACK: Don't write pages back
|
|
|
|
* BDI_CAP_NO_ACCT_WB: Don't automatically account writeback pages
|
|
|
|
*
|
|
|
|
* These flags let !MMU mmap() govern direct device mapping vs immediate
|
|
|
|
* copying more easily for MAP_PRIVATE, especially for ROM filesystems.
|
|
|
|
*
|
|
|
|
* BDI_CAP_MAP_COPY: Copy can be mapped (MAP_PRIVATE)
|
|
|
|
* BDI_CAP_MAP_DIRECT: Can be mapped directly (MAP_SHARED)
|
|
|
|
* BDI_CAP_READ_MAP: Can be mapped for reading
|
|
|
|
* BDI_CAP_WRITE_MAP: Can be mapped for writing
|
|
|
|
* BDI_CAP_EXEC_MAP: Can be mapped for execution
|
2008-10-19 11:26:32 +08:00
|
|
|
*
|
|
|
|
* BDI_CAP_SWAP_BACKED: Count shmem/tmpfs objects as swap-backed.
|
mm/page-writeback.c: add strictlimit feature
The feature prevents mistrusted filesystems (ie: FUSE mounts created by
unprivileged users) to grow a large number of dirty pages before
throttling. For such filesystems balance_dirty_pages always check bdi
counters against bdi limits. I.e. even if global "nr_dirty" is under
"freerun", it's not allowed to skip bdi checks. The only use case for now
is fuse: it sets bdi max_ratio to 1% by default and system administrators
are supposed to expect that this limit won't be exceeded.
The feature is on if a BDI is marked by BDI_CAP_STRICTLIMIT flag. A
filesystem may set the flag when it initializes its BDI.
The problematic scenario comes from the fact that nobody pays attention to
the NR_WRITEBACK_TEMP counter (i.e. number of pages under fuse
writeback). The implementation of fuse writeback releases original page
(by calling end_page_writeback) almost immediately. A fuse request queued
for real processing bears a copy of original page. Hence, if userspace
fuse daemon doesn't finalize write requests in timely manner, an
aggressive mmap writer can pollute virtually all memory by those temporary
fuse page copies. They are carefully accounted in NR_WRITEBACK_TEMP, but
nobody cares.
To make further explanations shorter, let me use "NR_WRITEBACK_TEMP
problem" as a shortcut for "a possibility of uncontrolled grow of amount
of RAM consumed by temporary pages allocated by kernel fuse to process
writeback".
The problem was very easy to reproduce. There is a trivial example
filesystem implementation in fuse userspace distribution: fusexmp_fh.c. I
added "sleep(1);" to the write methods, then recompiled and mounted it.
Then created a huge file on the mount point and run a simple program which
mmap-ed the file to a memory region, then wrote a data to the region. An
hour later I observed almost all RAM consumed by fuse writeback. Since
then some unrelated changes in kernel fuse made it more difficult to
reproduce, but it is still possible now.
Putting this theoretical happens-in-the-lab thing aside, there is another
thing that really hurts real world (FUSE) users. This is write-through
page cache policy FUSE currently uses. I.e. handling write(2), kernel
fuse populates page cache and flushes user data to the server
synchronously. This is excessively suboptimal. Pavel Emelyanov's patches
("writeback cache policy") solve the problem, but they also make resolving
NR_WRITEBACK_TEMP problem absolutely necessary. Otherwise, simply copying
a huge file to a fuse mount would result in memory starvation. Miklos,
the maintainer of FUSE, believes strictlimit feature the way to go.
And eventually putting FUSE topics aside, there is one more use-case for
strictlimit feature. Using a slow USB stick (mass storage) in a machine
with huge amount of RAM installed is a well-known pain. Let's make simple
computations. Assuming 64GB of RAM installed, existing implementation of
balance_dirty_pages will start throttling only after 9.6GB of RAM becomes
dirty (freerun == 15% of total RAM). So, the command "cp 9GB_file
/media/my-usb-storage/" may return in a few seconds, but subsequent
"umount /media/my-usb-storage/" will take more than two hours if effective
throughput of the storage is, to say, 1MB/sec.
After inclusion of strictlimit feature, it will be trivial to add a knob
(e.g. /sys/devices/virtual/bdi/x:y/strictlimit) to enable it on demand.
