2018-04-04 01:23:33 +08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
2011-03-08 21:14:00 +08:00
|
|
|
/*
|
2012-11-02 23:44:58 +08:00
|
|
|
* Copyright (C) 2011, 2012 STRATO. All rights reserved.
|
2011-03-08 21:14:00 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/blkdev.h>
|
2011-06-14 01:59:12 +08:00
|
|
|
#include <linux/ratelimit.h>
|
2017-06-01 01:21:38 +08:00
|
|
|
#include <linux/sched/mm.h>
|
2019-06-03 22:58:57 +08:00
|
|
|
#include <crypto/hash.h>
|
2011-03-08 21:14:00 +08:00
|
|
|
#include "ctree.h"
|
btrfs: handle empty block_group removal for async discard
block_group removal is a little tricky. It can race with the extent
allocator, the cleaner thread, and balancing. The current path is for a
block_group to be added to the unused_bgs list. Then, when the cleaner
thread comes around, it starts a transaction and then proceeds with
removing the block_group. Extents that are pinned are subsequently
removed from the pinned trees and then eventually a discard is issued
for the entire block_group.
Async discard introduces another player into the game, the discard
workqueue. While it has none of the racing issues, the new problem is
ensuring we don't leave free space untrimmed prior to forgetting the
block_group. This is handled by placing fully free block_groups on a
separate discard queue. This is necessary to maintain discarding order
as in the future we will slowly trim even fully free block_groups. The
ordering helps us make progress on the same block_group rather than say
the last fully freed block_group or needing to search through the fully
freed block groups at the beginning of a list and insert after.
The new order of events is a fully freed block group gets placed on the
unused discard queue first. Once it's processed, it will be placed on
the unusued_bgs list and then the original sequence of events will
happen, just without the final whole block_group discard.
The mount flags can change when processing unused_bgs, so when flipping
from DISCARD to DISCARD_ASYNC, the unused_bgs must be punted to the
discard_list to be trimmed. If we flip off DISCARD_ASYNC, we punt
free block groups on the discard_list to the unused_bg queue which will
do the final discard for us.
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Dennis Zhou <dennis@kernel.org>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2019-12-14 08:22:15 +08:00
|
|
|
#include "discard.h"
|
2011-03-08 21:14:00 +08:00
|
|
|
#include "volumes.h"
|
|
|
|
#include "disk-io.h"
|
|
|
|
#include "ordered-data.h"
|
2011-06-14 02:04:15 +08:00
|
|
|
#include "transaction.h"
|
2011-06-14 01:59:12 +08:00
|
|
|
#include "backref.h"
|
2011-08-05 00:11:04 +08:00
|
|
|
#include "extent_io.h"
|
2012-11-06 18:43:11 +08:00
|
|
|
#include "dev-replace.h"
|
2011-11-09 20:44:05 +08:00
|
|
|
#include "check-integrity.h"
|
2012-06-05 02:03:51 +08:00
|
|
|
#include "rcu-string.h"
|
2013-01-30 07:40:14 +08:00
|
|
|
#include "raid56.h"
|
2019-06-21 03:37:44 +08:00
|
|
|
#include "block-group.h"
|
btrfs: implement log-structured superblock for ZONED mode
Superblock (and its copies) is the only data structure in btrfs which
has a fixed location on a device. Since we cannot overwrite in a
sequential write required zone, we cannot place superblock in the zone.
One easy solution is limiting superblock and copies to be placed only in
conventional zones. However, this method has two downsides: one is
reduced number of superblock copies. The location of the second copy of
superblock is 256GB, which is in a sequential write required zone on
typical devices in the market today. So, the number of superblock and
copies is limited to be two. Second downside is that we cannot support
devices which have no conventional zones at all.
To solve these two problems, we employ superblock log writing. It uses
two adjacent zones as a circular buffer to write updated superblocks.
Once the first zone is filled up, start writing into the second one.
Then, when both zones are filled up and before starting to write to the
first zone again, it reset the first zone.
We can determine the position of the latest superblock by reading write
pointer information from a device. One corner case is when both zones
are full. For this situation, we read out the last superblock of each
zone, and compare them to determine which zone is older.
The following zones are reserved as the circular buffer on ZONED btrfs.
- The primary superblock: zones 0 and 1
- The first copy: zones 16 and 17
- The second copy: zones 1024 or zone at 256GB which is minimum, and
next to it
If these reserved zones are conventional, superblock is written fixed at
the start of the zone without logging.
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-11-10 19:26:14 +08:00
|
|
|
#include "zoned.h"
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* This is only the first step towards a full-features scrub. It reads all
|
|
|
|
* extent and super block and verifies the checksums. In case a bad checksum
|
|
|
|
* is found or the extent cannot be read, good data will be written back if
|
|
|
|
* any can be found.
|
|
|
|
*
|
|
|
|
* Future enhancements:
|
|
|
|
* - In case an unrepairable extent is encountered, track which files are
|
|
|
|
* affected and report them
|
|
|
|
* - track and record media errors, throw out bad devices
|
|
|
|
* - add a mode to also read unallocated space
|
|
|
|
*/
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
struct scrub_block;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
/*
|
|
|
|
* the following three values only influence the performance.
|
|
|
|
* The last one configures the number of parallel and outstanding I/O
|
|
|
|
* operations. The first two values configure an upper limit for the number
|
|
|
|
* of (dynamically allocated) pages that are added to a bio.
|
|
|
|
*/
|
|
|
|
#define SCRUB_PAGES_PER_RD_BIO 32 /* 128k per bio */
|
|
|
|
#define SCRUB_PAGES_PER_WR_BIO 32 /* 128k per bio */
|
|
|
|
#define SCRUB_BIOS_PER_SCTX 64 /* 8MB per device in flight */
|
2012-11-02 21:58:04 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* the following value times PAGE_SIZE needs to be large enough to match the
|
|
|
|
* largest node/leaf/sector size that shall be supported.
|
|
|
|
* Values larger than BTRFS_STRIPE_LEN are not supported.
|
|
|
|
*/
|
2012-03-28 02:21:27 +08:00
|
|
|
#define SCRUB_MAX_PAGES_PER_BLOCK 16 /* 64k per node/leaf/sector */
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2014-10-23 14:42:50 +08:00
|
|
|
struct scrub_recover {
|
2017-03-03 16:55:21 +08:00
|
|
|
refcount_t refs;
|
2021-09-15 15:17:16 +08:00
|
|
|
struct btrfs_io_context *bioc;
|
2014-10-23 14:42:50 +08:00
|
|
|
u64 map_length;
|
|
|
|
};
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
struct scrub_page {
|
2012-03-28 02:21:27 +08:00
|
|
|
struct scrub_block *sblock;
|
|
|
|
struct page *page;
|
2012-05-25 22:06:08 +08:00
|
|
|
struct btrfs_device *dev;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
struct list_head list;
|
2011-03-08 21:14:00 +08:00
|
|
|
u64 flags; /* extent flags */
|
|
|
|
u64 generation;
|
2012-03-28 02:21:27 +08:00
|
|
|
u64 logical;
|
|
|
|
u64 physical;
|
2012-11-06 18:43:11 +08:00
|
|
|
u64 physical_for_dev_replace;
|
2015-01-20 15:11:45 +08:00
|
|
|
atomic_t refs;
|
2020-11-13 20:51:44 +08:00
|
|
|
u8 mirror_num;
|
2021-11-11 03:20:08 +08:00
|
|
|
unsigned int have_csum:1;
|
|
|
|
unsigned int io_error:1;
|
2011-03-08 21:14:00 +08:00
|
|
|
u8 csum[BTRFS_CSUM_SIZE];
|
2014-10-23 14:42:50 +08:00
|
|
|
|
|
|
|
struct scrub_recover *recover;
|
2011-03-08 21:14:00 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct scrub_bio {
|
|
|
|
int index;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx *sctx;
|
2012-11-02 20:26:57 +08:00
|
|
|
struct btrfs_device *dev;
|
2011-03-08 21:14:00 +08:00
|
|
|
struct bio *bio;
|
2017-06-03 15:38:06 +08:00
|
|
|
blk_status_t status;
|
2011-03-08 21:14:00 +08:00
|
|
|
u64 logical;
|
|
|
|
u64 physical;
|
2012-11-06 18:43:11 +08:00
|
|
|
#if SCRUB_PAGES_PER_WR_BIO >= SCRUB_PAGES_PER_RD_BIO
|
|
|
|
struct scrub_page *pagev[SCRUB_PAGES_PER_WR_BIO];
|
|
|
|
#else
|
|
|
|
struct scrub_page *pagev[SCRUB_PAGES_PER_RD_BIO];
|
|
|
|
#endif
|
2012-03-28 02:21:27 +08:00
|
|
|
int page_count;
|
2011-03-08 21:14:00 +08:00
|
|
|
int next_free;
|
|
|
|
struct btrfs_work work;
|
|
|
|
};
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
struct scrub_block {
|
2012-11-02 21:58:04 +08:00
|
|
|
struct scrub_page *pagev[SCRUB_MAX_PAGES_PER_BLOCK];
|
2012-03-28 02:21:27 +08:00
|
|
|
int page_count;
|
|
|
|
atomic_t outstanding_pages;
|
2017-03-03 16:55:23 +08:00
|
|
|
refcount_t refs; /* free mem on transition to zero */
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx *sctx;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
struct scrub_parity *sparity;
|
2012-03-28 02:21:27 +08:00
|
|
|
struct {
|
|
|
|
unsigned int header_error:1;
|
|
|
|
unsigned int checksum_error:1;
|
|
|
|
unsigned int no_io_error_seen:1;
|
2012-05-25 22:06:08 +08:00
|
|
|
unsigned int generation_error:1; /* also sets header_error */
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
|
|
|
|
/* The following is for the data used to check parity */
|
|
|
|
/* It is for the data with checksum */
|
|
|
|
unsigned int data_corrected:1;
|
2012-03-28 02:21:27 +08:00
|
|
|
};
|
2015-06-20 02:52:51 +08:00
|
|
|
struct btrfs_work work;
|
2012-03-28 02:21:27 +08:00
|
|
|
};
|
|
|
|
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
/* Used for the chunks with parity stripe such RAID5/6 */
|
|
|
|
struct scrub_parity {
|
|
|
|
struct scrub_ctx *sctx;
|
|
|
|
|
|
|
|
struct btrfs_device *scrub_dev;
|
|
|
|
|
|
|
|
u64 logic_start;
|
|
|
|
|
|
|
|
u64 logic_end;
|
|
|
|
|
|
|
|
int nsectors;
|
|
|
|
|
2020-12-02 14:48:07 +08:00
|
|
|
u32 stripe_len;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
|
2017-03-03 16:55:24 +08:00
|
|
|
refcount_t refs;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
|
|
|
|
struct list_head spages;
|
|
|
|
|
|
|
|
/* Work of parity check and repair */
|
|
|
|
struct btrfs_work work;
|
|
|
|
|
|
|
|
/* Mark the parity blocks which have data */
|
|
|
|
unsigned long *dbitmap;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Mark the parity blocks which have data, but errors happen when
|
|
|
|
* read data or check data
|
|
|
|
*/
|
|
|
|
unsigned long *ebitmap;
|
|
|
|
|
2020-03-07 06:13:33 +08:00
|
|
|
unsigned long bitmap[];
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
};
|
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx {
|
2012-11-06 18:43:11 +08:00
|
|
|
struct scrub_bio *bios[SCRUB_BIOS_PER_SCTX];
|
2016-06-23 06:54:56 +08:00
|
|
|
struct btrfs_fs_info *fs_info;
|
2011-03-08 21:14:00 +08:00
|
|
|
int first_free;
|
|
|
|
int curr;
|
2012-11-02 23:44:58 +08:00
|
|
|
atomic_t bios_in_flight;
|
|
|
|
atomic_t workers_pending;
|
2011-03-08 21:14:00 +08:00
|
|
|
spinlock_t list_lock;
|
|
|
|
wait_queue_head_t list_wait;
|
|
|
|
struct list_head csum_list;
|
|
|
|
atomic_t cancel_req;
|
2011-03-23 23:34:19 +08:00
|
|
|
int readonly;
|
2012-11-06 18:43:11 +08:00
|
|
|
int pages_per_rd_bio;
|
2012-11-06 01:29:28 +08:00
|
|
|
|
2019-10-09 19:58:13 +08:00
|
|
|
/* State of IO submission throttling affecting the associated device */
|
|
|
|
ktime_t throttle_deadline;
|
|
|
|
u64 throttle_sent;
|
|
|
|
|
2012-11-06 01:29:28 +08:00
|
|
|
int is_dev_replace;
|
2021-02-04 18:22:13 +08:00
|
|
|
u64 write_pointer;
|
2017-05-17 01:10:32 +08:00
|
|
|
|
|
|
|
struct scrub_bio *wr_curr_bio;
|
|
|
|
struct mutex wr_lock;
|
|
|
|
int pages_per_wr_bio; /* <= SCRUB_PAGES_PER_WR_BIO */
|
|
|
|
struct btrfs_device *wr_tgtdev;
|
2017-03-31 23:12:51 +08:00
|
|
|
bool flush_all_writes;
|
2012-11-06 01:29:28 +08:00
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
/*
|
|
|
|
* statistics
|
|
|
|
*/
|
|
|
|
struct btrfs_scrub_progress stat;
|
|
|
|
spinlock_t stat_lock;
|
2015-02-10 05:14:24 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Use a ref counter to avoid use-after-free issues. Scrub workers
|
|
|
|
* decrement bios_in_flight and workers_pending and then do a wakeup
|
|
|
|
* on the list_wait wait queue. We must ensure the main scrub task
|
|
|
|
* doesn't free the scrub context before or while the workers are
|
|
|
|
* doing the wakeup() call.
|
|
|
|
*/
|
2017-03-03 16:55:25 +08:00
|
|
|
refcount_t refs;
|
2011-03-08 21:14:00 +08:00
|
|
|
};
|
|
|
|
|
2011-06-14 01:59:12 +08:00
|
|
|
struct scrub_warning {
|
|
|
|
struct btrfs_path *path;
|
|
|
|
u64 extent_item_size;
|
|
|
|
const char *errstr;
|
2017-10-04 23:07:07 +08:00
|
|
|
u64 physical;
|
2011-06-14 01:59:12 +08:00
|
|
|
u64 logical;
|
|
|
|
struct btrfs_device *dev;
|
|
|
|
};
|
|
|
|
|
2017-04-14 08:35:54 +08:00
|
|
|
struct full_stripe_lock {
|
|
|
|
struct rb_node node;
|
|
|
|
u64 logical;
|
|
|
|
u64 refs;
|
|
|
|
struct mutex mutex;
|
|
|
|
};
|
|
|
|
|
2015-01-20 15:11:42 +08:00
|
|
|
static int scrub_setup_recheck_block(struct scrub_block *original_sblock,
|
2012-11-06 18:43:11 +08:00
|
|
|
struct scrub_block *sblocks_for_recheck);
|
2012-11-02 23:16:26 +08:00
|
|
|
static void scrub_recheck_block(struct btrfs_fs_info *fs_info,
|
2015-08-24 21:32:06 +08:00
|
|
|
struct scrub_block *sblock,
|
|
|
|
int retry_failed_mirror);
|
2015-08-24 21:18:02 +08:00
|
|
|
static void scrub_recheck_block_checksum(struct scrub_block *sblock);
|
2012-03-28 02:21:27 +08:00
|
|
|
static int scrub_repair_block_from_good_copy(struct scrub_block *sblock_bad,
|
2015-01-20 15:11:36 +08:00
|
|
|
struct scrub_block *sblock_good);
|
2012-03-28 02:21:27 +08:00
|
|
|
static int scrub_repair_page_from_good_copy(struct scrub_block *sblock_bad,
|
|
|
|
struct scrub_block *sblock_good,
|
|
|
|
int page_num, int force_write);
|
2012-11-06 18:43:11 +08:00
|
|
|
static void scrub_write_block_to_dev_replace(struct scrub_block *sblock);
|
|
|
|
static int scrub_write_page_to_dev_replace(struct scrub_block *sblock,
|
|
|
|
int page_num);
|
2012-03-28 02:21:27 +08:00
|
|
|
static int scrub_checksum_data(struct scrub_block *sblock);
|
|
|
|
static int scrub_checksum_tree_block(struct scrub_block *sblock);
|
|
|
|
static int scrub_checksum_super(struct scrub_block *sblock);
|
|
|
|
static void scrub_block_put(struct scrub_block *sblock);
|
2012-11-02 21:58:04 +08:00
|
|
|
static void scrub_page_get(struct scrub_page *spage);
|
|
|
|
static void scrub_page_put(struct scrub_page *spage);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
static void scrub_parity_get(struct scrub_parity *sparity);
|
|
|
|
static void scrub_parity_put(struct scrub_parity *sparity);
|
2020-12-02 14:48:07 +08:00
|
|
|
static int scrub_pages(struct scrub_ctx *sctx, u64 logical, u32 len,
|
2012-11-02 20:26:57 +08:00
|
|
|
u64 physical, struct btrfs_device *dev, u64 flags,
|
2020-11-03 21:31:02 +08:00
|
|
|
u64 gen, int mirror_num, u8 *csum,
|
2012-11-06 18:43:11 +08:00
|
|
|
u64 physical_for_dev_replace);
|
2015-07-20 21:29:37 +08:00
|
|
|
static void scrub_bio_end_io(struct bio *bio);
|
2012-03-28 02:21:27 +08:00
|
|
|
static void scrub_bio_end_io_worker(struct btrfs_work *work);
|
|
|
|
static void scrub_block_complete(struct scrub_block *sblock);
|
2012-11-06 18:43:11 +08:00
|
|
|
static void scrub_remap_extent(struct btrfs_fs_info *fs_info,
|
2020-12-02 14:48:07 +08:00
|
|
|
u64 extent_logical, u32 extent_len,
|
2012-11-06 18:43:11 +08:00
|
|
|
u64 *extent_physical,
|
|
|
|
struct btrfs_device **extent_dev,
|
|
|
|
int *extent_mirror_num);
|
|
|
|
static int scrub_add_page_to_wr_bio(struct scrub_ctx *sctx,
|
|
|
|
struct scrub_page *spage);
|
|
|
|
static void scrub_wr_submit(struct scrub_ctx *sctx);
|
2015-07-20 21:29:37 +08:00
|
|
|
static void scrub_wr_bio_end_io(struct bio *bio);
|
2012-11-06 18:43:11 +08:00
|
|
|
static void scrub_wr_bio_end_io_worker(struct btrfs_work *work);
|
2015-02-10 05:14:24 +08:00
|
|
|
static void scrub_put_ctx(struct scrub_ctx *sctx);
|
2012-03-28 02:21:26 +08:00
|
|
|
|
2020-11-03 21:31:01 +08:00
|
|
|
static inline int scrub_is_page_on_raid56(struct scrub_page *spage)
|
Btrfs: fix scrub to repair raid6 corruption
The raid6 corruption is that,
suppose that all disks can be read without problems and if the content
that was read out doesn't match its checksum, currently for raid6
btrfs at most retries twice,
- the 1st retry is to rebuild with all other stripes, it'll eventually
be a raid5 xor rebuild,
- if the 1st fails, the 2nd retry will deliberately fail parity p so
that it will do raid6 style rebuild,
however, the chances are that another non-parity stripe content also
has something corrupted, so that the above retries are not able to
return correct content.
We've fixed normal reads to rebuild raid6 correctly with more retries
in Patch "Btrfs: make raid6 rebuild retry more"[1], this is to fix
scrub to do the exactly same rebuild process.
[1]: https://patchwork.kernel.org/patch/10091755/
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-01-03 04:36:42 +08:00
|
|
|
{
|
2020-11-03 21:31:01 +08:00
|
|
|
return spage->recover &&
|
2021-09-15 15:17:16 +08:00
|
|
|
(spage->recover->bioc->map_type & BTRFS_BLOCK_GROUP_RAID56_MASK);
|
Btrfs: fix scrub to repair raid6 corruption
The raid6 corruption is that,
suppose that all disks can be read without problems and if the content
that was read out doesn't match its checksum, currently for raid6
btrfs at most retries twice,
- the 1st retry is to rebuild with all other stripes, it'll eventually
be a raid5 xor rebuild,
- if the 1st fails, the 2nd retry will deliberately fail parity p so
that it will do raid6 style rebuild,
however, the chances are that another non-parity stripe content also
has something corrupted, so that the above retries are not able to
return correct content.
We've fixed normal reads to rebuild raid6 correctly with more retries
in Patch "Btrfs: make raid6 rebuild retry more"[1], this is to fix
scrub to do the exactly same rebuild process.
[1]: https://patchwork.kernel.org/patch/10091755/
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-01-03 04:36:42 +08:00
|
|
|
}
|
2012-03-28 02:21:26 +08:00
|
|
|
|
2012-11-02 23:44:58 +08:00
|
|
|
static void scrub_pending_bio_inc(struct scrub_ctx *sctx)
|
|
|
|
{
|
2017-03-03 16:55:25 +08:00
|
|
|
refcount_inc(&sctx->refs);
|
2012-11-02 23:44:58 +08:00
|
|
|
atomic_inc(&sctx->bios_in_flight);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void scrub_pending_bio_dec(struct scrub_ctx *sctx)
|
|
|
|
{
|
|
|
|
atomic_dec(&sctx->bios_in_flight);
|
|
|
|
wake_up(&sctx->list_wait);
|
2015-02-10 05:14:24 +08:00
|
|
|
scrub_put_ctx(sctx);
|
2012-11-02 23:44:58 +08:00
|
|
|
}
|
|
|
|
|
2013-12-04 21:16:53 +08:00
|
|
|
static void __scrub_blocked_if_needed(struct btrfs_fs_info *fs_info)
|
2013-12-04 21:15:19 +08:00
|
|
|
{
|
|
|
|
while (atomic_read(&fs_info->scrub_pause_req)) {
|
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
wait_event(fs_info->scrub_pause_wait,
|
|
|
|
atomic_read(&fs_info->scrub_pause_req) == 0);
|
|
|
|
mutex_lock(&fs_info->scrub_lock);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-08-05 16:43:28 +08:00
|
|
|
static void scrub_pause_on(struct btrfs_fs_info *fs_info)
|
2013-12-04 21:16:53 +08:00
|
|
|
{
|
|
|
|
atomic_inc(&fs_info->scrubs_paused);
|
|
|
|
wake_up(&fs_info->scrub_pause_wait);
|
2015-08-05 16:43:28 +08:00
|
|
|
}
|
2013-12-04 21:16:53 +08:00
|
|
|
|
2015-08-05 16:43:28 +08:00
|
|
|
static void scrub_pause_off(struct btrfs_fs_info *fs_info)
|
|
|
|
{
|
2013-12-04 21:16:53 +08:00
|
|
|
mutex_lock(&fs_info->scrub_lock);
|
|
|
|
__scrub_blocked_if_needed(fs_info);
|
|
|
|
atomic_dec(&fs_info->scrubs_paused);
|
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
|
|
|
|
wake_up(&fs_info->scrub_pause_wait);
|
|
|
|
}
|
|
|
|
|
2015-08-05 16:43:28 +08:00
|
|
|
static void scrub_blocked_if_needed(struct btrfs_fs_info *fs_info)
|
|
|
|
{
|
|
|
|
scrub_pause_on(fs_info);
|
|
|
|
scrub_pause_off(fs_info);
|
|
|
|
}
|
|
|
|
|
2017-04-14 08:35:54 +08:00
|
|
|
/*
|
|
|
|
* Insert new full stripe lock into full stripe locks tree
|
|
|
|
*
|
|
|
|
* Return pointer to existing or newly inserted full_stripe_lock structure if
|
|
|
|
* everything works well.
|
|
|
|
* Return ERR_PTR(-ENOMEM) if we failed to allocate memory
|
|
|
|
*
|
|
|
|
* NOTE: caller must hold full_stripe_locks_root->lock before calling this
|
|
|
|
* function
|
|
|
|
*/
|
|
|
|
static struct full_stripe_lock *insert_full_stripe_lock(
|
|
|
|
struct btrfs_full_stripe_locks_tree *locks_root,
|
|
|
|
u64 fstripe_logical)
|
|
|
|
{
|
|
|
|
struct rb_node **p;
|
|
|
|
struct rb_node *parent = NULL;
|
|
|
|
struct full_stripe_lock *entry;
|
|
|
|
struct full_stripe_lock *ret;
|
|
|
|
|
2018-03-16 09:21:22 +08:00
|
|
|
lockdep_assert_held(&locks_root->lock);
|
2017-04-14 08:35:54 +08:00
|
|
|
|
|
|
|
p = &locks_root->root.rb_node;
|
|
|
|
while (*p) {
|
|
|
|
parent = *p;
|
|
|
|
entry = rb_entry(parent, struct full_stripe_lock, node);
|
|
|
|
if (fstripe_logical < entry->logical) {
|
|
|
|
p = &(*p)->rb_left;
|
|
|
|
} else if (fstripe_logical > entry->logical) {
|
|
|
|
p = &(*p)->rb_right;
|
|
|
|
} else {
|
|
|
|
entry->refs++;
|
|
|
|
return entry;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Btrfs: fix deadlock with memory reclaim during scrub
When a transaction commit starts, it attempts to pause scrub and it blocks
until the scrub is paused. So while the transaction is blocked waiting for
scrub to pause, we can not do memory allocation with GFP_KERNEL from scrub,
otherwise we risk getting into a deadlock with reclaim.
Checking for scrub pause requests is done early at the beginning of the
while loop of scrub_stripe() and later in the loop, scrub_extent() and
scrub_raid56_parity() are called, which in turn call scrub_pages() and
scrub_pages_for_parity() respectively. These last two functions do memory
allocations using GFP_KERNEL. Same problem could happen while scrubbing
the super blocks, since it calls scrub_pages().
We also can not have any of the worker tasks, created by the scrub task,
doing GFP_KERNEL allocations, because before pausing, the scrub task waits
for all the worker tasks to complete (also done at scrub_stripe()).
So make sure GFP_NOFS is used for the memory allocations because at any
time a scrub pause request can happen from another task that started to
commit a transaction.
Fixes: 58c4e173847a ("btrfs: scrub: use GFP_KERNEL on the submission path")
CC: stable@vger.kernel.org # 4.6+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-11-27 04:07:17 +08:00
|
|
|
/*
|
|
|
|
* Insert new lock.
|
|
|
|
*/
|
2017-04-14 08:35:54 +08:00
|
|
|
ret = kmalloc(sizeof(*ret), GFP_KERNEL);
|
|
|
|
if (!ret)
|
|
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
ret->logical = fstripe_logical;
|
|
|
|
ret->refs = 1;
|
|
|
|
mutex_init(&ret->mutex);
|
|
|
|
|
|
|
|
rb_link_node(&ret->node, parent, p);
|
|
|
|
rb_insert_color(&ret->node, &locks_root->root);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Search for a full stripe lock of a block group
|
|
|
|
*
|
|
|
|
* Return pointer to existing full stripe lock if found
|
|
|
|
* Return NULL if not found
|
|
|
|
*/
|
|
|
|
static struct full_stripe_lock *search_full_stripe_lock(
|
|
|
|
struct btrfs_full_stripe_locks_tree *locks_root,
|
|
|
|
u64 fstripe_logical)
|
|
|
|
{
|
|
|
|
struct rb_node *node;
|
|
|
|
struct full_stripe_lock *entry;
|
|
|
|
|
2018-03-16 09:21:22 +08:00
|
|
|
lockdep_assert_held(&locks_root->lock);
|
2017-04-14 08:35:54 +08:00
|
|
|
|
|
|
|
node = locks_root->root.rb_node;
|
|
|
|
while (node) {
|
|
|
|
entry = rb_entry(node, struct full_stripe_lock, node);
|
|
|
|
if (fstripe_logical < entry->logical)
|
|
|
|
node = node->rb_left;
|
|
|
|
else if (fstripe_logical > entry->logical)
|
|
|
|
node = node->rb_right;
|
|
|
|
else
|
|
|
|
return entry;
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Helper to get full stripe logical from a normal bytenr.
|
|
|
|
*
|
|
|
|
* Caller must ensure @cache is a RAID56 block group.
|
|
|
|
*/
|
2019-10-30 02:20:18 +08:00
|
|
|
static u64 get_full_stripe_logical(struct btrfs_block_group *cache, u64 bytenr)
|
2017-04-14 08:35:54 +08:00
|
|
|
{
|
|
|
|
u64 ret;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Due to chunk item size limit, full stripe length should not be
|
|
|
|
* larger than U32_MAX. Just a sanity check here.
|
|
|
|
*/
|
|
|
|
WARN_ON_ONCE(cache->full_stripe_len >= U32_MAX);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* round_down() can only handle power of 2, while RAID56 full
|
|
|
|
* stripe length can be 64KiB * n, so we need to manually round down.
|
|
|
|
*/
|
2019-10-24 00:48:22 +08:00
|
|
|
ret = div64_u64(bytenr - cache->start, cache->full_stripe_len) *
|
|
|
|
cache->full_stripe_len + cache->start;
|
2017-04-14 08:35:54 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Lock a full stripe to avoid concurrency of recovery and read
|
|
|
|
*
|
|
|
|
* It's only used for profiles with parities (RAID5/6), for other profiles it
|
|
|
|
* does nothing.
|
|
|
|
*
|
|
|
|
* Return 0 if we locked full stripe covering @bytenr, with a mutex held.
|
|
|
|
* So caller must call unlock_full_stripe() at the same context.
|
|
|
|
*
|
|
|
|
* Return <0 if encounters error.
|
|
|
|
*/
|
|
|
|
static int lock_full_stripe(struct btrfs_fs_info *fs_info, u64 bytenr,
|
|
|
|
bool *locked_ret)
|
|
|
|
{
|
2019-10-30 02:20:18 +08:00
|
|
|
struct btrfs_block_group *bg_cache;
|
2017-04-14 08:35:54 +08:00
|
|
|
struct btrfs_full_stripe_locks_tree *locks_root;
|
|
|
|
struct full_stripe_lock *existing;
|
|
|
|
u64 fstripe_start;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
*locked_ret = false;
|
|
|
|
bg_cache = btrfs_lookup_block_group(fs_info, bytenr);
|
|
|
|
if (!bg_cache) {
|
|
|
|
ASSERT(0);
|
|
|
|
return -ENOENT;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Profiles not based on parity don't need full stripe lock */
|
|
|
|
if (!(bg_cache->flags & BTRFS_BLOCK_GROUP_RAID56_MASK))
|
|
|
|
goto out;
|
|
|
|
locks_root = &bg_cache->full_stripe_locks_root;
|
|
|
|
|
|
|
|
fstripe_start = get_full_stripe_logical(bg_cache, bytenr);
|
|
|
|
|
|
|
|
/* Now insert the full stripe lock */
|
|
|
|
mutex_lock(&locks_root->lock);
|
|
|
|
existing = insert_full_stripe_lock(locks_root, fstripe_start);
|
|
|
|
mutex_unlock(&locks_root->lock);
|
|
|
|
if (IS_ERR(existing)) {
|
|
|
|
ret = PTR_ERR(existing);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
mutex_lock(&existing->mutex);
|
|
|
|
*locked_ret = true;
|
|
|
|
out:
|
|
|
|
btrfs_put_block_group(bg_cache);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Unlock a full stripe.
|
|
|
|
*
|
|
|
|
* NOTE: Caller must ensure it's the same context calling corresponding
|
|
|
|
* lock_full_stripe().
|
|
|
|
*
|
|
|
|
* Return 0 if we unlock full stripe without problem.