Manually or via udev rule. May be I'm wrong, but it seems to be quite a
natural desire to limit the amount of dirty memory for some devices we are
not fully trust (in the sense of sustainable throughput).
[akpm@linux-foundation.org: fix warning in page-writeback.c]
Signed-off-by: Maxim Patlasov <MPatlasov@parallels.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-09-12 05:22:46 +08:00
|
|
|
*
|
|
|
|
* BDI_CAP_STRICTLIMIT: Keep number of dirty pages below bdi threshold.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2008-04-30 15:54:37 +08:00
|
|
|
#define BDI_CAP_NO_ACCT_DIRTY 0x00000001
|
|
|
|
#define BDI_CAP_NO_WRITEBACK 0x00000002
|
|
|
|
#define BDI_CAP_MAP_COPY 0x00000004
|
|
|
|
#define BDI_CAP_MAP_DIRECT 0x00000008
|
|
|
|
#define BDI_CAP_READ_MAP 0x00000010
|
|
|
|
#define BDI_CAP_WRITE_MAP 0x00000020
|
|
|
|
#define BDI_CAP_EXEC_MAP 0x00000040
|
|
|
|
#define BDI_CAP_NO_ACCT_WB 0x00000080
|
2008-10-19 11:26:32 +08:00
|
|
|
#define BDI_CAP_SWAP_BACKED 0x00000100
|
bdi: allow block devices to say that they require stable page writes
This patchset ("stable page writes, part 2") makes some key
modifications to the original 'stable page writes' patchset. First, it
provides creators (devices and filesystems) of a backing_dev_info a flag
that declares whether or not it is necessary to ensure that page
contents cannot change during writeout. It is no longer assumed that
this is true of all devices (which was never true anyway). Second, the
flag is used to relaxed the wait_on_page_writeback calls so that wait
only occurs if the device needs it. Third, it fixes up the remaining
disk-backed filesystems to use this improved conditional-wait logic to
provide stable page writes on those filesystems.
It is hoped that (for people not using checksumming devices, anyway)
this patchset will give back unnecessary performance decreases since the
original stable page write patchset went into 3.0. Sorry about not
fixing it sooner.
Complaints were registered by several people about the long write
latencies introduced by the original stable page write patchset.
Generally speaking, the kernel ought to allocate as little extra memory
as possible to facilitate writeout, but for people who simply cannot
wait, a second page stability strategy is (re)introduced: snapshotting
page contents. The waiting behavior is still the default strategy; to
enable page snapshotting, a superblock flag (MS_SNAP_STABLE) must be
set. This flag is used to bandaid^Henable stable page writeback on
ext3[1], and is not used anywhere else.
Given that there are already a few storage devices and network FSes that
have rolled their own page stability wait/page snapshot code, it would
be nice to move towards consolidating all of these. It seems possible
that iscsi and raid5 may wish to use the new stable page write support
to enable zero-copy writeout.
Thank you to Jan Kara for helping fix a couple more filesystems.
Per Andrew Morton's request, here are the result of using dbench to measure
latencies on ext2:
3.8.0-rc3:
Operation Count AvgLat MaxLat
----------------------------------------
WriteX 109347 0.028 59.817
ReadX 347180 0.004 3.391
Flush 15514 29.828 287.283
Throughput 57.429 MB/sec 4 clients 4 procs max_latency=287.290 ms
3.8.0-rc3 + patches:
WriteX 105556 0.029 4.273
ReadX 335004 0.005 4.112
Flush 14982 30.540 298.634
Throughput 55.4496 MB/sec 4 clients 4 procs max_latency=298.650 ms
As you can see, for ext2 the maximum write latency decreases from ~60ms
on a laptop hard disk to ~4ms. I'm not sure why the flush latencies
increase, though I suspect that being able to dirty pages faster gives
the flusher more work to do.