|
|
|
|
* Return <0 for error
|
|
|
|
*/
|
|
|
|
static int unlock_full_stripe(struct btrfs_fs_info *fs_info, u64 bytenr,
|
|
|
|
bool locked)
|
|
|
|
{
|
2019-10-30 02:20:18 +08:00
|
|
|
struct btrfs_block_group *bg_cache;
|
2017-04-14 08:35:54 +08:00
|
|
|
struct btrfs_full_stripe_locks_tree *locks_root;
|
|
|
|
struct full_stripe_lock *fstripe_lock;
|
|
|
|
u64 fstripe_start;
|
|
|
|
bool freeit = false;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
/* If we didn't acquire full stripe lock, no need to continue */
|
|
|
|
if (!locked)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
bg_cache = btrfs_lookup_block_group(fs_info, bytenr);
|
|
|
|
if (!bg_cache) {
|
|
|
|
ASSERT(0);
|
|
|
|
return -ENOENT;
|
|
|
|
}
|
|
|
|
if (!(bg_cache->flags & BTRFS_BLOCK_GROUP_RAID56_MASK))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
locks_root = &bg_cache->full_stripe_locks_root;
|
|
|
|
fstripe_start = get_full_stripe_logical(bg_cache, bytenr);
|
|
|
|
|
|
|
|
mutex_lock(&locks_root->lock);
|
|
|
|
fstripe_lock = search_full_stripe_lock(locks_root, fstripe_start);
|
|
|
|
/* Unpaired unlock_full_stripe() detected */
|
|
|
|
if (!fstripe_lock) {
|
|
|
|
WARN_ON(1);
|
|
|
|
ret = -ENOENT;
|
|
|
|
mutex_unlock(&locks_root->lock);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fstripe_lock->refs == 0) {
|
|
|
|
WARN_ON(1);
|
|
|
|
btrfs_warn(fs_info, "full stripe lock at %llu refcount underflow",
|
|
|
|
fstripe_lock->logical);
|
|
|
|
} else {
|
|
|
|
fstripe_lock->refs--;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fstripe_lock->refs == 0) {
|
|
|
|
rb_erase(&fstripe_lock->node, &locks_root->root);
|
|
|
|
freeit = true;
|
|
|
|
}
|
|
|
|
mutex_unlock(&locks_root->lock);
|
|
|
|
|
|
|
|
mutex_unlock(&fstripe_lock->mutex);
|
|
|
|
if (freeit)
|
|
|
|
kfree(fstripe_lock);
|
|
|
|
out:
|
|
|
|
btrfs_put_block_group(bg_cache);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
static void scrub_free_csums(struct scrub_ctx *sctx)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
while (!list_empty(&sctx->csum_list)) {
|
2011-03-08 21:14:00 +08:00
|
|
|
struct btrfs_ordered_sum *sum;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
sum = list_first_entry(&sctx->csum_list,
|
2011-03-08 21:14:00 +08:00
|
|
|
struct btrfs_ordered_sum, list);
|
|
|
|
list_del(&sum->list);
|
|
|
|
kfree(sum);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
static noinline_for_stack void scrub_free_ctx(struct scrub_ctx *sctx)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
if (!sctx)
|
2011-03-08 21:14:00 +08:00
|
|
|
return;
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
/* this can happen when scrub is cancelled */
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
if (sctx->curr != -1) {
|
|
|
|
struct scrub_bio *sbio = sctx->bios[sctx->curr];
|
2012-03-28 02:21:27 +08:00
|
|
|
|
|
|
|
for (i = 0; i < sbio->page_count; i++) {
|
2012-11-06 18:43:11 +08:00
|
|
|
WARN_ON(!sbio->pagev[i]->page);
|
2012-03-28 02:21:27 +08:00
|
|
|
scrub_block_put(sbio->pagev[i]->sblock);
|
|
|
|
}
|
|
|
|
bio_put(sbio->bio);
|
|
|
|
}
|
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
for (i = 0; i < SCRUB_BIOS_PER_SCTX; ++i) {
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_bio *sbio = sctx->bios[i];
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
if (!sbio)
|
|
|
|
break;
|
|
|
|
kfree(sbio);
|
|
|
|
}
|
|
|
|
|
2017-05-17 01:10:32 +08:00
|
|
|
kfree(sctx->wr_curr_bio);
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
scrub_free_csums(sctx);
|
|
|
|
kfree(sctx);
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2015-02-10 05:14:24 +08:00
|
|
|
static void scrub_put_ctx(struct scrub_ctx *sctx)
|
|
|
|
{
|
2017-03-03 16:55:25 +08:00
|
|
|
if (refcount_dec_and_test(&sctx->refs))
|
2015-02-10 05:14:24 +08:00
|
|
|
scrub_free_ctx(sctx);
|
|
|
|
}
|
|
|
|
|
2018-12-04 23:11:55 +08:00
|
|
|
static noinline_for_stack struct scrub_ctx *scrub_setup_ctx(
|
|
|
|
struct btrfs_fs_info *fs_info, int is_dev_replace)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx *sctx;
|
2011-03-08 21:14:00 +08:00
|
|
|
int i;
|
|
|
|
|
2016-02-11 17:49:42 +08:00
|
|
|
sctx = kzalloc(sizeof(*sctx), GFP_KERNEL);
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
if (!sctx)
|
2011-03-08 21:14:00 +08:00
|
|
|
goto nomem;
|
2017-03-03 16:55:25 +08:00
|
|
|
refcount_set(&sctx->refs, 1);
|
2012-11-06 01:29:28 +08:00
|
|
|
sctx->is_dev_replace = is_dev_replace;
|
2015-05-19 20:31:01 +08:00
|
|
|
sctx->pages_per_rd_bio = SCRUB_PAGES_PER_RD_BIO;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
sctx->curr = -1;
|
2018-12-04 23:11:55 +08:00
|
|
|
sctx->fs_info = fs_info;
|
2019-02-19 10:56:43 +08:00
|
|
|
INIT_LIST_HEAD(&sctx->csum_list);
|
2012-11-06 18:43:11 +08:00
|
|
|
for (i = 0; i < SCRUB_BIOS_PER_SCTX; ++i) {
|
2011-03-08 21:14:00 +08:00
|
|
|
struct scrub_bio *sbio;
|
|
|
|
|
2016-02-11 17:49:42 +08:00
|
|
|
sbio = kzalloc(sizeof(*sbio), GFP_KERNEL);
|
2011-03-08 21:14:00 +08:00
|
|
|
if (!sbio)
|
|
|
|
goto nomem;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
sctx->bios[i] = sbio;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
sbio->index = i;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
sbio->sctx = sctx;
|
2012-03-28 02:21:27 +08:00
|
|
|
sbio->page_count = 0;
|
2019-09-17 02:30:57 +08:00
|
|
|
btrfs_init_work(&sbio->work, scrub_bio_end_io_worker, NULL,
|
|
|
|
NULL);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
if (i != SCRUB_BIOS_PER_SCTX - 1)
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
sctx->bios[i]->next_free = i + 1;
|
2011-06-14 02:04:15 +08:00
|
|
|
else
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
sctx->bios[i]->next_free = -1;
|
|
|
|
}
|
|
|
|
sctx->first_free = 0;
|
2012-11-02 23:44:58 +08:00
|
|
|
atomic_set(&sctx->bios_in_flight, 0);
|
|
|
|
atomic_set(&sctx->workers_pending, 0);
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
atomic_set(&sctx->cancel_req, 0);
|
|
|
|
|
|
|
|
spin_lock_init(&sctx->list_lock);
|
|
|
|
spin_lock_init(&sctx->stat_lock);
|
|
|
|
init_waitqueue_head(&sctx->list_wait);
|
2019-10-09 19:58:13 +08:00
|
|
|
sctx->throttle_deadline = 0;
|
2012-11-06 18:43:11 +08:00
|
|
|
|
2017-05-17 01:10:32 +08:00
|
|
|
WARN_ON(sctx->wr_curr_bio != NULL);
|
|
|
|
mutex_init(&sctx->wr_lock);
|
|
|
|
sctx->wr_curr_bio = NULL;
|
2017-05-17 01:10:23 +08:00
|
|
|
if (is_dev_replace) {
|
2017-06-26 21:19:00 +08:00
|
|
|
WARN_ON(!fs_info->dev_replace.tgtdev);
|
2017-05-17 01:10:32 +08:00
|
|
|
sctx->pages_per_wr_bio = SCRUB_PAGES_PER_WR_BIO;
|
2017-06-26 21:19:00 +08:00
|
|
|
sctx->wr_tgtdev = fs_info->dev_replace.tgtdev;
|
2017-03-31 23:12:51 +08:00
|
|
|
sctx->flush_all_writes = false;
|
2012-11-06 18:43:11 +08:00
|
|
|
}
|
2017-05-17 01:10:23 +08:00
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
return sctx;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
nomem:
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
scrub_free_ctx(sctx);
|
2011-03-08 21:14:00 +08:00
|
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
}
|
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
static int scrub_print_warning_inode(u64 inum, u64 offset, u64 root,
|
|
|
|
void *warn_ctx)
|
2011-06-14 01:59:12 +08:00
|
|
|
{
|
|
|
|
u32 nlink;
|
|
|
|
int ret;
|
|
|
|
int i;
|
2017-06-01 01:21:38 +08:00
|
|
|
unsigned nofs_flag;
|
2011-06-14 01:59:12 +08:00
|
|
|
struct extent_buffer *eb;
|
|
|
|
struct btrfs_inode_item *inode_item;
|
2012-11-06 18:43:11 +08:00
|
|
|
struct scrub_warning *swarn = warn_ctx;
|
2016-06-23 06:54:56 +08:00
|
|
|
struct btrfs_fs_info *fs_info = swarn->dev->fs_info;
|
2011-06-14 01:59:12 +08:00
|
|
|
struct inode_fs_paths *ipath = NULL;
|
|
|
|
struct btrfs_root *local_root;
|
2015-01-03 02:36:14 +08:00
|
|
|
struct btrfs_key key;
|
2011-06-14 01:59:12 +08:00
|
|
|
|
2020-05-16 01:35:55 +08:00
|
|
|
local_root = btrfs_get_fs_root(fs_info, root, true);
|
2011-06-14 01:59:12 +08:00
|
|
|
if (IS_ERR(local_root)) {
|
|
|
|
ret = PTR_ERR(local_root);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2015-01-03 01:55:46 +08:00
|
|
|
/*
|
|
|
|
* this makes the path point to (inum INODE_ITEM ioff)
|
|
|
|
*/
|
2015-01-03 02:36:14 +08:00
|
|
|
key.objectid = inum;
|
|
|
|
key.type = BTRFS_INODE_ITEM_KEY;
|
|
|
|
key.offset = 0;
|
|
|
|
|
|
|
|
ret = btrfs_search_slot(NULL, local_root, &key, swarn->path, 0, 0);
|
2011-06-14 01:59:12 +08:00
|
|
|
if (ret) {
|
2020-01-24 22:33:01 +08:00
|
|
|
btrfs_put_root(local_root);
|
2011-06-14 01:59:12 +08:00
|
|
|
btrfs_release_path(swarn->path);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
eb = swarn->path->nodes[0];
|
|
|
|
inode_item = btrfs_item_ptr(eb, swarn->path->slots[0],
|
|
|
|
struct btrfs_inode_item);
|
|
|
|
nlink = btrfs_inode_nlink(eb, inode_item);
|
|
|
|
btrfs_release_path(swarn->path);
|
|
|
|
|
2017-06-01 01:21:38 +08:00
|
|
|
/*
|
|
|
|
* init_path might indirectly call vmalloc, or use GFP_KERNEL. Scrub
|
|
|
|
* uses GFP_NOFS in this context, so we keep it consistent but it does
|
|
|
|
* not seem to be strictly necessary.
|
|
|
|
*/
|
|
|
|
nofs_flag = memalloc_nofs_save();
|
2011-06-14 01:59:12 +08:00
|
|
|
ipath = init_ipath(4096, local_root, swarn->path);
|
2017-06-01 01:21:38 +08:00
|
|
|
memalloc_nofs_restore(nofs_flag);
|
2011-11-16 16:28:01 +08:00
|
|
|
if (IS_ERR(ipath)) {
|
2020-01-24 22:33:01 +08:00
|
|
|
btrfs_put_root(local_root);
|
2011-11-16 16:28:01 +08:00
|
|
|
ret = PTR_ERR(ipath);
|
|
|
|
ipath = NULL;
|
|
|
|
goto err;
|
|
|
|
}
|
2011-06-14 01:59:12 +08:00
|
|
|
ret = paths_from_inode(inum, ipath);
|
|
|
|
|
|
|
|
if (ret < 0)
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* we deliberately ignore the bit ipath might have been too small to
|
|
|
|
* hold all of the paths here
|
|
|
|
*/
|
|
|
|
for (i = 0; i < ipath->fspath->elem_cnt; ++i)
|
2016-09-20 22:05:00 +08:00
|
|
|
btrfs_warn_in_rcu(fs_info,
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
"%s at logical %llu on dev %s, physical %llu, root %llu, inode %llu, offset %llu, length %u, links %u (path: %s)",
|
2016-09-20 22:05:00 +08:00
|
|
|
swarn->errstr, swarn->logical,
|
|
|
|
rcu_str_deref(swarn->dev->name),
|
2017-10-04 23:07:07 +08:00
|
|
|
swarn->physical,
|
2016-09-20 22:05:00 +08:00
|
|
|
root, inum, offset,
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
fs_info->sectorsize, nlink,
|
2016-09-20 22:05:00 +08:00
|
|
|
(char *)(unsigned long)ipath->fspath->val[i]);
|
2011-06-14 01:59:12 +08:00
|
|
|
|
2020-01-24 22:33:01 +08:00
|
|
|
btrfs_put_root(local_root);
|
2011-06-14 01:59:12 +08:00
|
|
|
free_ipath(ipath);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
err:
|
2016-09-20 22:05:00 +08:00
|
|
|
btrfs_warn_in_rcu(fs_info,
|
2017-10-04 23:07:07 +08:00
|
|
|
"%s at logical %llu on dev %s, physical %llu, root %llu, inode %llu, offset %llu: path resolving failed with ret=%d",
|
2016-09-20 22:05:00 +08:00
|
|
|
swarn->errstr, swarn->logical,
|
|
|
|
rcu_str_deref(swarn->dev->name),
|
2017-10-04 23:07:07 +08:00
|
|
|
swarn->physical,
|
2016-09-20 22:05:00 +08:00
|
|
|
root, inum, offset, ret);
|
2011-06-14 01:59:12 +08:00
|
|
|
|
|
|
|
free_ipath(ipath);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
static void scrub_print_warning(const char *errstr, struct scrub_block *sblock)
|
2011-06-14 01:59:12 +08:00
|
|
|
{
|
2012-11-02 20:26:57 +08:00
|
|
|
struct btrfs_device *dev;
|
|
|
|
struct btrfs_fs_info *fs_info;
|
2011-06-14 01:59:12 +08:00
|
|
|
struct btrfs_path *path;
|
|
|
|
struct btrfs_key found_key;
|
|
|
|
struct extent_buffer *eb;
|
|
|
|
struct btrfs_extent_item *ei;
|
|
|
|
struct scrub_warning swarn;
|
2012-09-08 10:01:28 +08:00
|
|
|
unsigned long ptr = 0;
|
|
|
|
u64 extent_item_pos;
|
|
|
|
u64 flags = 0;
|
2011-06-14 01:59:12 +08:00
|
|
|
u64 ref_root;
|
2012-09-08 10:01:28 +08:00
|
|
|
u32 item_size;
|
2016-03-11 16:08:56 +08:00
|
|
|
u8 ref_level = 0;
|
2012-09-08 10:01:28 +08:00
|
|
|
int ret;
|
2011-06-14 01:59:12 +08:00
|
|
|
|
2012-11-02 20:26:57 +08:00
|
|
|
WARN_ON(sblock->page_count < 1);
|
2012-11-02 21:58:04 +08:00
|
|
|
dev = sblock->pagev[0]->dev;
|
2016-06-23 06:54:56 +08:00
|
|
|
fs_info = sblock->sctx->fs_info;
|
2012-11-02 20:26:57 +08:00
|
|
|
|
2011-06-14 01:59:12 +08:00
|
|
|
path = btrfs_alloc_path();
|
2014-07-30 07:25:30 +08:00
|
|
|
if (!path)
|
|
|
|
return;
|
2011-06-14 01:59:12 +08:00
|
|
|
|
2017-10-04 23:07:07 +08:00
|
|
|
swarn.physical = sblock->pagev[0]->physical;
|
2012-11-02 21:58:04 +08:00
|
|
|
swarn.logical = sblock->pagev[0]->logical;
|
2011-06-14 01:59:12 +08:00
|
|
|
swarn.errstr = errstr;
|
2012-11-02 20:26:57 +08:00
|
|
|
swarn.dev = NULL;
|
2011-06-14 01:59:12 +08:00
|
|
|
|
2012-09-08 10:01:28 +08:00
|
|
|
ret = extent_from_logical(fs_info, swarn.logical, path, &found_key,
|
|
|
|
&flags);
|
2011-06-14 01:59:12 +08:00
|
|
|
if (ret < 0)
|
|
|
|
goto out;
|
|
|
|
|
2011-12-02 21:56:41 +08:00
|
|
|
extent_item_pos = swarn.logical - found_key.objectid;
|
2011-06-14 01:59:12 +08:00
|
|
|
swarn.extent_item_size = found_key.offset;
|
|
|
|
|
|
|
|
eb = path->nodes[0];
|
|
|
|
ei = btrfs_item_ptr(eb, path->slots[0], struct btrfs_extent_item);
|
2021-10-22 02:58:35 +08:00
|
|
|
item_size = btrfs_item_size(eb, path->slots[0]);
|
2011-06-14 01:59:12 +08:00
|
|
|
|
2012-09-08 10:01:28 +08:00
|
|
|
if (flags & BTRFS_EXTENT_FLAG_TREE_BLOCK) {
|
2011-06-14 01:59:12 +08:00
|
|
|
do {
|
2014-06-09 10:54:07 +08:00
|
|
|
ret = tree_backref_for_extent(&ptr, eb, &found_key, ei,
|
|
|
|
item_size, &ref_root,
|
|
|
|
&ref_level);
|
2015-10-08 15:01:03 +08:00
|
|
|
btrfs_warn_in_rcu(fs_info,
|
2017-10-04 23:07:07 +08:00
|
|
|
"%s at logical %llu on dev %s, physical %llu: metadata %s (level %d) in tree %llu",
|
2016-09-20 22:05:00 +08:00
|
|
|
errstr, swarn.logical,
|
2012-06-05 02:03:51 +08:00
|
|
|
rcu_str_deref(dev->name),
|
2017-10-04 23:07:07 +08:00
|
|
|
swarn.physical,
|
2011-06-14 01:59:12 +08:00
|
|
|
ref_level ? "node" : "leaf",
|
|
|
|
ret < 0 ? -1 : ref_level,
|
|
|
|
ret < 0 ? -1 : ref_root);
|
|
|
|
} while (ret != 1);
|
2013-03-29 22:09:34 +08:00
|
|
|
btrfs_release_path(path);
|
2011-06-14 01:59:12 +08:00
|
|
|
} else {
|
2013-03-29 22:09:34 +08:00
|
|
|
btrfs_release_path(path);
|
2011-06-14 01:59:12 +08:00
|
|
|
swarn.path = path;
|
2012-11-02 20:26:57 +08:00
|
|
|
swarn.dev = dev;
|
2012-03-24 00:32:28 +08:00
|
|
|
iterate_extent_inodes(fs_info, found_key.objectid,
|
|
|
|
extent_item_pos, 1,
|
btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents
The LOGICAL_INO ioctl provides a backward mapping from extent bytenr and
offset (encoded as a single logical address) to a list of extent refs.
LOGICAL_INO complements TREE_SEARCH, which provides the forward mapping
(extent ref -> extent bytenr and offset, or logical address). These are
useful capabilities for programs that manipulate extents and extent
references from userspace (e.g. dedup and defrag utilities).
When the extents are uncompressed (and not encrypted and not other),
check_extent_in_eb performs filtering of the extent refs to remove any
extent refs which do not contain the same extent offset as the 'logical'
parameter's extent offset. This prevents LOGICAL_INO from returning
references to more than a single block.
To find the set of extent references to an uncompressed extent from [a, b),
userspace has to run a loop like this pseudocode:
for (i = a; i < b; ++i)
extent_ref_set += LOGICAL_INO(i);
At each iteration of the loop (up to 32768 iterations for a 128M extent),
data we are interested in is collected in the kernel, then deleted by
the filter in check_extent_in_eb.
When the extents are compressed (or encrypted or other), the 'logical'
parameter must be an extent bytenr (the 'a' parameter in the loop).
No filtering by extent offset is done (or possible?) so the result is
the complete set of extent refs for the entire extent. This removes
the need for the loop, since we get all the extent refs in one call.
Add an 'ignore_offset' argument to iterate_inodes_from_logical,
[...several levels of function call graph...], and check_extent_in_eb, so
that we can disable the extent offset filtering for uncompressed extents.
This flag can be set by an improved version of the LOGICAL_INO ioctl to
get either behavior as desired.
There is no functional change in this patch. The new flag is always
false.
Signed-off-by: Zygo Blaxell <ce3g8jdj@umail.furryterror.org>
Reviewed-by: David Sterba <dsterba@suse.com>
[ minor coding style fixes ]
Signed-off-by: David Sterba <dsterba@suse.com>
2017-09-23 01:58:45 +08:00
|
|
|
scrub_print_warning_inode, &swarn, false);
|
2011-06-14 01:59:12 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
out:
|
|
|
|
btrfs_free_path(path);
|
|
|
|
}
|
|
|
|
|
2014-10-23 14:42:50 +08:00
|
|
|
static inline void scrub_get_recover(struct scrub_recover *recover)
|
|
|
|
{
|
2017-03-03 16:55:21 +08:00
|
|
|
refcount_inc(&recover->refs);
|
2014-10-23 14:42:50 +08:00
|
|
|
}
|
|
|
|
|
2017-03-29 09:33:22 +08:00
|
|
|
static inline void scrub_put_recover(struct btrfs_fs_info *fs_info,
|
|
|
|
struct scrub_recover *recover)
|
2014-10-23 14:42:50 +08:00
|
|
|
{
|
2017-03-03 16:55:21 +08:00
|
|
|
if (refcount_dec_and_test(&recover->refs)) {
|
2017-03-29 09:33:22 +08:00
|
|
|
btrfs_bio_counter_dec(fs_info);
|
2021-09-15 15:17:16 +08:00
|
|
|
btrfs_put_bioc(recover->bioc);
|
2014-10-23 14:42:50 +08:00
|
|
|
kfree(recover);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
/*
|
2012-03-28 02:21:27 +08:00
|
|
|
* scrub_handle_errored_block gets called when either verification of the
|
|
|
|
* pages failed or the bio failed to read, e.g. with EIO. In the latter
|
|
|
|
* case, this function handles all pages in the bio, even though only one
|
|
|
|
* may be bad.
|
|
|
|
* The goal of this function is to repair the errored block by using the
|
|
|
|
* contents of one of the mirrors.
|
2011-03-08 21:14:00 +08:00
|
|
|
*/
|
2012-03-28 02:21:27 +08:00
|
|
|
static int scrub_handle_errored_block(struct scrub_block *sblock_to_check)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx *sctx = sblock_to_check->sctx;
|
2012-11-02 20:26:57 +08:00
|
|
|
struct btrfs_device *dev;
|
2012-03-28 02:21:27 +08:00
|
|
|
struct btrfs_fs_info *fs_info;
|
|
|
|
u64 logical;
|
|
|
|
unsigned int failed_mirror_index;
|
|
|
|
unsigned int is_metadata;
|
|
|
|
unsigned int have_csum;
|
|
|
|
struct scrub_block *sblocks_for_recheck; /* holds one for each mirror */
|
|
|
|
struct scrub_block *sblock_bad;
|
|
|
|
int ret;
|
|
|
|
int mirror_index;
|
|
|
|
int page_num;
|
|
|
|
int success;
|
btrfs: scrub: Fix RAID56 recovery race condition
When scrubbing a RAID5 which has recoverable data corruption (only one
data stripe is corrupted), sometimes scrub will report more csum errors
than expected. Sometimes even unrecoverable error will be reported.
The problem can be easily reproduced by the following steps:
1) Create a btrfs with RAID5 data profile with 3 devs
2) Mount it with nospace_cache or space_cache=v2
To avoid extra data space usage.
3) Create a 128K file and sync the fs, unmount it
Now the 128K file lies at the beginning of the data chunk
4) Locate the physical bytenr of data chunk on dev3
Dev3 is the 1st data stripe.
5) Corrupt the first 64K of the data chunk stripe on dev3
6) Mount the fs and scrub it
The correct csum error number should be 16 (assuming using x86_64).
Larger csum error number can be reported in a 1/3 chance.
And unrecoverable error can also be reported in a 1/10 chance.
The root cause of the problem is RAID5/6 recover code has race
condition, due to the fact that full scrub is initiated per device.
While for other mirror based profiles, each mirror is independent with
each other, so race won't cause any big problem.
For example:
Corrupted | Correct | Correct |
| Scrub dev3 (D1) | Scrub dev2 (D2) | Scrub dev1(P) |
------------------------------------------------------------------------
Read out D1 |Read out D2 |Read full stripe |
Check csum |Check csum |Check parity |
Csum mismatch |Csum match, continue |Parity mismatch |
handle_errored_block | |handle_errored_block |
Read out full stripe | | Read out full stripe|
D1 csum error(err++) | | D1 csum error(err++)|
Recover D1 | | Recover D1 |
So D1's csum error is accounted twice, just because
handle_errored_block() doesn't have enough protection, and race can happen.
On even worse case, for example D1's recovery code is re-writing
D1/D2/P, and P's recovery code is just reading out full stripe, then we
can cause unrecoverable error.
This patch will use previously introduced lock_full_stripe() and
unlock_full_stripe() to protect the whole scrub_handle_errored_block()
function for RAID56 recovery.
So no extra csum error nor unrecoverable error.
Reported-by: Goffredo Baroncelli <kreijack@libero.it>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2017-04-14 08:35:55 +08:00
|
|
|
bool full_stripe_locked;
|
2018-12-07 21:23:32 +08:00
|
|
|
unsigned int nofs_flag;
|
2020-08-17 18:12:38 +08:00
|
|
|
static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL,
|
2012-03-28 02:21:27 +08:00
|
|
|
DEFAULT_RATELIMIT_BURST);
|
|
|
|
|
|
|
|
BUG_ON(sblock_to_check->page_count < 1);
|
2016-06-23 06:54:56 +08:00
|
|
|
fs_info = sctx->fs_info;
|
2012-11-15 02:57:29 +08:00
|
|
|
if (sblock_to_check->pagev[0]->flags & BTRFS_EXTENT_FLAG_SUPER) {
|
|
|
|
/*
|
|
|
|
* if we find an error in a super block, we just report it.
|
|
|
|
* They will get written with the next transaction commit
|
|
|
|
* anyway
|
|
|
|
*/
|
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
++sctx->stat.super_errors;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
|
|
|
return 0;
|
|
|
|
}
|
2012-11-02 21:58:04 +08:00
|
|
|
logical = sblock_to_check->pagev[0]->logical;
|
|
|
|
BUG_ON(sblock_to_check->pagev[0]->mirror_num < 1);
|
|
|
|
failed_mirror_index = sblock_to_check->pagev[0]->mirror_num - 1;
|
|
|
|
is_metadata = !(sblock_to_check->pagev[0]->flags &
|
2012-03-28 02:21:27 +08:00
|
|
|
BTRFS_EXTENT_FLAG_DATA);
|
2012-11-02 21:58:04 +08:00
|
|
|
have_csum = sblock_to_check->pagev[0]->have_csum;
|
|
|
|
dev = sblock_to_check->pagev[0]->dev;
|
2011-06-14 01:56:13 +08:00
|
|
|
|
btrfs: zoned: relocate block group to repair IO failure in zoned filesystems
When a bad checksum is found and if the filesystem has a mirror of the
damaged data, we read the correct data from the mirror and writes it to
damaged blocks. This however, violates the sequential write constraints
of a zoned block device.
We can consider three methods to repair an IO failure in zoned filesystems:
(1) Reset and rewrite the damaged zone
(2) Allocate new device extent and replace the damaged device extent to
the new extent
(3) Relocate the corresponding block group
Method (1) is most similar to a behavior done with regular devices.
However, it also wipes non-damaged data in the same device extent, and
so it unnecessary degrades non-damaged data.
Method (2) is much like device replacing but done in the same device. It
is safe because it keeps the device extent until the replacing finish.
However, extending device replacing is non-trivial. It assumes
"src_dev->physical == dst_dev->physical". Also, the extent mapping
replacing function should be extended to support replacing device extent
position in one device.
Method (3) invokes relocation of the damaged block group and is
straightforward to implement. It relocates all the mirrored device
extents, so it potentially is a more costly operation than method (1) or
(2). But it relocates only used extents which reduce the total IO size.
Let's apply method (3) for now. In the future, we can extend device-replace
and apply method (2).
For protecting a block group gets relocated multiple time with multiple
IO errors, this commit introduces "relocating_repair" bit to show it's
now relocating to repair IO failures. Also it uses a new kthread
"btrfs-relocating-repair", not to block IO path with relocating process.
This commit also supports repairing in the scrub process.
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-02-04 18:22:16 +08:00
|
|
|
if (btrfs_is_zoned(fs_info) && !sctx->is_dev_replace)
|
|
|
|
return btrfs_repair_one_zone(fs_info, logical);
|
|
|
|
|
2018-12-07 21:23:32 +08:00
|
|
|
/*
|
|
|
|
* We must use GFP_NOFS because the scrub task might be waiting for a
|
|
|
|
* worker task executing this function and in turn a transaction commit
|
|
|
|
* might be waiting the scrub task to pause (which needs to wait for all
|
|
|
|
* the worker tasks to complete before pausing).
|
|
|
|
* We do allocations in the workers through insert_full_stripe_lock()
|
|
|
|
* and scrub_add_page_to_wr_bio(), which happens down the call chain of
|
|
|
|
* this function.
|
|
|
|
*/
|
|
|
|
nofs_flag = memalloc_nofs_save();
|
btrfs: scrub: Fix RAID56 recovery race condition
When scrubbing a RAID5 which has recoverable data corruption (only one
data stripe is corrupted), sometimes scrub will report more csum errors
than expected. Sometimes even unrecoverable error will be reported.
The problem can be easily reproduced by the following steps:
1) Create a btrfs with RAID5 data profile with 3 devs
2) Mount it with nospace_cache or space_cache=v2
To avoid extra data space usage.
3) Create a 128K file and sync the fs, unmount it
Now the 128K file lies at the beginning of the data chunk
4) Locate the physical bytenr of data chunk on dev3
Dev3 is the 1st data stripe.
5) Corrupt the first 64K of the data chunk stripe on dev3
6) Mount the fs and scrub it
The correct csum error number should be 16 (assuming using x86_64).
Larger csum error number can be reported in a 1/3 chance.
And unrecoverable error can also be reported in a 1/10 chance.
The root cause of the problem is RAID5/6 recover code has race
condition, due to the fact that full scrub is initiated per device.
While for other mirror based profiles, each mirror is independent with
each other, so race won't cause any big problem.
For example:
Corrupted | Correct | Correct |
| Scrub dev3 (D1) | Scrub dev2 (D2) | Scrub dev1(P) |
------------------------------------------------------------------------
Read out D1 |Read out D2 |Read full stripe |
Check csum |Check csum |Check parity |
Csum mismatch |Csum match, continue |Parity mismatch |
handle_errored_block | |handle_errored_block |
Read out full stripe | | Read out full stripe|
D1 csum error(err++) | | D1 csum error(err++)|
Recover D1 | | Recover D1 |
So D1's csum error is accounted twice, just because
handle_errored_block() doesn't have enough protection, and race can happen.
On even worse case, for example D1's recovery code is re-writing
D1/D2/P, and P's recovery code is just reading out full stripe, then we
can cause unrecoverable error.
This patch will use previously introduced lock_full_stripe() and
unlock_full_stripe() to protect the whole scrub_handle_errored_block()
function for RAID56 recovery.
So no extra csum error nor unrecoverable error.
Reported-by: Goffredo Baroncelli <kreijack@libero.it>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2017-04-14 08:35:55 +08:00
|
|
|
/*
|
|
|
|
* For RAID5/6, race can happen for a different device scrub thread.
|
|
|
|
* For data corruption, Parity and Data threads will both try
|
|
|
|
* to recovery the data.
|
|
|
|
* Race can lead to doubly added csum error, or even unrecoverable
|
|
|
|
* error.
|
|
|
|
*/
|
|
|
|
ret = lock_full_stripe(fs_info, logical, &full_stripe_locked);
|
|
|
|
if (ret < 0) {
|
2018-12-07 21:23:32 +08:00
|
|
|
memalloc_nofs_restore(nofs_flag);
|
btrfs: scrub: Fix RAID56 recovery race condition
When scrubbing a RAID5 which has recoverable data corruption (only one
data stripe is corrupted), sometimes scrub will report more csum errors
than expected. Sometimes even unrecoverable error will be reported.
The problem can be easily reproduced by the following steps:
1) Create a btrfs with RAID5 data profile with 3 devs
2) Mount it with nospace_cache or space_cache=v2
To avoid extra data space usage.
3) Create a 128K file and sync the fs, unmount it
Now the 128K file lies at the beginning of the data chunk
4) Locate the physical bytenr of data chunk on dev3
Dev3 is the 1st data stripe.
5) Corrupt the first 64K of the data chunk stripe on dev3
6) Mount the fs and scrub it
The correct csum error number should be 16 (assuming using x86_64).
Larger csum error number can be reported in a 1/3 chance.
And unrecoverable error can also be reported in a 1/10 chance.
The root cause of the problem is RAID5/6 recover code has race
condition, due to the fact that full scrub is initiated per device.
While for other mirror based profiles, each mirror is independent with
each other, so race won't cause any big problem.
For example:
Corrupted | Correct | Correct |
| Scrub dev3 (D1) | Scrub dev2 (D2) | Scrub dev1(P) |
------------------------------------------------------------------------
Read out D1 |Read out D2 |Read full stripe |
Check csum |Check csum |Check parity |
Csum mismatch |Csum match, continue |Parity mismatch |
handle_errored_block | |handle_errored_block |
Read out full stripe | | Read out full stripe|
D1 csum error(err++) | | D1 csum error(err++)|
Recover D1 | | Recover D1 |
So D1's csum error is accounted twice, just because
handle_errored_block() doesn't have enough protection, and race can happen.
On even worse case, for example D1's recovery code is re-writing
D1/D2/P, and P's recovery code is just reading out full stripe, then we
can cause unrecoverable error.
This patch will use previously introduced lock_full_stripe() and
unlock_full_stripe() to protect the whole scrub_handle_errored_block()
function for RAID56 recovery.
So no extra csum error nor unrecoverable error.
Reported-by: Goffredo Baroncelli <kreijack@libero.it>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2017-04-14 08:35:55 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
if (ret == -ENOMEM)
|
|
|
|
sctx->stat.malloc_errors++;
|
|
|
|
sctx->stat.read_errors++;
|
|
|
|
sctx->stat.uncorrectable_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
/*
|
|
|
|
* read all mirrors one after the other. This includes to
|
|
|
|
* re-read the extent or metadata block that failed (that was
|
|
|
|
* the cause that this fixup code is called) another time,
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
* sector by sector this time in order to know which sectors
|
2012-03-28 02:21:27 +08:00
|
|
|
* caused I/O errors and which ones are good (for all mirrors).
|
|
|
|
* It is the goal to handle the situation when more than one
|
|
|
|
* mirror contains I/O errors, but the errors do not
|
|
|
|
* overlap, i.e. the data can be repaired by selecting the
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
* sectors from those mirrors without I/O error on the
|
|
|
|
* particular sectors. One example (with blocks >= 2 * sectorsize)
|
|
|
|
* would be that mirror #1 has an I/O error on the first sector,
|
|
|
|
* the second sector is good, and mirror #2 has an I/O error on
|
|
|
|
* the second sector, but the first sector is good.
|
|
|
|
* Then the first sector of the first mirror can be repaired by
|
|
|
|
* taking the first sector of the second mirror, and the
|
|
|
|
* second sector of the second mirror can be repaired by
|
|
|
|
* copying the contents of the 2nd sector of the 1st mirror.
|
|
|
|
* One more note: if the sectors of one mirror contain I/O
|
2012-03-28 02:21:27 +08:00
|
|
|
* errors, the checksum cannot be verified. In order to get
|
|
|
|
* the best data for repairing, the first attempt is to find
|
|
|
|
* a mirror without I/O errors and with a validated checksum.
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
* Only if this is not possible, the sectors are picked from
|
2012-03-28 02:21:27 +08:00
|
|
|
* mirrors with I/O errors without considering the checksum.
|
|
|
|
* If the latter is the case, at the end, the checksum of the
|
|
|
|
* repaired area is verified in order to correctly maintain
|
|
|
|
* the statistics.
|
|
|
|
*/
|
|
|
|
|
2015-02-21 01:00:26 +08:00
|
|
|
sblocks_for_recheck = kcalloc(BTRFS_MAX_MIRRORS,
|
2018-12-07 21:23:32 +08:00
|
|
|
sizeof(*sblocks_for_recheck), GFP_KERNEL);
|
2012-03-28 02:21:27 +08:00
|
|
|
if (!sblocks_for_recheck) {
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.malloc_errors++;
|
|
|
|
sctx->stat.read_errors++;
|
|
|
|
sctx->stat.uncorrectable_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2012-11-02 20:26:57 +08:00
|
|
|
btrfs_dev_stat_inc_and_print(dev, BTRFS_DEV_STAT_READ_ERRS);
|
2012-03-28 02:21:27 +08:00
|
|
|
goto out;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
/* setup the context, map the logical blocks and alloc the pages */
|
2015-01-20 15:11:42 +08:00
|
|
|
ret = scrub_setup_recheck_block(sblock_to_check, sblocks_for_recheck);
|
2012-03-28 02:21:27 +08:00
|
|
|
if (ret) {
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.read_errors++;
|
|
|
|
sctx->stat.uncorrectable_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2012-11-02 20:26:57 +08:00
|
|
|
btrfs_dev_stat_inc_and_print(dev, BTRFS_DEV_STAT_READ_ERRS);
|
2012-03-28 02:21:27 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
BUG_ON(failed_mirror_index >= BTRFS_MAX_MIRRORS);
|
|
|
|
sblock_bad = sblocks_for_recheck + failed_mirror_index;
|
2011-06-14 01:56:13 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
/* build and submit the bios for the failed mirror, check checksums */
|
2015-08-24 21:32:06 +08:00
|
|
|
scrub_recheck_block(fs_info, sblock_bad, 1);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
if (!sblock_bad->header_error && !sblock_bad->checksum_error &&
|
|
|
|
sblock_bad->no_io_error_seen) {
|
|
|
|
/*
|
|
|
|
* the error disappeared after reading page by page, or
|
|
|
|
* the area was part of a huge bio and other parts of the
|
|
|
|
* bio caused I/O errors, or the block layer merged several
|
|
|
|
* read requests into one and the error is caused by a
|
|
|
|
* different bio (usually one of the two latter cases is
|
|
|
|
* the cause)
|
|
|
|
*/
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.unverified_errors++;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
sblock_to_check->data_corrected = 1;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_unlock(&sctx->stat_lock);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
if (sctx->is_dev_replace)
|
|
|
|
scrub_write_block_to_dev_replace(sblock_bad);
|
2012-03-28 02:21:27 +08:00
|
|
|
goto out;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
if (!sblock_bad->no_io_error_seen) {
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.read_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2020-08-17 18:12:38 +08:00
|
|
|
if (__ratelimit(&rs))
|
2012-03-28 02:21:27 +08:00
|
|
|
scrub_print_warning("i/o error", sblock_to_check);
|
2012-11-02 20:26:57 +08:00
|
|
|
btrfs_dev_stat_inc_and_print(dev, BTRFS_DEV_STAT_READ_ERRS);
|
2012-03-28 02:21:27 +08:00
|
|
|
} else if (sblock_bad->checksum_error) {
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.csum_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2020-08-17 18:12:38 +08:00
|
|
|
if (__ratelimit(&rs))
|
2012-03-28 02:21:27 +08:00
|
|
|
scrub_print_warning("checksum error", sblock_to_check);
|
2012-11-02 20:26:57 +08:00
|
|
|
btrfs_dev_stat_inc_and_print(dev,
|
2012-05-25 22:06:08 +08:00
|
|
|
BTRFS_DEV_STAT_CORRUPTION_ERRS);
|
2012-03-28 02:21:27 +08:00
|
|
|
} else if (sblock_bad->header_error) {
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.verify_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2020-08-17 18:12:38 +08:00
|
|
|
if (__ratelimit(&rs))
|
2012-03-28 02:21:27 +08:00
|
|
|
scrub_print_warning("checksum/header error",
|
|
|
|
sblock_to_check);
|
2012-05-25 22:06:08 +08:00
|
|
|
if (sblock_bad->generation_error)
|
2012-11-02 20:26:57 +08:00
|
|
|
btrfs_dev_stat_inc_and_print(dev,
|
2012-05-25 22:06:08 +08:00
|
|
|
BTRFS_DEV_STAT_GENERATION_ERRS);
|
|
|
|
else
|
2012-11-02 20:26:57 +08:00
|
|
|
btrfs_dev_stat_inc_and_print(dev,
|
2012-05-25 22:06:08 +08:00
|
|
|
BTRFS_DEV_STAT_CORRUPTION_ERRS);
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2013-11-04 01:06:38 +08:00
|
|
|
if (sctx->readonly) {
|
|
|
|
ASSERT(!sctx->is_dev_replace);
|
|
|
|
goto out;
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
/*
|
|
|
|
* now build and submit the bios for the other mirrors, check
|
2012-11-02 23:14:21 +08:00
|
|
|
* checksums.
|
|
|
|
* First try to pick the mirror which is completely without I/O
|
2012-03-28 02:21:27 +08:00
|
|
|
* errors and also does not have a checksum error.
|
|
|
|
* If one is found, and if a checksum is present, the full block
|
|
|
|
* that is known to contain an error is rewritten. Afterwards
|
|
|
|
* the block is known to be corrected.
|
|
|
|
* If a mirror is found which is completely correct, and no
|
|
|
|
* checksum is present, only those pages are rewritten that had
|
|
|
|
* an I/O error in the block to be repaired, since it cannot be
|
|
|
|
* determined, which copy of the other pages is better (and it
|
|
|
|
* could happen otherwise that a correct page would be
|
|
|
|
* overwritten by a bad one).
|
|
|
|
*/
|
Btrfs: fix scrub to repair raid6 corruption
The raid6 corruption is that,
suppose that all disks can be read without problems and if the content
that was read out doesn't match its checksum, currently for raid6
btrfs at most retries twice,
- the 1st retry is to rebuild with all other stripes, it'll eventually
be a raid5 xor rebuild,
- if the 1st fails, the 2nd retry will deliberately fail parity p so
that it will do raid6 style rebuild,
however, the chances are that another non-parity stripe content also
has something corrupted, so that the above retries are not able to
return correct content.