On ext4, the average write latency decreases as well as all the maximum
latencies:
3.8.0-rc3:
WriteX 85624 0.152 33.078
ReadX 272090 0.010 61.210
Flush 12129 36.219 168.260
Throughput 44.8618 MB/sec 4 clients 4 procs max_latency=168.276 ms
3.8.0-rc3 + patches:
WriteX 86082 0.141 30.928
ReadX 273358 0.010 36.124
Flush 12214 34.800 165.689
Throughput 44.9941 MB/sec 4 clients 4 procs max_latency=165.722 ms
XFS seems to exhibit similar latency improvements as ext2:
3.8.0-rc3:
WriteX 125739 0.028 104.343
ReadX 399070 0.005 4.115
Flush 17851 25.004 131.390
Throughput 66.0024 MB/sec 4 clients 4 procs max_latency=131.406 ms
3.8.0-rc3 + patches:
WriteX 123529 0.028 6.299
ReadX 392434 0.005 4.287
Flush 17549 25.120 188.687
Throughput 64.9113 MB/sec 4 clients 4 procs max_latency=188.704 ms
...and btrfs, just to round things out, also shows some latency
decreases:
3.8.0-rc3:
WriteX 67122 0.083 82.355
ReadX 212719 0.005 2.828
Flush 9547 47.561 147.418
Throughput 35.3391 MB/sec 4 clients 4 procs max_latency=147.433 ms
3.8.0-rc3 + patches:
WriteX 64898 0.101 71.631
ReadX 206673 0.005 7.123
Flush 9190 47.963 219.034
Throughput 34.0795 MB/sec 4 clients 4 procs max_latency=219.044 ms
Before this patchset, all filesystems would block, regardless of whether
or not it was necessary. ext3 would wait, but still generate occasional
checksum errors. The network filesystems were left to do their own
thing, so they'd wait too.
After this patchset, all the disk filesystems except ext3 and btrfs will
wait only if the hardware requires it. ext3 (if necessary) snapshots
pages instead of blocking, and btrfs provides its own bdi so the mm will
never wait. Network filesystems haven't been touched, so either they
provide their own wait code, or they don't block at all. The blocking
behavior is back to what it was before 3.0 if you don't have a disk
requiring stable page writes.
This patchset has been tested on 3.8.0-rc3 on x64 with ext3, ext4, and
xfs. I've spot-checked 3.8.0-rc4 and seem to be getting the same
results as -rc3.
[1] The alternative fixes to ext3 include fixing the locking order and
page bit handling like we did for ext4 (but then why not just use
ext4?), or setting PG_writeback so early that ext3 becomes extremely
slow. I tried that, but the number of write()s I could initiate dropped
by nearly an order of magnitude. That was a bit much even for the
author of the stable page series! :)
This patch:
Creates a per-backing-device flag that tracks whether or not pages must
be held immutable during writeout. Eventually it will be used to waive
wait_for_page_writeback() if nothing requires stable pages.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Artem Bityutskiy <dedekind1@gmail.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-22 08:42:48 +08:00
|
|
|
#define BDI_CAP_STABLE_WRITES 0x00000200
|
mm/page-writeback.c: add strictlimit feature
The feature prevents mistrusted filesystems (ie: FUSE mounts created by
unprivileged users) to grow a large number of dirty pages before
throttling. For such filesystems balance_dirty_pages always check bdi
counters against bdi limits. I.e. even if global "nr_dirty" is under
"freerun", it's not allowed to skip bdi checks. The only use case for now
is fuse: it sets bdi max_ratio to 1% by default and system administrators
are supposed to expect that this limit won't be exceeded.
The feature is on if a BDI is marked by BDI_CAP_STRICTLIMIT flag. A
filesystem may set the flag when it initializes its BDI.
The problematic scenario comes from the fact that nobody pays attention to
the NR_WRITEBACK_TEMP counter (i.e. number of pages under fuse
writeback). The implementation of fuse writeback releases original page
(by calling end_page_writeback) almost immediately. A fuse request queued
for real processing bears a copy of original page. Hence, if userspace
fuse daemon doesn't finalize write requests in timely manner, an
aggressive mmap writer can pollute virtually all memory by those temporary
fuse page copies. They are carefully accounted in NR_WRITEBACK_TEMP, but
nobody cares.
To make further explanations shorter, let me use "NR_WRITEBACK_TEMP
problem" as a shortcut for "a possibility of uncontrolled grow of amount
of RAM consumed by temporary pages allocated by kernel fuse to process
writeback".
The problem was very easy to reproduce. There is a trivial example
filesystem implementation in fuse userspace distribution: fusexmp_fh.c. I
added "sleep(1);" to the write methods, then recompiled and mounted it.
Then created a huge file on the mount point and run a simple program which
mmap-ed the file to a memory region, then wrote a data to the region. An
hour later I observed almost all RAM consumed by fuse writeback. Since
then some unrelated changes in kernel fuse made it more difficult to
reproduce, but it is still possible now.