We've fixed normal reads to rebuild raid6 correctly with more retries
in Patch "Btrfs: make raid6 rebuild retry more"[1], this is to fix
scrub to do the exactly same rebuild process.
[1]: https://patchwork.kernel.org/patch/10091755/
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-01-03 04:36:42 +08:00
|
|
|
for (mirror_index = 0; ;mirror_index++) {
|
2012-11-02 23:14:21 +08:00
|
|
|
struct scrub_block *sblock_other;
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2012-11-02 23:14:21 +08:00
|
|
|
if (mirror_index == failed_mirror_index)
|
|
|
|
continue;
|
Btrfs: fix scrub to repair raid6 corruption
The raid6 corruption is that,
suppose that all disks can be read without problems and if the content
that was read out doesn't match its checksum, currently for raid6
btrfs at most retries twice,
- the 1st retry is to rebuild with all other stripes, it'll eventually
be a raid5 xor rebuild,
- if the 1st fails, the 2nd retry will deliberately fail parity p so
that it will do raid6 style rebuild,
however, the chances are that another non-parity stripe content also
has something corrupted, so that the above retries are not able to
return correct content.
We've fixed normal reads to rebuild raid6 correctly with more retries
in Patch "Btrfs: make raid6 rebuild retry more"[1], this is to fix
scrub to do the exactly same rebuild process.
[1]: https://patchwork.kernel.org/patch/10091755/
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-01-03 04:36:42 +08:00
|
|
|
|
|
|
|
/* raid56's mirror can be more than BTRFS_MAX_MIRRORS */
|
|
|
|
if (!scrub_is_page_on_raid56(sblock_bad->pagev[0])) {
|
|
|
|
if (mirror_index >= BTRFS_MAX_MIRRORS)
|
|
|
|
break;
|
|
|
|
if (!sblocks_for_recheck[mirror_index].page_count)
|
|
|
|
break;
|
|
|
|
|
|
|
|
sblock_other = sblocks_for_recheck + mirror_index;
|
|
|
|
} else {
|
|
|
|
struct scrub_recover *r = sblock_bad->pagev[0]->recover;
|
2021-09-15 15:17:16 +08:00
|
|
|
int max_allowed = r->bioc->num_stripes - r->bioc->num_tgtdevs;
|
Btrfs: fix scrub to repair raid6 corruption
The raid6 corruption is that,
suppose that all disks can be read without problems and if the content
that was read out doesn't match its checksum, currently for raid6
btrfs at most retries twice,
- the 1st retry is to rebuild with all other stripes, it'll eventually
be a raid5 xor rebuild,
- if the 1st fails, the 2nd retry will deliberately fail parity p so
that it will do raid6 style rebuild,
however, the chances are that another non-parity stripe content also
has something corrupted, so that the above retries are not able to
return correct content.
We've fixed normal reads to rebuild raid6 correctly with more retries
in Patch "Btrfs: make raid6 rebuild retry more"[1], this is to fix
scrub to do the exactly same rebuild process.
[1]: https://patchwork.kernel.org/patch/10091755/
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-01-03 04:36:42 +08:00
|
|
|
|
|
|
|
if (mirror_index >= max_allowed)
|
|
|
|
break;
|
|
|
|
if (!sblocks_for_recheck[1].page_count)
|
|
|
|
break;
|
|
|
|
|
|
|
|
ASSERT(failed_mirror_index == 0);
|
|
|
|
sblock_other = sblocks_for_recheck + 1;
|
|
|
|
sblock_other->pagev[0]->mirror_num = 1 + mirror_index;
|
|
|
|
}
|
2012-11-02 23:14:21 +08:00
|
|
|
|
|
|
|
/* build and submit the bios, check checksums */
|
2015-08-24 21:32:06 +08:00
|
|
|
scrub_recheck_block(fs_info, sblock_other, 0);
|
2012-11-02 23:16:26 +08:00
|
|
|
|
|
|
|
if (!sblock_other->header_error &&
|
2012-03-28 02:21:27 +08:00
|
|
|
!sblock_other->checksum_error &&
|
|
|
|
sblock_other->no_io_error_seen) {
|
2012-11-06 18:43:11 +08:00
|
|
|
if (sctx->is_dev_replace) {
|
|
|
|
scrub_write_block_to_dev_replace(sblock_other);
|
2015-01-20 15:11:36 +08:00
|
|
|
goto corrected_error;
|
2012-11-06 18:43:11 +08:00
|
|
|
} else {
|
|
|
|
ret = scrub_repair_block_from_good_copy(
|
2015-01-20 15:11:36 +08:00
|
|
|
sblock_bad, sblock_other);
|
|
|
|
if (!ret)
|
|
|
|
goto corrected_error;
|
2012-11-06 18:43:11 +08:00
|
|
|
}
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2015-01-20 15:11:41 +08:00
|
|
|
if (sblock_bad->no_io_error_seen && !sctx->is_dev_replace)
|
|
|
|
goto did_not_correct_error;
|
2012-11-06 18:43:11 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* In case of I/O errors in the area that is supposed to be
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
* repaired, continue by picking good copies of those sectors.
|
|
|
|
* Select the good sectors from mirrors to rewrite bad sectors from
|
2012-03-28 02:21:27 +08:00
|
|
|
* the area to fix. Afterwards verify the checksum of the block
|
|
|
|
* that is supposed to be repaired. This verification step is
|
|
|
|
* only done for the purpose of statistic counting and for the
|
|
|
|
* final scrub report, whether errors remain.
|
|
|
|
* A perfect algorithm could make use of the checksum and try
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
* all possible combinations of sectors from the different mirrors
|
2012-03-28 02:21:27 +08:00
|
|
|
* until the checksum verification succeeds. For example, when
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
* the 2nd sector of mirror #1 faces I/O errors, and the 2nd sector
|
2012-03-28 02:21:27 +08:00
|
|
|
* of mirror #2 is readable but the final checksum test fails,
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
* then the 2nd sector of mirror #3 could be tried, whether now
|
2016-05-20 09:18:45 +08:00
|
|
|
* the final checksum succeeds. But this would be a rare
|
2012-03-28 02:21:27 +08:00
|
|
|
* exception and is therefore not implemented. At least it is
|
|
|
|
* avoided that the good copy is overwritten.
|
|
|
|
* A more useful improvement would be to pick the sectors
|
|
|
|
* without I/O error based on sector sizes (512 bytes on legacy
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
* disks) instead of on sectorsize. Then maybe 512 byte of one
|
2012-03-28 02:21:27 +08:00
|
|
|
* mirror could be repaired by taking 512 byte of a different
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
* mirror, even if other 512 byte sectors in the same sectorsize
|
2012-03-28 02:21:27 +08:00
|
|
|
* area are unreadable.
|
2011-03-08 21:14:00 +08:00
|
|
|
*/
|
2012-03-28 02:21:27 +08:00
|
|
|
success = 1;
|
2015-01-20 15:11:41 +08:00
|
|
|
for (page_num = 0; page_num < sblock_bad->page_count;
|
|
|
|
page_num++) {
|
2020-11-03 21:31:01 +08:00
|
|
|
struct scrub_page *spage_bad = sblock_bad->pagev[page_num];
|
2015-01-20 15:11:41 +08:00
|
|
|
struct scrub_block *sblock_other = NULL;
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2015-01-20 15:11:41 +08:00
|
|
|
/* skip no-io-error page in scrub */
|
2020-11-03 21:31:01 +08:00
|
|
|
if (!spage_bad->io_error && !sctx->is_dev_replace)
|
2011-03-08 21:14:00 +08:00
|
|
|
continue;
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2018-03-03 07:10:41 +08:00
|
|
|
if (scrub_is_page_on_raid56(sblock_bad->pagev[0])) {
|
|
|
|
/*
|
|
|
|
* In case of dev replace, if raid56 rebuild process
|
|
|
|
* didn't work out correct data, then copy the content
|
|
|
|
* in sblock_bad to make sure target device is identical
|
|
|
|
* to source device, instead of writing garbage data in
|
|
|
|
* sblock_for_recheck array to target device.
|
|
|
|
*/
|
|
|
|
sblock_other = NULL;
|
2020-11-03 21:31:01 +08:00
|
|
|
} else if (spage_bad->io_error) {
|
2018-03-03 07:10:41 +08:00
|
|
|
/* try to find no-io-error page in mirrors */
|
2015-01-20 15:11:41 +08:00
|
|
|
for (mirror_index = 0;
|
|
|
|
mirror_index < BTRFS_MAX_MIRRORS &&
|
|
|
|
sblocks_for_recheck[mirror_index].page_count > 0;
|
|
|
|
mirror_index++) {
|
|
|
|
if (!sblocks_for_recheck[mirror_index].
|
|
|
|
pagev[page_num]->io_error) {
|
|
|
|
sblock_other = sblocks_for_recheck +
|
|
|
|
mirror_index;
|
|
|
|
break;
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
|
|
|
}
|
2015-01-20 15:11:41 +08:00
|
|
|
if (!sblock_other)
|
|
|
|
success = 0;
|
2011-04-09 19:27:01 +08:00
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2015-01-20 15:11:41 +08:00
|
|
|
if (sctx->is_dev_replace) {
|
|
|
|
/*
|
|
|
|
* did not find a mirror to fetch the page
|
|
|
|
* from. scrub_write_page_to_dev_replace()
|
|
|
|
* handles this case (page->io_error), by
|
|
|
|
* filling the block with zeros before
|
|
|
|
* submitting the write request
|
|
|
|
*/
|
|
|
|
if (!sblock_other)
|
|
|
|
sblock_other = sblock_bad;
|
|
|
|
|
|
|
|
if (scrub_write_page_to_dev_replace(sblock_other,
|
|
|
|
page_num) != 0) {
|
2018-04-04 23:20:52 +08:00
|
|
|
atomic64_inc(
|
2016-06-23 06:54:23 +08:00
|
|
|
&fs_info->dev_replace.num_write_errors);
|
2015-01-20 15:11:41 +08:00
|
|
|
success = 0;
|
|
|
|
}
|
|
|
|
} else if (sblock_other) {
|
|
|
|
ret = scrub_repair_page_from_good_copy(sblock_bad,
|
|
|
|
sblock_other,
|
|
|
|
page_num, 0);
|
|
|
|
if (0 == ret)
|
2020-11-03 21:31:01 +08:00
|
|
|
spage_bad->io_error = 0;
|
2015-01-20 15:11:41 +08:00
|
|
|
else
|
|
|
|
success = 0;
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2015-01-20 15:11:41 +08:00
|
|
|
if (success && !sctx->is_dev_replace) {
|
2012-03-28 02:21:27 +08:00
|
|
|
if (is_metadata || have_csum) {
|
|
|
|
/*
|
|
|
|
* need to verify the checksum now that all
|
|
|
|
* sectors on disk are repaired (the write
|
|
|
|
* request for data to be repaired is on its way).
|
|
|
|
* Just be lazy and use scrub_recheck_block()
|
|
|
|
* which re-reads the data before the checksum
|
|
|
|
* is verified, but most likely the data comes out
|
|
|
|
* of the page cache.
|
|
|
|
*/
|
2015-08-24 21:32:06 +08:00
|
|
|
scrub_recheck_block(fs_info, sblock_bad, 1);
|
2012-11-02 23:16:26 +08:00
|
|
|
if (!sblock_bad->header_error &&
|
2012-03-28 02:21:27 +08:00
|
|
|
!sblock_bad->checksum_error &&
|
|
|
|
sblock_bad->no_io_error_seen)
|
|
|
|
goto corrected_error;
|
|
|
|
else
|
|
|
|
goto did_not_correct_error;
|
|
|
|
} else {
|
|
|
|
corrected_error:
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.corrected_errors++;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
sblock_to_check->data_corrected = 1;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_unlock(&sctx->stat_lock);
|
2015-10-08 16:43:10 +08:00
|
|
|
btrfs_err_rl_in_rcu(fs_info,
|
|
|
|
"fixed up error at logical %llu on dev %s",
|
2013-08-20 19:20:07 +08:00
|
|
|
logical, rcu_str_deref(dev->name));
|
2011-03-23 23:34:19 +08:00
|
|
|
}
|
2012-03-28 02:21:27 +08:00
|
|
|
} else {
|
|
|
|
did_not_correct_error:
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.uncorrectable_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2015-10-08 16:43:10 +08:00
|
|
|
btrfs_err_rl_in_rcu(fs_info,
|
|
|
|
"unable to fixup (regular) error at logical %llu on dev %s",
|
2013-08-20 19:20:07 +08:00
|
|
|
logical, rcu_str_deref(dev->name));
|
2011-04-09 19:27:01 +08:00
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
out:
|
|
|
|
if (sblocks_for_recheck) {
|
|
|
|
for (mirror_index = 0; mirror_index < BTRFS_MAX_MIRRORS;
|
|
|
|
mirror_index++) {
|
|
|
|
struct scrub_block *sblock = sblocks_for_recheck +
|
|
|
|
mirror_index;
|
2014-10-23 14:42:50 +08:00
|
|
|
struct scrub_recover *recover;
|
2012-03-28 02:21:27 +08:00
|
|
|
int page_index;
|
|
|
|
|
2012-11-02 21:58:04 +08:00
|
|
|
for (page_index = 0; page_index < sblock->page_count;
|
|
|
|
page_index++) {
|
|
|
|
sblock->pagev[page_index]->sblock = NULL;
|
2014-10-23 14:42:50 +08:00
|
|
|
recover = sblock->pagev[page_index]->recover;
|
|
|
|
if (recover) {
|
2017-03-29 09:33:22 +08:00
|
|
|
scrub_put_recover(fs_info, recover);
|
2014-10-23 14:42:50 +08:00
|
|
|
sblock->pagev[page_index]->recover =
|
|
|
|
NULL;
|
|
|
|
}
|
2012-11-02 21:58:04 +08:00
|
|
|
scrub_page_put(sblock->pagev[page_index]);
|
|
|
|
}
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
|
|
|
kfree(sblocks_for_recheck);
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
btrfs: scrub: Fix RAID56 recovery race condition
When scrubbing a RAID5 which has recoverable data corruption (only one
data stripe is corrupted), sometimes scrub will report more csum errors
than expected. Sometimes even unrecoverable error will be reported.
The problem can be easily reproduced by the following steps:
1) Create a btrfs with RAID5 data profile with 3 devs
2) Mount it with nospace_cache or space_cache=v2
To avoid extra data space usage.
3) Create a 128K file and sync the fs, unmount it
Now the 128K file lies at the beginning of the data chunk
4) Locate the physical bytenr of data chunk on dev3
Dev3 is the 1st data stripe.
5) Corrupt the first 64K of the data chunk stripe on dev3
6) Mount the fs and scrub it
The correct csum error number should be 16 (assuming using x86_64).
Larger csum error number can be reported in a 1/3 chance.
And unrecoverable error can also be reported in a 1/10 chance.
The root cause of the problem is RAID5/6 recover code has race
condition, due to the fact that full scrub is initiated per device.
While for other mirror based profiles, each mirror is independent with
each other, so race won't cause any big problem.
For example:
Corrupted | Correct | Correct |
| Scrub dev3 (D1) | Scrub dev2 (D2) | Scrub dev1(P) |
------------------------------------------------------------------------
Read out D1 |Read out D2 |Read full stripe |
Check csum |Check csum |Check parity |
Csum mismatch |Csum match, continue |Parity mismatch |
handle_errored_block | |handle_errored_block |
Read out full stripe | | Read out full stripe|
D1 csum error(err++) | | D1 csum error(err++)|
Recover D1 | | Recover D1 |
So D1's csum error is accounted twice, just because
handle_errored_block() doesn't have enough protection, and race can happen.
On even worse case, for example D1's recovery code is re-writing
D1/D2/P, and P's recovery code is just reading out full stripe, then we
can cause unrecoverable error.
This patch will use previously introduced lock_full_stripe() and
unlock_full_stripe() to protect the whole scrub_handle_errored_block()
function for RAID56 recovery.
So no extra csum error nor unrecoverable error.
Reported-by: Goffredo Baroncelli <kreijack@libero.it>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2017-04-14 08:35:55 +08:00
|
|
|
ret = unlock_full_stripe(fs_info, logical, full_stripe_locked);
|
2018-12-07 21:23:32 +08:00
|
|
|
memalloc_nofs_restore(nofs_flag);
|
btrfs: scrub: Fix RAID56 recovery race condition
When scrubbing a RAID5 which has recoverable data corruption (only one
data stripe is corrupted), sometimes scrub will report more csum errors
than expected. Sometimes even unrecoverable error will be reported.
The problem can be easily reproduced by the following steps:
1) Create a btrfs with RAID5 data profile with 3 devs
2) Mount it with nospace_cache or space_cache=v2
To avoid extra data space usage.
3) Create a 128K file and sync the fs, unmount it
Now the 128K file lies at the beginning of the data chunk
4) Locate the physical bytenr of data chunk on dev3
Dev3 is the 1st data stripe.
5) Corrupt the first 64K of the data chunk stripe on dev3
6) Mount the fs and scrub it
The correct csum error number should be 16 (assuming using x86_64).
Larger csum error number can be reported in a 1/3 chance.
And unrecoverable error can also be reported in a 1/10 chance.
The root cause of the problem is RAID5/6 recover code has race
condition, due to the fact that full scrub is initiated per device.
While for other mirror based profiles, each mirror is independent with
each other, so race won't cause any big problem.
For example:
Corrupted | Correct | Correct |
| Scrub dev3 (D1) | Scrub dev2 (D2) | Scrub dev1(P) |
------------------------------------------------------------------------
Read out D1 |Read out D2 |Read full stripe |
Check csum |Check csum |Check parity |
Csum mismatch |Csum match, continue |Parity mismatch |
handle_errored_block | |handle_errored_block |
Read out full stripe | | Read out full stripe|
D1 csum error(err++) | | D1 csum error(err++)|
Recover D1 | | Recover D1 |
So D1's csum error is accounted twice, just because
handle_errored_block() doesn't have enough protection, and race can happen.
On even worse case, for example D1's recovery code is re-writing
D1/D2/P, and P's recovery code is just reading out full stripe, then we
can cause unrecoverable error.
This patch will use previously introduced lock_full_stripe() and
unlock_full_stripe() to protect the whole scrub_handle_errored_block()
function for RAID56 recovery.
So no extra csum error nor unrecoverable error.
Reported-by: Goffredo Baroncelli <kreijack@libero.it>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2017-04-14 08:35:55 +08:00
|
|
|
if (ret < 0)
|
|
|
|
return ret;
|
2012-03-28 02:21:27 +08:00
|
|
|
return 0;
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2021-09-15 15:17:16 +08:00
|
|
|
static inline int scrub_nr_raid_mirrors(struct btrfs_io_context *bioc)
|
2014-10-23 14:42:50 +08:00
|
|
|
{
|
2021-09-15 15:17:16 +08:00
|
|
|
if (bioc->map_type & BTRFS_BLOCK_GROUP_RAID5)
|
2015-01-20 15:11:43 +08:00
|
|
|
return 2;
|
2021-09-15 15:17:16 +08:00
|
|
|
else if (bioc->map_type & BTRFS_BLOCK_GROUP_RAID6)
|
2015-01-20 15:11:43 +08:00
|
|
|
return 3;
|
|
|
|
else
|
2021-09-15 15:17:16 +08:00
|
|
|
return (int)bioc->num_stripes;
|
2014-10-23 14:42:50 +08:00
|
|
|
}
|
|
|
|
|
2015-01-20 15:11:43 +08:00
|
|
|
static inline void scrub_stripe_index_and_offset(u64 logical, u64 map_type,
|
|
|
|
u64 *raid_map,
|
2014-10-23 14:42:50 +08:00
|
|
|
u64 mapped_length,
|
|
|
|
int nstripes, int mirror,
|
|
|
|
int *stripe_index,
|
|
|
|
u64 *stripe_offset)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
2015-01-20 15:11:44 +08:00
|
|
|
if (map_type & BTRFS_BLOCK_GROUP_RAID56_MASK) {
|
2014-10-23 14:42:50 +08:00
|
|
|
/* RAID5/6 */
|
|
|
|
for (i = 0; i < nstripes; i++) {
|
|
|
|
if (raid_map[i] == RAID6_Q_STRIPE ||
|
|
|
|
raid_map[i] == RAID5_P_STRIPE)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (logical >= raid_map[i] &&
|
|
|
|
logical < raid_map[i] + mapped_length)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
*stripe_index = i;
|
|
|
|
*stripe_offset = logical - raid_map[i];
|
|
|
|
} else {
|
|
|
|
/* The other RAID type */
|
|
|
|
*stripe_index = mirror;
|
|
|
|
*stripe_offset = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-20 15:11:42 +08:00
|
|
|
static int scrub_setup_recheck_block(struct scrub_block *original_sblock,
|
2012-03-28 02:21:27 +08:00
|
|
|
struct scrub_block *sblocks_for_recheck)
|
|
|
|
{
|
2015-01-20 15:11:42 +08:00
|
|
|
struct scrub_ctx *sctx = original_sblock->sctx;
|
2016-06-23 06:54:56 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
u64 length = original_sblock->page_count * fs_info->sectorsize;
|
2015-01-20 15:11:42 +08:00
|
|
|
u64 logical = original_sblock->pagev[0]->logical;
|
2015-08-19 22:39:18 +08:00
|
|
|
u64 generation = original_sblock->pagev[0]->generation;
|
|
|
|
u64 flags = original_sblock->pagev[0]->flags;
|
|
|
|
u64 have_csum = original_sblock->pagev[0]->have_csum;
|
2014-10-23 14:42:50 +08:00
|
|
|
struct scrub_recover *recover;
|
2021-09-15 15:17:16 +08:00
|
|
|
struct btrfs_io_context *bioc;
|
2014-10-23 14:42:50 +08:00
|
|
|
u64 sublen;
|
|
|
|
u64 mapped_length;
|
|
|
|
u64 stripe_offset;
|
|
|
|
int stripe_index;
|
2015-01-20 15:11:42 +08:00
|
|
|
int page_index = 0;
|
2012-03-28 02:21:27 +08:00
|
|
|
int mirror_index;
|
2014-10-23 14:42:50 +08:00
|
|
|
int nmirrors;
|
2012-03-28 02:21:27 +08:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
/*
|
2015-01-20 15:11:45 +08:00
|
|
|
* note: the two members refs and outstanding_pages
|
2012-03-28 02:21:27 +08:00
|
|
|
* are not used (and not set) in the blocks that are used for
|
|
|
|
* the recheck procedure
|
|
|
|
*/
|
|
|
|
|
|
|
|
while (length > 0) {
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
sublen = min_t(u64, length, fs_info->sectorsize);
|
2014-10-23 14:42:50 +08:00
|
|
|
mapped_length = sublen;
|
2021-09-15 15:17:16 +08:00
|
|
|
bioc = NULL;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
/*
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
* With a length of sectorsize, each returned stripe represents
|
|
|
|
* one mirror
|
2012-03-28 02:21:27 +08:00
|
|
|
*/
|
2017-03-29 09:33:22 +08:00
|
|
|
btrfs_bio_counter_inc_blocked(fs_info);
|
2016-10-27 15:27:36 +08:00
|
|
|
ret = btrfs_map_sblock(fs_info, BTRFS_MAP_GET_READ_MIRRORS,
|
2021-09-15 15:17:16 +08:00
|
|
|
logical, &mapped_length, &bioc);
|
|
|
|
if (ret || !bioc || mapped_length < sublen) {
|
|
|
|
btrfs_put_bioc(bioc);
|
2017-03-29 09:33:22 +08:00
|
|
|
btrfs_bio_counter_dec(fs_info);
|
2012-03-28 02:21:27 +08:00
|
|
|
return -EIO;
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2014-10-23 14:42:50 +08:00
|
|
|
recover = kzalloc(sizeof(struct scrub_recover), GFP_NOFS);
|
|
|
|
if (!recover) {
|
2021-09-15 15:17:16 +08:00
|
|
|
btrfs_put_bioc(bioc);
|
2017-03-29 09:33:22 +08:00
|
|
|
btrfs_bio_counter_dec(fs_info);
|
2014-10-23 14:42:50 +08:00
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
2017-03-03 16:55:21 +08:00
|
|
|
refcount_set(&recover->refs, 1);
|
2021-09-15 15:17:16 +08:00
|
|
|
recover->bioc = bioc;
|
2014-10-23 14:42:50 +08:00
|
|
|
recover->map_length = mapped_length;
|
|
|
|
|
2016-04-30 09:33:59 +08:00
|
|
|
BUG_ON(page_index >= SCRUB_MAX_PAGES_PER_BLOCK);
|
2014-10-23 14:42:50 +08:00
|
|
|
|
2021-09-15 15:17:16 +08:00
|
|
|
nmirrors = min(scrub_nr_raid_mirrors(bioc), BTRFS_MAX_MIRRORS);
|
2015-01-20 15:11:43 +08:00
|
|
|
|
2014-10-23 14:42:50 +08:00
|
|
|
for (mirror_index = 0; mirror_index < nmirrors;
|
2012-03-28 02:21:27 +08:00
|
|
|
mirror_index++) {
|
|
|
|
struct scrub_block *sblock;
|
2020-11-03 21:31:01 +08:00
|
|
|
struct scrub_page *spage;
|
2012-03-28 02:21:27 +08:00
|
|
|
|
|
|
|
sblock = sblocks_for_recheck + mirror_index;
|
2012-11-02 21:58:04 +08:00
|
|
|
sblock->sctx = sctx;
|
2015-08-19 22:39:18 +08:00
|
|
|
|
2020-11-03 21:31:01 +08:00
|
|
|
spage = kzalloc(sizeof(*spage), GFP_NOFS);
|
|
|
|
if (!spage) {
|
2012-11-02 21:58:04 +08:00
|
|
|
leave_nomem:
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.malloc_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2017-03-29 09:33:22 +08:00
|
|
|
scrub_put_recover(fs_info, recover);
|
2012-03-28 02:21:27 +08:00
|
|
|
return -ENOMEM;
|
|
|
|
}
|
2020-11-03 21:31:01 +08:00
|
|
|
scrub_page_get(spage);
|
|
|
|
sblock->pagev[page_index] = spage;
|
|
|
|
spage->sblock = sblock;
|
|
|
|
spage->flags = flags;
|
|
|
|
spage->generation = generation;
|
|
|
|
spage->logical = logical;
|
|
|
|
spage->have_csum = have_csum;
|
2015-08-19 22:39:18 +08:00
|
|
|
if (have_csum)
|
2020-11-03 21:31:01 +08:00
|
|
|
memcpy(spage->csum,
|
2015-08-19 22:39:18 +08:00
|
|
|
original_sblock->pagev[0]->csum,
|
2020-06-30 23:44:49 +08:00
|
|
|
sctx->fs_info->csum_size);
|
2014-10-23 14:42:50 +08:00
|
|
|
|
2015-01-20 15:11:43 +08:00
|
|
|
scrub_stripe_index_and_offset(logical,
|
2021-09-15 15:17:16 +08:00
|
|
|
bioc->map_type,
|
|
|
|
bioc->raid_map,
|
2014-10-23 14:42:50 +08:00
|
|
|
mapped_length,
|
2021-09-15 15:17:16 +08:00
|
|
|
bioc->num_stripes -
|
|
|
|
bioc->num_tgtdevs,
|
2014-10-23 14:42:50 +08:00
|
|
|
mirror_index,
|
|
|
|
&stripe_index,
|
|
|
|
&stripe_offset);
|
2021-09-15 15:17:16 +08:00
|
|
|
spage->physical = bioc->stripes[stripe_index].physical +
|
2014-10-23 14:42:50 +08:00
|
|
|
stripe_offset;
|
2021-09-15 15:17:16 +08:00
|
|
|
spage->dev = bioc->stripes[stripe_index].dev;
|
2014-10-23 14:42:50 +08:00
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
BUG_ON(page_index >= original_sblock->page_count);
|
2020-11-03 21:31:01 +08:00
|
|
|
spage->physical_for_dev_replace =
|
2012-11-06 18:43:11 +08:00
|
|
|
original_sblock->pagev[page_index]->
|
|
|
|
physical_for_dev_replace;
|
2012-11-02 21:58:04 +08:00
|
|
|
/* for missing devices, dev->bdev is NULL */
|
2020-11-03 21:31:01 +08:00
|
|
|
spage->mirror_num = mirror_index + 1;
|
2012-03-28 02:21:27 +08:00
|
|
|
sblock->page_count++;
|
2020-11-03 21:31:01 +08:00
|
|
|
spage->page = alloc_page(GFP_NOFS);
|
|
|
|
if (!spage->page)
|
2012-11-02 21:58:04 +08:00
|
|
|
goto leave_nomem;
|
2014-10-23 14:42:50 +08:00
|
|
|
|
|
|
|
scrub_get_recover(recover);
|
2020-11-03 21:31:01 +08:00
|
|
|
spage->recover = recover;
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
2017-03-29 09:33:22 +08:00
|
|
|
scrub_put_recover(fs_info, recover);
|
2012-03-28 02:21:27 +08:00
|
|
|
length -= sublen;
|
|
|
|
logical += sublen;
|
|
|
|
page_index++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
2011-04-09 19:27:01 +08:00
|
|
|
}
|
|
|
|
|
2015-07-20 21:29:37 +08:00
|
|
|
static void scrub_bio_wait_endio(struct bio *bio)
|
2014-10-23 14:42:50 +08:00
|
|
|
{
|
2017-12-01 08:26:39 +08:00
|
|
|
complete(bio->bi_private);
|
2014-10-23 14:42:50 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int scrub_submit_raid56_bio_wait(struct btrfs_fs_info *fs_info,
|
|
|
|
struct bio *bio,
|
2020-11-03 21:31:01 +08:00
|
|
|
struct scrub_page *spage)
|
2014-10-23 14:42:50 +08:00
|
|
|
{
|
2017-12-01 08:26:39 +08:00
|
|
|
DECLARE_COMPLETION_ONSTACK(done);
|
2014-10-23 14:42:50 +08:00
|
|
|
int ret;
|
Btrfs: fix scrub to repair raid6 corruption
The raid6 corruption is that,
suppose that all disks can be read without problems and if the content
that was read out doesn't match its checksum, currently for raid6
btrfs at most retries twice,
- the 1st retry is to rebuild with all other stripes, it'll eventually
be a raid5 xor rebuild,
- if the 1st fails, the 2nd retry will deliberately fail parity p so
that it will do raid6 style rebuild,
however, the chances are that another non-parity stripe content also
has something corrupted, so that the above retries are not able to
return correct content.
We've fixed normal reads to rebuild raid6 correctly with more retries
in Patch "Btrfs: make raid6 rebuild retry more"[1], this is to fix
scrub to do the exactly same rebuild process.
[1]: https://patchwork.kernel.org/patch/10091755/
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-01-03 04:36:42 +08:00
|
|
|
int mirror_num;
|
2014-10-23 14:42:50 +08:00
|
|
|
|
2020-11-03 21:31:01 +08:00
|
|
|
bio->bi_iter.bi_sector = spage->logical >> 9;
|
2014-10-23 14:42:50 +08:00
|
|
|
bio->bi_private = &done;
|
|
|
|
bio->bi_end_io = scrub_bio_wait_endio;
|
|
|
|
|
2020-11-03 21:31:01 +08:00
|
|
|
mirror_num = spage->sblock->pagev[0]->mirror_num;
|
2021-09-23 14:00:09 +08:00
|
|
|
ret = raid56_parity_recover(bio, spage->recover->bioc,
|
2020-11-03 21:31:01 +08:00
|
|
|
spage->recover->map_length,
|
Btrfs: fix scrub to repair raid6 corruption
The raid6 corruption is that,
suppose that all disks can be read without problems and if the content
that was read out doesn't match its checksum, currently for raid6
btrfs at most retries twice,
- the 1st retry is to rebuild with all other stripes, it'll eventually
be a raid5 xor rebuild,
- if the 1st fails, the 2nd retry will deliberately fail parity p so
that it will do raid6 style rebuild,
however, the chances are that another non-parity stripe content also
has something corrupted, so that the above retries are not able to
return correct content.
We've fixed normal reads to rebuild raid6 correctly with more retries
in Patch "Btrfs: make raid6 rebuild retry more"[1], this is to fix
scrub to do the exactly same rebuild process.