Putting this theoretical happens-in-the-lab thing aside, there is another
thing that really hurts real world (FUSE) users. This is write-through
page cache policy FUSE currently uses. I.e. handling write(2), kernel
fuse populates page cache and flushes user data to the server
synchronously. This is excessively suboptimal. Pavel Emelyanov's patches
("writeback cache policy") solve the problem, but they also make resolving
NR_WRITEBACK_TEMP problem absolutely necessary. Otherwise, simply copying
a huge file to a fuse mount would result in memory starvation. Miklos,
the maintainer of FUSE, believes strictlimit feature the way to go.
And eventually putting FUSE topics aside, there is one more use-case for
strictlimit feature. Using a slow USB stick (mass storage) in a machine
with huge amount of RAM installed is a well-known pain. Let's make simple
computations. Assuming 64GB of RAM installed, existing implementation of
balance_dirty_pages will start throttling only after 9.6GB of RAM becomes
dirty (freerun == 15% of total RAM). So, the command "cp 9GB_file
/media/my-usb-storage/" may return in a few seconds, but subsequent
"umount /media/my-usb-storage/" will take more than two hours if effective
throughput of the storage is, to say, 1MB/sec.
After inclusion of strictlimit feature, it will be trivial to add a knob
(e.g. /sys/devices/virtual/bdi/x:y/strictlimit) to enable it on demand.
Manually or via udev rule. May be I'm wrong, but it seems to be quite a
natural desire to limit the amount of dirty memory for some devices we are
not fully trust (in the sense of sustainable throughput).
[akpm@linux-foundation.org: fix warning in page-writeback.c]
Signed-off-by: Maxim Patlasov <MPatlasov@parallels.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-09-12 05:22:46 +08:00
|
|
|
#define BDI_CAP_STRICTLIMIT 0x00000400
|
2008-04-30 15:54:37 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
#define BDI_CAP_VMFLAGS \
|
|
|
|
(BDI_CAP_READ_MAP | BDI_CAP_WRITE_MAP | BDI_CAP_EXEC_MAP)
|
|
|
|
|
2008-04-30 15:54:37 +08:00
|
|
|
#define BDI_CAP_NO_ACCT_AND_WRITEBACK \
|
|
|
|
(BDI_CAP_NO_WRITEBACK | BDI_CAP_NO_ACCT_DIRTY | BDI_CAP_NO_ACCT_WB)
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
#if defined(VM_MAYREAD) && \
|
|
|
|
(BDI_CAP_READ_MAP != VM_MAYREAD || \
|
|
|
|
BDI_CAP_WRITE_MAP != VM_MAYWRITE || \
|
|
|
|
BDI_CAP_EXEC_MAP != VM_MAYEXEC)
|
|
|
|
#error please change backing_dev_info::capabilities flags
|
|
|
|
#endif
|
|
|
|
|
|
|
|
extern struct backing_dev_info default_backing_dev_info;
|
2010-04-25 14:54:42 +08:00
|
|
|
extern struct backing_dev_info noop_backing_dev_info;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
int writeback_in_progress(struct backing_dev_info *bdi);
|
|
|
|
|
|
|
|
static inline int bdi_congested(struct backing_dev_info *bdi, int bdi_bits)
|
|
|
|
{
|
|
|
|
if (bdi->congested_fn)
|
|
|
|
return bdi->congested_fn(bdi->congested_data, bdi_bits);
|
|
|
|
return (bdi->state & bdi_bits);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline int bdi_read_congested(struct backing_dev_info *bdi)
|
|
|
|
{
|
2009-04-06 20:48:01 +08:00
|
|
|
return bdi_congested(bdi, 1 << BDI_sync_congested);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline int bdi_write_congested(struct backing_dev_info *bdi)
|
|
|
|
{
|
2009-04-06 20:48:01 +08:00
|
|
|
return bdi_congested(bdi, 1 << BDI_async_congested);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline int bdi_rw_congested(struct backing_dev_info *bdi)
|
|
|
|
{
|
2009-04-06 20:48:01 +08:00
|
|
|
return bdi_congested(bdi, (1 << BDI_sync_congested) |
|
|
|
|
(1 << BDI_async_congested));
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2009-07-11 22:06:54 +08:00
|
|
|
enum {
|
|
|
|
BLK_RW_ASYNC = 0,
|
|
|
|
BLK_RW_SYNC = 1,
|
|
|
|
};
|
|
|
|
|
2009-07-09 20:52:32 +08:00
|
|
|
void clear_bdi_congested(struct backing_dev_info *bdi, int sync);
|
|
|
|
void set_bdi_congested(struct backing_dev_info *bdi, int sync);
|
|
|
|
long congestion_wait(int sync, long timeout);
|
2010-10-27 05:21:45 +08:00
|
|
|
long wait_iff_congested(struct zone *zone, int sync, long timeout);
|
2012-08-01 07:41:52 +08:00
|
|
|
int pdflush_proc_obsolete(struct ctl_table *table, int write,
|
|
|
|
void __user *buffer, size_t *lenp, loff_t *ppos);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
bdi: allow block devices to say that they require stable page writes
This patchset ("stable page writes, part 2") makes some key
modifications to the original 'stable page writes' patchset. First, it
provides creators (devices and filesystems) of a backing_dev_info a flag
that declares whether or not it is necessary to ensure that page
contents cannot change during writeout. It is no longer assumed that
this is true of all devices (which was never true anyway). Second, the
flag is used to relaxed the wait_on_page_writeback calls so that wait
only occurs if the device needs it. Third, it fixes up the remaining
disk-backed filesystems to use this improved conditional-wait logic to
provide stable page writes on those filesystems.
It is hoped that (for people not using checksumming devices, anyway)
this patchset will give back unnecessary performance decreases since the
original stable page write patchset went into 3.0. Sorry about not
fixing it sooner.
Complaints were registered by several people about the long write
latencies introduced by the original stable page write patchset.
Generally speaking, the kernel ought to allocate as little extra memory
as possible to facilitate writeout, but for people who simply cannot
wait, a second page stability strategy is (re)introduced: snapshotting
page contents. The waiting behavior is still the default strategy; to
enable page snapshotting, a superblock flag (MS_SNAP_STABLE) must be
set. This flag is used to bandaid^Henable stable page writeback on
ext3[1], and is not used anywhere else.
Given that there are already a few storage devices and network FSes that
have rolled their own page stability wait/page snapshot code, it would
be nice to move towards consolidating all of these. It seems possible
that iscsi and raid5 may wish to use the new stable page write support
to enable zero-copy writeout.
Thank you to Jan Kara for helping fix a couple more filesystems.
Per Andrew Morton's request, here are the result of using dbench to measure
latencies on ext2:
3.8.0-rc3:
Operation Count AvgLat MaxLat
----------------------------------------
WriteX 109347 0.028 59.817
ReadX 347180 0.004 3.391
Flush 15514 29.828 287.283
Throughput 57.429 MB/sec 4 clients 4 procs max_latency=287.290 ms
3.8.0-rc3 + patches:
WriteX 105556 0.029 4.273
ReadX 335004 0.005 4.112
Flush 14982 30.540 298.634
Throughput 55.4496 MB/sec 4 clients 4 procs max_latency=298.650 ms
As you can see, for ext2 the maximum write latency decreases from ~60ms
on a laptop hard disk to ~4ms. I'm not sure why the flush latencies
increase, though I suspect that being able to dirty pages faster gives
the flusher more work to do.
On ext4, the average write latency decreases as well as all the maximum
latencies:
3.8.0-rc3:
WriteX 85624 0.152 33.078
ReadX 272090 0.010 61.210
Flush 12129 36.219 168.260
Throughput 44.8618 MB/sec 4 clients 4 procs max_latency=168.276 ms
3.8.0-rc3 + patches:
WriteX 86082 0.141 30.928
ReadX 273358 0.010 36.124
Flush 12214 34.800 165.689
Throughput 44.9941 MB/sec 4 clients 4 procs max_latency=165.722 ms
XFS seems to exhibit similar latency improvements as ext2:
3.8.0-rc3:
WriteX 125739 0.028 104.343
ReadX 399070 0.005 4.115
Flush 17851 25.004 131.390
Throughput 66.0024 MB/sec 4 clients 4 procs max_latency=131.406 ms
3.8.0-rc3 + patches:
WriteX 123529 0.028 6.299
ReadX 392434 0.005 4.287
Flush 17549 25.120 188.687
Throughput 64.9113 MB/sec 4 clients 4 procs max_latency=188.704 ms
...and btrfs, just to round things out, also shows some latency
decreases:
3.8.0-rc3:
WriteX 67122 0.083 82.355
ReadX 212719 0.005 2.828
Flush 9547 47.561 147.418
Throughput 35.3391 MB/sec 4 clients 4 procs max_latency=147.433 ms
3.8.0-rc3 + patches:
WriteX 64898 0.101 71.631
ReadX 206673 0.005 7.123
Flush 9190 47.963 219.034
Throughput 34.0795 MB/sec 4 clients 4 procs max_latency=219.044 ms
Before this patchset, all filesystems would block, regardless of whether
or not it was necessary. ext3 would wait, but still generate occasional
checksum errors. The network filesystems were left to do their own
thing, so they'd wait too.