[1]: https://patchwork.kernel.org/patch/10091755/
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-01-03 04:36:42 +08:00
|
|
|
mirror_num, 0);
|
2014-10-23 14:42:50 +08:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
2017-12-01 08:26:39 +08:00
|
|
|
wait_for_completion_io(&done);
|
|
|
|
return blk_status_to_errno(bio->bi_status);
|
2014-10-23 14:42:50 +08:00
|
|
|
}
|
|
|
|
|
2018-03-08 03:08:09 +08:00
|
|
|
static void scrub_recheck_block_on_raid56(struct btrfs_fs_info *fs_info,
|
|
|
|
struct scrub_block *sblock)
|
|
|
|
{
|
|
|
|
struct scrub_page *first_page = sblock->pagev[0];
|
|
|
|
struct bio *bio;
|
|
|
|
int page_num;
|
|
|
|
|
|
|
|
/* All pages in sblock belong to the same stripe on the same device. */
|
|
|
|
ASSERT(first_page->dev);
|
|
|
|
if (!first_page->dev->bdev)
|
|
|
|
goto out;
|
|
|
|
|
2021-09-15 15:17:18 +08:00
|
|
|
bio = btrfs_bio_alloc(BIO_MAX_VECS);
|
2018-03-08 03:08:09 +08:00
|
|
|
bio_set_dev(bio, first_page->dev->bdev);
|
|
|
|
|
|
|
|
for (page_num = 0; page_num < sblock->page_count; page_num++) {
|
2020-11-03 21:31:01 +08:00
|
|
|
struct scrub_page *spage = sblock->pagev[page_num];
|
2018-03-08 03:08:09 +08:00
|
|
|
|
2020-11-03 21:31:01 +08:00
|
|
|
WARN_ON(!spage->page);
|
|
|
|
bio_add_page(bio, spage->page, PAGE_SIZE, 0);
|
2018-03-08 03:08:09 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (scrub_submit_raid56_bio_wait(fs_info, bio, first_page)) {
|
|
|
|
bio_put(bio);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
bio_put(bio);
|
|
|
|
|
|
|
|
scrub_recheck_block_checksum(sblock);
|
|
|
|
|
|
|
|
return;
|
|
|
|
out:
|
|
|
|
for (page_num = 0; page_num < sblock->page_count; page_num++)
|
|
|
|
sblock->pagev[page_num]->io_error = 1;
|
|
|
|
|
|
|
|
sblock->no_io_error_seen = 0;
|
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
/*
|
|
|
|
* this function will check the on disk data for checksum errors, header
|
|
|
|
* errors and read I/O errors. If any I/O errors happen, the exact pages
|
|
|
|
* which are errored are marked as being bad. The goal is to enable scrub
|
|
|
|
* to take those pages that are not errored from all the mirrors so that
|
|
|
|
* the pages that are errored in the just handled mirror can be repaired.
|
|
|
|
*/
|
2012-11-02 23:16:26 +08:00
|
|
|
static void scrub_recheck_block(struct btrfs_fs_info *fs_info,
|
2015-08-24 21:32:06 +08:00
|
|
|
struct scrub_block *sblock,
|
|
|
|
int retry_failed_mirror)
|
2011-04-09 19:27:01 +08:00
|
|
|
{
|
2012-03-28 02:21:27 +08:00
|
|
|
int page_num;
|
2011-04-09 19:27:01 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
sblock->no_io_error_seen = 1;
|
2011-04-09 19:27:01 +08:00
|
|
|
|
2018-03-08 03:08:09 +08:00
|
|
|
/* short cut for raid56 */
|
|
|
|
if (!retry_failed_mirror && scrub_is_page_on_raid56(sblock->pagev[0]))
|
|
|
|
return scrub_recheck_block_on_raid56(fs_info, sblock);
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
for (page_num = 0; page_num < sblock->page_count; page_num++) {
|
|
|
|
struct bio *bio;
|
2020-11-03 21:31:01 +08:00
|
|
|
struct scrub_page *spage = sblock->pagev[page_num];
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2020-11-03 21:31:01 +08:00
|
|
|
if (spage->dev->bdev == NULL) {
|
|
|
|
spage->io_error = 1;
|
2012-05-05 03:16:07 +08:00
|
|
|
sblock->no_io_error_seen = 0;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2020-11-03 21:31:01 +08:00
|
|
|
WARN_ON(!spage->page);
|
2021-09-15 15:17:18 +08:00
|
|
|
bio = btrfs_bio_alloc(1);
|
2020-11-03 21:31:01 +08:00
|
|
|
bio_set_dev(bio, spage->dev->bdev);
|
2012-03-28 02:21:27 +08:00
|
|
|
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
bio_add_page(bio, spage->page, fs_info->sectorsize, 0);
|
2020-11-03 21:31:01 +08:00
|
|
|
bio->bi_iter.bi_sector = spage->physical >> 9;
|
2018-03-08 03:08:09 +08:00
|
|
|
bio->bi_opf = REQ_OP_READ;
|
2014-10-23 14:42:50 +08:00
|
|
|
|
2018-03-08 03:08:09 +08:00
|
|
|
if (btrfsic_submit_bio_wait(bio)) {
|
2020-11-03 21:31:01 +08:00
|
|
|
spage->io_error = 1;
|
2018-03-08 03:08:09 +08:00
|
|
|
sblock->no_io_error_seen = 0;
|
2014-10-23 14:42:50 +08:00
|
|
|
}
|
2013-11-24 14:33:32 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
bio_put(bio);
|
|
|
|
}
|
2011-04-09 19:27:01 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
if (sblock->no_io_error_seen)
|
2015-08-24 21:18:02 +08:00
|
|
|
scrub_recheck_block_checksum(sblock);
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2014-07-24 11:37:08 +08:00
|
|
|
static inline int scrub_check_fsid(u8 fsid[],
|
|
|
|
struct scrub_page *spage)
|
|
|
|
{
|
|
|
|
struct btrfs_fs_devices *fs_devices = spage->dev->fs_devices;
|
|
|
|
int ret;
|
|
|
|
|
2017-07-29 17:50:09 +08:00
|
|
|
ret = memcmp(fsid, fs_devices->fsid, BTRFS_FSID_SIZE);
|
2014-07-24 11:37:08 +08:00
|
|
|
return !ret;
|
|
|
|
}
|
|
|
|
|
2015-08-24 21:18:02 +08:00
|
|
|
static void scrub_recheck_block_checksum(struct scrub_block *sblock)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
2015-08-24 21:18:02 +08:00
|
|
|
sblock->header_error = 0;
|
|
|
|
sblock->checksum_error = 0;
|
|
|
|
sblock->generation_error = 0;
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2015-08-24 21:18:02 +08:00
|
|
|
if (sblock->pagev[0]->flags & BTRFS_EXTENT_FLAG_DATA)
|
|
|
|
scrub_checksum_data(sblock);
|
|
|
|
else
|
|
|
|
scrub_checksum_tree_block(sblock);
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
static int scrub_repair_block_from_good_copy(struct scrub_block *sblock_bad,
|
2015-01-20 15:11:36 +08:00
|
|
|
struct scrub_block *sblock_good)
|
2012-03-28 02:21:27 +08:00
|
|
|
{
|
|
|
|
int page_num;
|
|
|
|
int ret = 0;
|
2011-04-09 19:27:01 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
for (page_num = 0; page_num < sblock_bad->page_count; page_num++) {
|
|
|
|
int ret_sub;
|
2011-04-09 19:27:01 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
ret_sub = scrub_repair_page_from_good_copy(sblock_bad,
|
|
|
|
sblock_good,
|
2015-01-20 15:11:36 +08:00
|
|
|
page_num, 1);
|
2012-03-28 02:21:27 +08:00
|
|
|
if (ret_sub)
|
|
|
|
ret = ret_sub;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
2012-03-28 02:21:27 +08:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int scrub_repair_page_from_good_copy(struct scrub_block *sblock_bad,
|
|
|
|
struct scrub_block *sblock_good,
|
|
|
|
int page_num, int force_write)
|
|
|
|
{
|
2020-11-03 21:31:01 +08:00
|
|
|
struct scrub_page *spage_bad = sblock_bad->pagev[page_num];
|
|
|
|
struct scrub_page *spage_good = sblock_good->pagev[page_num];
|
2016-06-23 06:54:23 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sblock_bad->sctx->fs_info;
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
const u32 sectorsize = fs_info->sectorsize;
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2020-11-03 21:31:01 +08:00
|
|
|
BUG_ON(spage_bad->page == NULL);
|
|
|
|
BUG_ON(spage_good->page == NULL);
|
2012-03-28 02:21:27 +08:00
|
|
|
if (force_write || sblock_bad->header_error ||
|
2020-11-03 21:31:01 +08:00
|
|
|
sblock_bad->checksum_error || spage_bad->io_error) {
|
2012-03-28 02:21:27 +08:00
|
|
|
struct bio *bio;
|
|
|
|
int ret;
|
|
|
|
|
2020-11-03 21:31:01 +08:00
|
|
|
if (!spage_bad->dev->bdev) {
|
2016-06-23 06:54:23 +08:00
|
|
|
btrfs_warn_rl(fs_info,
|
2016-09-20 22:05:00 +08:00
|
|
|
"scrub_repair_page_from_good_copy(bdev == NULL) is unexpected");
|
2012-11-06 18:43:11 +08:00
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
|
2021-09-15 15:17:18 +08:00
|
|
|
bio = btrfs_bio_alloc(1);
|
2020-11-03 21:31:01 +08:00
|
|
|
bio_set_dev(bio, spage_bad->dev->bdev);
|
|
|
|
bio->bi_iter.bi_sector = spage_bad->physical >> 9;
|
2018-06-29 16:56:53 +08:00
|
|
|
bio->bi_opf = REQ_OP_WRITE;
|
2012-03-28 02:21:27 +08:00
|
|
|
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
ret = bio_add_page(bio, spage_good->page, sectorsize, 0);
|
|
|
|
if (ret != sectorsize) {
|
2012-03-28 02:21:27 +08:00
|
|
|
bio_put(bio);
|
|
|
|
return -EIO;
|
2011-06-14 01:56:13 +08:00
|
|
|
}
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2016-06-06 03:31:41 +08:00
|
|
|
if (btrfsic_submit_bio_wait(bio)) {
|
2020-11-03 21:31:01 +08:00
|
|
|
btrfs_dev_stat_inc_and_print(spage_bad->dev,
|
2012-05-25 22:06:08 +08:00
|
|
|
BTRFS_DEV_STAT_WRITE_ERRS);
|
2018-04-04 23:20:52 +08:00
|
|
|
atomic64_inc(&fs_info->dev_replace.num_write_errors);
|
2012-05-25 22:06:08 +08:00
|
|
|
bio_put(bio);
|
|
|
|
return -EIO;
|
|
|
|
}
|
2012-03-28 02:21:27 +08:00
|
|
|
bio_put(bio);
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
static void scrub_write_block_to_dev_replace(struct scrub_block *sblock)
|
|
|
|
{
|
2016-06-23 06:54:23 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sblock->sctx->fs_info;
|
2012-11-06 18:43:11 +08:00
|
|
|
int page_num;
|
|
|
|
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
/*
|
|
|
|
* This block is used for the check of the parity on the source device,
|
|
|
|
* so the data needn't be written into the destination device.
|
|
|
|
*/
|
|
|
|
if (sblock->sparity)
|
|
|
|
return;
|
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
for (page_num = 0; page_num < sblock->page_count; page_num++) {
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
ret = scrub_write_page_to_dev_replace(sblock, page_num);
|
|
|
|
if (ret)
|
2018-04-04 23:20:52 +08:00
|
|
|
atomic64_inc(&fs_info->dev_replace.num_write_errors);
|
2012-11-06 18:43:11 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int scrub_write_page_to_dev_replace(struct scrub_block *sblock,
|
|
|
|
int page_num)
|
|
|
|
{
|
|
|
|
struct scrub_page *spage = sblock->pagev[page_num];
|
|
|
|
|
|
|
|
BUG_ON(spage->page == NULL);
|
2020-05-29 21:26:07 +08:00
|
|
|
if (spage->io_error)
|
|
|
|
clear_page(page_address(spage->page));
|
2012-11-06 18:43:11 +08:00
|
|
|
|
|
|
|
return scrub_add_page_to_wr_bio(sblock->sctx, spage);
|
|
|
|
}
|
|
|
|
|
2021-02-04 18:22:13 +08:00
|
|
|
static int fill_writer_pointer_gap(struct scrub_ctx *sctx, u64 physical)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
u64 length;
|
|
|
|
|
|
|
|
if (!btrfs_is_zoned(sctx->fs_info))
|
|
|
|
return 0;
|
|
|
|
|
2021-02-04 18:22:14 +08:00
|
|
|
if (!btrfs_dev_is_sequential(sctx->wr_tgtdev, physical))
|
|
|
|
return 0;
|
|
|
|
|
2021-02-04 18:22:13 +08:00
|
|
|
if (sctx->write_pointer < physical) {
|
|
|
|
length = physical - sctx->write_pointer;
|
|
|
|
|
|
|
|
ret = btrfs_zoned_issue_zeroout(sctx->wr_tgtdev,
|
|
|
|
sctx->write_pointer, length);
|
|
|
|
if (!ret)
|
|
|
|
sctx->write_pointer = physical;
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
static int scrub_add_page_to_wr_bio(struct scrub_ctx *sctx,
|
|
|
|
struct scrub_page *spage)
|
|
|
|
{
|
|
|
|
struct scrub_bio *sbio;
|
|
|
|
int ret;
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
const u32 sectorsize = sctx->fs_info->sectorsize;
|
2012-11-06 18:43:11 +08:00
|
|
|
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_lock(&sctx->wr_lock);
|
2012-11-06 18:43:11 +08:00
|
|
|
again:
|
2017-05-17 01:10:32 +08:00
|
|
|
if (!sctx->wr_curr_bio) {
|
|
|
|
sctx->wr_curr_bio = kzalloc(sizeof(*sctx->wr_curr_bio),
|
2016-02-11 17:49:42 +08:00
|
|
|
GFP_KERNEL);
|
2017-05-17 01:10:32 +08:00
|
|
|
if (!sctx->wr_curr_bio) {
|
|
|
|
mutex_unlock(&sctx->wr_lock);
|
2012-11-06 18:43:11 +08:00
|
|
|
return -ENOMEM;
|
|
|
|
}
|
2017-05-17 01:10:32 +08:00
|
|
|
sctx->wr_curr_bio->sctx = sctx;
|
|
|
|
sctx->wr_curr_bio->page_count = 0;
|
2012-11-06 18:43:11 +08:00
|
|
|
}
|
2017-05-17 01:10:32 +08:00
|
|
|
sbio = sctx->wr_curr_bio;
|
2012-11-06 18:43:11 +08:00
|
|
|
if (sbio->page_count == 0) {
|
|
|
|
struct bio *bio;
|
|
|
|
|
2021-02-04 18:22:13 +08:00
|
|
|
ret = fill_writer_pointer_gap(sctx,
|
|
|
|
spage->physical_for_dev_replace);
|
|
|
|
if (ret) {
|
|
|
|
mutex_unlock(&sctx->wr_lock);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
sbio->physical = spage->physical_for_dev_replace;
|
|
|
|
sbio->logical = spage->logical;
|
2017-05-17 01:10:32 +08:00
|
|
|
sbio->dev = sctx->wr_tgtdev;
|
2012-11-06 18:43:11 +08:00
|
|
|
bio = sbio->bio;
|
|
|
|
if (!bio) {
|
2021-09-15 15:17:18 +08:00
|
|
|
bio = btrfs_bio_alloc(sctx->pages_per_wr_bio);
|
2012-11-06 18:43:11 +08:00
|
|
|
sbio->bio = bio;
|
|
|
|
}
|
|
|
|
|
|
|
|
bio->bi_private = sbio;
|
|
|
|
bio->bi_end_io = scrub_wr_bio_end_io;
|
2017-08-24 01:10:32 +08:00
|
|
|
bio_set_dev(bio, sbio->dev->bdev);
|
2013-10-12 06:44:27 +08:00
|
|
|
bio->bi_iter.bi_sector = sbio->physical >> 9;
|
2018-06-29 16:56:53 +08:00
|
|
|
bio->bi_opf = REQ_OP_WRITE;
|
2017-06-03 15:38:06 +08:00
|
|
|
sbio->status = 0;
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
} else if (sbio->physical + sbio->page_count * sectorsize !=
|
2012-11-06 18:43:11 +08:00
|
|
|
spage->physical_for_dev_replace ||
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
sbio->logical + sbio->page_count * sectorsize !=
|
2012-11-06 18:43:11 +08:00
|
|
|
spage->logical) {
|
|
|
|
scrub_wr_submit(sctx);
|
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
ret = bio_add_page(sbio->bio, spage->page, sectorsize, 0);
|
|
|
|
if (ret != sectorsize) {
|
2012-11-06 18:43:11 +08:00
|
|
|
if (sbio->page_count < 1) {
|
|
|
|
bio_put(sbio->bio);
|
|
|
|
sbio->bio = NULL;
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_unlock(&sctx->wr_lock);
|
2012-11-06 18:43:11 +08:00
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
scrub_wr_submit(sctx);
|
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
|
|
|
|
sbio->pagev[sbio->page_count] = spage;
|
|
|
|
scrub_page_get(spage);
|
|
|
|
sbio->page_count++;
|
2017-05-17 01:10:32 +08:00
|
|
|
if (sbio->page_count == sctx->pages_per_wr_bio)
|
2012-11-06 18:43:11 +08:00
|
|
|
scrub_wr_submit(sctx);
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_unlock(&sctx->wr_lock);
|
2012-11-06 18:43:11 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void scrub_wr_submit(struct scrub_ctx *sctx)
|
|
|
|
{
|
|
|
|
struct scrub_bio *sbio;
|
|
|
|
|
2017-05-17 01:10:32 +08:00
|
|
|
if (!sctx->wr_curr_bio)
|
2012-11-06 18:43:11 +08:00
|
|
|
return;
|
|
|
|
|
2017-05-17 01:10:32 +08:00
|
|
|
sbio = sctx->wr_curr_bio;
|
|
|
|
sctx->wr_curr_bio = NULL;
|
2021-01-24 18:02:34 +08:00
|
|
|
WARN_ON(!sbio->bio->bi_bdev);
|
2012-11-06 18:43:11 +08:00
|
|
|
scrub_pending_bio_inc(sctx);
|
|
|
|
/* process all writes in a single worker thread. Then the block layer
|
|
|
|
* orders the requests before sending them to the driver which
|
|
|
|
* doubled the write performance on spinning disks when measured
|
|
|
|
* with Linux 3.5 */
|
2016-06-06 03:31:41 +08:00
|
|
|
btrfsic_submit_bio(sbio->bio);
|
2021-02-04 18:22:13 +08:00
|
|
|
|
|
|
|
if (btrfs_is_zoned(sctx->fs_info))
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
sctx->write_pointer = sbio->physical + sbio->page_count *
|
|
|
|
sctx->fs_info->sectorsize;
|
2012-11-06 18:43:11 +08:00
|
|
|
}
|
|
|
|
|
2015-07-20 21:29:37 +08:00
|
|
|
static void scrub_wr_bio_end_io(struct bio *bio)
|
2012-11-06 18:43:11 +08:00
|
|
|
{
|
|
|
|
struct scrub_bio *sbio = bio->bi_private;
|
2016-06-23 06:54:56 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sbio->dev->fs_info;
|
2012-11-06 18:43:11 +08:00
|
|
|
|
2017-06-03 15:38:06 +08:00
|
|
|
sbio->status = bio->bi_status;
|
2012-11-06 18:43:11 +08:00
|
|
|
sbio->bio = bio;
|
|
|
|
|
2019-09-17 02:30:57 +08:00
|
|
|
btrfs_init_work(&sbio->work, scrub_wr_bio_end_io_worker, NULL, NULL);
|
2014-02-28 10:46:17 +08:00
|
|
|
btrfs_queue_work(fs_info->scrub_wr_completion_workers, &sbio->work);
|
2012-11-06 18:43:11 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void scrub_wr_bio_end_io_worker(struct btrfs_work *work)
|
|
|
|
{
|
|
|
|
struct scrub_bio *sbio = container_of(work, struct scrub_bio, work);
|
|
|
|
struct scrub_ctx *sctx = sbio->sctx;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
WARN_ON(sbio->page_count > SCRUB_PAGES_PER_WR_BIO);
|
2017-06-03 15:38:06 +08:00
|
|
|
if (sbio->status) {
|
2012-11-06 18:43:11 +08:00
|
|
|
struct btrfs_dev_replace *dev_replace =
|
2016-06-23 06:54:56 +08:00
|
|
|
&sbio->sctx->fs_info->dev_replace;
|
2012-11-06 18:43:11 +08:00
|
|
|
|
|
|
|
for (i = 0; i < sbio->page_count; i++) {
|
|
|
|
struct scrub_page *spage = sbio->pagev[i];
|
|
|
|
|
|
|
|
spage->io_error = 1;
|
2018-04-04 23:20:52 +08:00
|
|
|
atomic64_inc(&dev_replace->num_write_errors);
|
2012-11-06 18:43:11 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < sbio->page_count; i++)
|
|
|
|
scrub_page_put(sbio->pagev[i]);
|
|
|
|
|
|
|
|
bio_put(sbio->bio);
|
|
|
|
kfree(sbio);
|
|
|
|
scrub_pending_bio_dec(sctx);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int scrub_checksum(struct scrub_block *sblock)
|
2012-03-28 02:21:27 +08:00
|
|
|
{
|
|
|
|
u64 flags;
|
|
|
|
int ret;
|
|
|
|
|
2015-08-24 21:18:02 +08:00
|
|
|
/*
|
|
|
|
* No need to initialize these stats currently,
|
|
|
|
* because this function only use return value
|
|
|
|
* instead of these stats value.