After this patchset, all the disk filesystems except ext3 and btrfs will
wait only if the hardware requires it. ext3 (if necessary) snapshots
pages instead of blocking, and btrfs provides its own bdi so the mm will
never wait. Network filesystems haven't been touched, so either they
provide their own wait code, or they don't block at all. The blocking
behavior is back to what it was before 3.0 if you don't have a disk
requiring stable page writes.
This patchset has been tested on 3.8.0-rc3 on x64 with ext3, ext4, and
xfs. I've spot-checked 3.8.0-rc4 and seem to be getting the same
results as -rc3.
[1] The alternative fixes to ext3 include fixing the locking order and
page bit handling like we did for ext4 (but then why not just use
ext4?), or setting PG_writeback so early that ext3 becomes extremely
slow. I tried that, but the number of write()s I could initiate dropped
by nearly an order of magnitude. That was a bit much even for the
author of the stable page series! :)
This patch:
Creates a per-backing-device flag that tracks whether or not pages must
be held immutable during writeout. Eventually it will be used to waive
wait_for_page_writeback() if nothing requires stable pages.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Artem Bityutskiy <dedekind1@gmail.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-22 08:42:48 +08:00
|
|
|
static inline bool bdi_cap_stable_pages_required(struct backing_dev_info *bdi)
|
|
|
|
{
|
|
|
|
return bdi->capabilities & BDI_CAP_STABLE_WRITES;
|
|
|
|
}
|
|
|
|
|
2008-04-30 15:54:37 +08:00
|
|
|
static inline bool bdi_cap_writeback_dirty(struct backing_dev_info *bdi)
|
|
|
|
{
|
|
|
|
return !(bdi->capabilities & BDI_CAP_NO_WRITEBACK);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline bool bdi_cap_account_dirty(struct backing_dev_info *bdi)
|
|
|
|
{
|
|
|
|
return !(bdi->capabilities & BDI_CAP_NO_ACCT_DIRTY);
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-04-30 15:54:37 +08:00
|
|
|
static inline bool bdi_cap_account_writeback(struct backing_dev_info *bdi)
|
|
|
|
{
|
|
|
|
/* Paranoia: BDI_CAP_NO_WRITEBACK implies BDI_CAP_NO_ACCT_WB */
|
|
|
|
return !(bdi->capabilities & (BDI_CAP_NO_ACCT_WB |
|
|
|
|
BDI_CAP_NO_WRITEBACK));
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-10-19 11:26:32 +08:00
|
|
|
static inline bool bdi_cap_swap_backed(struct backing_dev_info *bdi)
|
|
|
|
{
|
|
|
|
return bdi->capabilities & BDI_CAP_SWAP_BACKED;
|
|
|
|
}
|
|
|
|
|
2008-04-30 15:54:37 +08:00
|
|
|
static inline bool mapping_cap_writeback_dirty(struct address_space *mapping)
|
|
|
|
{
|
|
|
|
return bdi_cap_writeback_dirty(mapping->backing_dev_info);
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-04-30 15:54:37 +08:00
|
|
|
static inline bool mapping_cap_account_dirty(struct address_space *mapping)
|
|
|
|
{
|
|
|
|
return bdi_cap_account_dirty(mapping->backing_dev_info);
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-10-19 11:26:32 +08:00
|
|
|
static inline bool mapping_cap_swap_backed(struct address_space *mapping)
|
|
|
|
{
|
|
|
|
return bdi_cap_swap_backed(mapping->backing_dev_info);
|
|
|
|
}
|
|
|
|
|
2009-09-09 15:08:54 +08:00
|
|
|
static inline int bdi_sched_wait(void *word)
|
|
|
|
{
|
|
|
|
schedule();
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
#endif /* _LINUX_BACKING_DEV_H */
|