|
|
|
|
*
|
|
|
|
* Todo:
|
|
|
|
* always use stats
|
|
|
|
*/
|
|
|
|
sblock->header_error = 0;
|
|
|
|
sblock->generation_error = 0;
|
|
|
|
sblock->checksum_error = 0;
|
|
|
|
|
2012-11-02 21:58:04 +08:00
|
|
|
WARN_ON(sblock->page_count < 1);
|
|
|
|
flags = sblock->pagev[0]->flags;
|
2012-03-28 02:21:27 +08:00
|
|
|
ret = 0;
|
|
|
|
if (flags & BTRFS_EXTENT_FLAG_DATA)
|
|
|
|
ret = scrub_checksum_data(sblock);
|
|
|
|
else if (flags & BTRFS_EXTENT_FLAG_TREE_BLOCK)
|
|
|
|
ret = scrub_checksum_tree_block(sblock);
|
|
|
|
else if (flags & BTRFS_EXTENT_FLAG_SUPER)
|
|
|
|
(void)scrub_checksum_super(sblock);
|
|
|
|
else
|
|
|
|
WARN_ON(1);
|
|
|
|
if (ret)
|
|
|
|
scrub_handle_errored_block(sblock);
|
2012-11-06 18:43:11 +08:00
|
|
|
|
|
|
|
return ret;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
static int scrub_checksum_data(struct scrub_block *sblock)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx *sctx = sblock->sctx;
|
2019-06-03 22:58:57 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
|
|
|
SHASH_DESC_ON_STACK(shash, fs_info->csum_shash);
|
2011-03-08 21:14:00 +08:00
|
|
|
u8 csum[BTRFS_CSUM_SIZE];
|
2020-05-29 22:20:35 +08:00
|
|
|
struct scrub_page *spage;
|
2020-05-29 21:32:51 +08:00
|
|
|
char *kaddr;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
BUG_ON(sblock->page_count < 1);
|
2020-05-29 22:20:35 +08:00
|
|
|
spage = sblock->pagev[0];
|
|
|
|
if (!spage->have_csum)
|
2011-03-08 21:14:00 +08:00
|
|
|
return 0;
|
|
|
|
|
2020-05-29 22:20:35 +08:00
|
|
|
kaddr = page_address(spage->page);
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2020-05-29 21:54:41 +08:00
|
|
|
shash->tfm = fs_info->csum_shash;
|
|
|
|
crypto_shash_init(shash);
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2020-12-02 14:48:10 +08:00
|
|
|
/*
|
|
|
|
* In scrub_pages() and scrub_pages_for_parity() we ensure each spage
|
|
|
|
* only contains one sector of data.
|
|
|
|
*/
|
|
|
|
crypto_shash_digest(shash, kaddr, fs_info->sectorsize, csum);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2020-12-02 14:48:10 +08:00
|
|
|
if (memcmp(csum, spage->csum, fs_info->csum_size))
|
|
|
|
sblock->checksum_error = 1;
|
2015-08-24 21:18:02 +08:00
|
|
|
return sblock->checksum_error;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
static int scrub_checksum_tree_block(struct scrub_block *sblock)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx *sctx = sblock->sctx;
|
2011-03-08 21:14:00 +08:00
|
|
|
struct btrfs_header *h;
|
2016-06-23 06:54:23 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
2019-06-03 22:58:57 +08:00
|
|
|
SHASH_DESC_ON_STACK(shash, fs_info->csum_shash);
|
2012-03-28 02:21:27 +08:00
|
|
|
u8 calculated_csum[BTRFS_CSUM_SIZE];
|
|
|
|
u8 on_disk_csum[BTRFS_CSUM_SIZE];
|
2020-12-02 14:48:09 +08:00
|
|
|
/*
|
|
|
|
* This is done in sectorsize steps even for metadata as there's a
|
|
|
|
* constraint for nodesize to be aligned to sectorsize. This will need
|
|
|
|
* to change so we don't misuse data and metadata units like that.
|
|
|
|
*/
|
|
|
|
const u32 sectorsize = sctx->fs_info->sectorsize;
|
|
|
|
const int num_sectors = fs_info->nodesize >> fs_info->sectorsize_bits;
|
2020-05-29 21:54:41 +08:00
|
|
|
int i;
|
2020-05-29 22:20:35 +08:00
|
|
|
struct scrub_page *spage;
|
2020-05-29 21:32:51 +08:00
|
|
|
char *kaddr;
|
2019-06-03 22:58:57 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
BUG_ON(sblock->page_count < 1);
|
2020-12-02 14:48:09 +08:00
|
|
|
|
|
|
|
/* Each member in pagev is just one block, not a full page */
|
|
|
|
ASSERT(sblock->page_count == num_sectors);
|
|
|
|
|
2020-05-29 22:20:35 +08:00
|
|
|
spage = sblock->pagev[0];
|
|
|
|
kaddr = page_address(spage->page);
|
2020-05-29 21:32:51 +08:00
|
|
|
h = (struct btrfs_header *)kaddr;
|
2020-06-30 23:44:49 +08:00
|
|
|
memcpy(on_disk_csum, h->csum, sctx->fs_info->csum_size);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* we don't use the getter functions here, as we
|
|
|
|
* a) don't have an extent buffer and
|
|
|
|
* b) the page is already kmapped
|
|
|
|
*/
|
2020-05-29 22:20:35 +08:00
|
|
|
if (spage->logical != btrfs_stack_header_bytenr(h))
|
2015-08-24 21:18:02 +08:00
|
|
|
sblock->header_error = 1;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2020-05-29 22:20:35 +08:00
|
|
|
if (spage->generation != btrfs_stack_header_generation(h)) {
|
2015-08-24 21:18:02 +08:00
|
|
|
sblock->header_error = 1;
|
|
|
|
sblock->generation_error = 1;
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2020-05-29 22:20:35 +08:00
|
|
|
if (!scrub_check_fsid(h->fsid, spage))
|
2015-08-24 21:18:02 +08:00
|
|
|
sblock->header_error = 1;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
if (memcmp(h->chunk_tree_uuid, fs_info->chunk_tree_uuid,
|
|
|
|
BTRFS_UUID_SIZE))
|
2015-08-24 21:18:02 +08:00
|
|
|
sblock->header_error = 1;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2020-05-29 21:54:41 +08:00
|
|
|
shash->tfm = fs_info->csum_shash;
|
|
|
|
crypto_shash_init(shash);
|
|
|
|
crypto_shash_update(shash, kaddr + BTRFS_CSUM_SIZE,
|
2020-12-02 14:48:09 +08:00
|
|
|
sectorsize - BTRFS_CSUM_SIZE);
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2020-12-02 14:48:09 +08:00
|
|
|
for (i = 1; i < num_sectors; i++) {
|
2020-05-29 21:54:41 +08:00
|
|
|
kaddr = page_address(sblock->pagev[i]->page);
|
2020-12-02 14:48:09 +08:00
|
|
|
crypto_shash_update(shash, kaddr, sectorsize);
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
|
|
|
|
2019-06-03 22:58:57 +08:00
|
|
|
crypto_shash_final(shash, calculated_csum);
|
2020-06-30 23:44:49 +08:00
|
|
|
if (memcmp(calculated_csum, on_disk_csum, sctx->fs_info->csum_size))
|
2015-08-24 21:18:02 +08:00
|
|
|
sblock->checksum_error = 1;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2015-08-24 21:18:02 +08:00
|
|
|
return sblock->header_error || sblock->checksum_error;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
static int scrub_checksum_super(struct scrub_block *sblock)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
|
|
|
struct btrfs_super_block *s;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx *sctx = sblock->sctx;
|
2019-06-03 22:58:57 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
|
|
|
SHASH_DESC_ON_STACK(shash, fs_info->csum_shash);
|
2012-03-28 02:21:27 +08:00
|
|
|
u8 calculated_csum[BTRFS_CSUM_SIZE];
|
2020-05-29 21:47:05 +08:00
|
|
|
struct scrub_page *spage;
|
2020-05-29 21:32:51 +08:00
|
|
|
char *kaddr;
|
2012-05-25 22:06:08 +08:00
|
|
|
int fail_gen = 0;
|
|
|
|
int fail_cor = 0;
|
2019-06-03 22:58:57 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
BUG_ON(sblock->page_count < 1);
|
2020-05-29 21:47:05 +08:00
|
|
|
spage = sblock->pagev[0];
|
|
|
|
kaddr = page_address(spage->page);
|
2020-05-29 21:32:51 +08:00
|
|
|
s = (struct btrfs_super_block *)kaddr;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2020-05-29 21:47:05 +08:00
|
|
|
if (spage->logical != btrfs_super_bytenr(s))
|
2012-05-25 22:06:08 +08:00
|
|
|
++fail_cor;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2020-05-29 21:47:05 +08:00
|
|
|
if (spage->generation != btrfs_super_generation(s))
|
2012-05-25 22:06:08 +08:00
|
|
|
++fail_gen;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2020-05-29 21:47:05 +08:00
|
|
|
if (!scrub_check_fsid(s->fsid, spage))
|
2012-05-25 22:06:08 +08:00
|
|
|
++fail_cor;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2020-05-29 21:40:36 +08:00
|
|
|
shash->tfm = fs_info->csum_shash;
|
|
|
|
crypto_shash_init(shash);
|
|
|
|
crypto_shash_digest(shash, kaddr + BTRFS_CSUM_SIZE,
|
|
|
|
BTRFS_SUPER_INFO_SIZE - BTRFS_CSUM_SIZE, calculated_csum);
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2020-06-30 23:44:49 +08:00
|
|
|
if (memcmp(calculated_csum, s->csum, sctx->fs_info->csum_size))
|
2012-05-25 22:06:08 +08:00
|
|
|
++fail_cor;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-05-25 22:06:08 +08:00
|
|
|
if (fail_cor + fail_gen) {
|
2011-03-08 21:14:00 +08:00
|
|
|
/*
|
|
|
|
* if we find an error in a super block, we just report it.
|
|
|
|
* They will get written with the next transaction commit
|
|
|
|
* anyway
|
|
|
|
*/
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
++sctx->stat.super_errors;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2012-05-25 22:06:08 +08:00
|
|
|
if (fail_cor)
|
2020-05-29 21:47:05 +08:00
|
|
|
btrfs_dev_stat_inc_and_print(spage->dev,
|
2012-05-25 22:06:08 +08:00
|
|
|
BTRFS_DEV_STAT_CORRUPTION_ERRS);
|
|
|
|
else
|
2020-05-29 21:47:05 +08:00
|
|
|
btrfs_dev_stat_inc_and_print(spage->dev,
|
2012-05-25 22:06:08 +08:00
|
|
|
BTRFS_DEV_STAT_GENERATION_ERRS);
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-05-25 22:06:08 +08:00
|
|
|
return fail_cor + fail_gen;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
static void scrub_block_get(struct scrub_block *sblock)
|
|
|
|
{
|
2017-03-03 16:55:23 +08:00
|
|
|
refcount_inc(&sblock->refs);
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void scrub_block_put(struct scrub_block *sblock)
|
|
|
|
{
|
2017-03-03 16:55:23 +08:00
|
|
|
if (refcount_dec_and_test(&sblock->refs)) {
|
2012-03-28 02:21:27 +08:00
|
|
|
int i;
|
|
|
|
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
if (sblock->sparity)
|
|
|
|
scrub_parity_put(sblock->sparity);
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
for (i = 0; i < sblock->page_count; i++)
|
2012-11-02 21:58:04 +08:00
|
|
|
scrub_page_put(sblock->pagev[i]);
|
2012-03-28 02:21:27 +08:00
|
|
|
kfree(sblock);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-11-02 21:58:04 +08:00
|
|
|
static void scrub_page_get(struct scrub_page *spage)
|
|
|
|
{
|
2015-01-20 15:11:45 +08:00
|
|
|
atomic_inc(&spage->refs);
|
2012-11-02 21:58:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void scrub_page_put(struct scrub_page *spage)
|
|
|
|
{
|
2015-01-20 15:11:45 +08:00
|
|
|
if (atomic_dec_and_test(&spage->refs)) {
|
2012-11-02 21:58:04 +08:00
|
|
|
if (spage->page)
|
|
|
|
__free_page(spage->page);
|
|
|
|
kfree(spage);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-10-09 19:58:13 +08:00
|
|
|
/*
|
|
|
|
* Throttling of IO submission, bandwidth-limit based, the timeslice is 1
|
|
|
|
* second. Limit can be set via /sys/fs/UUID/devinfo/devid/scrub_speed_max.
|
|
|
|
*/
|
|
|
|
static void scrub_throttle(struct scrub_ctx *sctx)
|
|
|
|
{
|
|
|
|
const int time_slice = 1000;
|
|
|
|
struct scrub_bio *sbio;
|
|
|
|
struct btrfs_device *device;
|
|
|
|
s64 delta;
|
|
|
|
ktime_t now;
|
|
|
|
u32 div;
|
|
|
|
u64 bwlimit;
|
|
|
|
|
|
|
|
sbio = sctx->bios[sctx->curr];
|
|
|
|
device = sbio->dev;
|
|
|
|
bwlimit = READ_ONCE(device->scrub_speed_max);
|
|
|
|
if (bwlimit == 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Slice is divided into intervals when the IO is submitted, adjust by
|
|
|
|
* bwlimit and maximum of 64 intervals.
|
|
|
|
*/
|
|
|
|
div = max_t(u32, 1, (u32)(bwlimit / (16 * 1024 * 1024)));
|
|
|
|
div = min_t(u32, 64, div);
|
|
|
|
|
|
|
|
/* Start new epoch, set deadline */
|
|
|
|
now = ktime_get();
|
|
|
|
if (sctx->throttle_deadline == 0) {
|
|
|
|
sctx->throttle_deadline = ktime_add_ms(now, time_slice / div);
|
|
|
|
sctx->throttle_sent = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Still in the time to send? */
|
|
|
|
if (ktime_before(now, sctx->throttle_deadline)) {
|
|
|
|
/* If current bio is within the limit, send it */
|
|
|
|
sctx->throttle_sent += sbio->bio->bi_iter.bi_size;
|
|
|
|
if (sctx->throttle_sent <= div_u64(bwlimit, div))
|
|
|
|
return;
|
|
|
|
|
|
|
|
/* We're over the limit, sleep until the rest of the slice */
|
|
|
|
delta = ktime_ms_delta(sctx->throttle_deadline, now);
|
|
|
|
} else {
|
|
|
|
/* New request after deadline, start new epoch */
|
|
|
|
delta = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (delta) {
|
|
|
|
long timeout;
|
|
|
|
|
|
|
|
timeout = div_u64(delta * HZ, 1000);
|
|
|
|
schedule_timeout_interruptible(timeout);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Next call will start the deadline period */
|
|
|
|
sctx->throttle_deadline = 0;
|
|
|
|
}
|
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
static void scrub_submit(struct scrub_ctx *sctx)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
|
|
|
struct scrub_bio *sbio;
|
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
if (sctx->curr == -1)
|
2012-03-28 02:21:26 +08:00
|
|
|
return;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2019-10-09 19:58:13 +08:00
|
|
|
scrub_throttle(sctx);
|
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
sbio = sctx->bios[sctx->curr];
|
|
|
|
sctx->curr = -1;
|
2012-11-02 23:44:58 +08:00
|
|
|
scrub_pending_bio_inc(sctx);
|
2016-06-06 03:31:41 +08:00
|
|
|
btrfsic_submit_bio(sbio->bio);
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
static int scrub_add_page_to_rd_bio(struct scrub_ctx *sctx,
|
|
|
|
struct scrub_page *spage)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
2012-03-28 02:21:27 +08:00
|
|
|
struct scrub_block *sblock = spage->sblock;
|
2011-03-08 21:14:00 +08:00
|
|
|
struct scrub_bio *sbio;
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
const u32 sectorsize = sctx->fs_info->sectorsize;
|
2011-11-11 21:17:10 +08:00
|
|
|
int ret;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
again:
|
|
|
|
/*
|
|
|
|
* grab a fresh bio or wait for one to become available
|
|
|
|
*/
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
while (sctx->curr == -1) {
|
|
|
|
spin_lock(&sctx->list_lock);
|
|
|
|
sctx->curr = sctx->first_free;
|
|
|
|
if (sctx->curr != -1) {
|
|
|
|
sctx->first_free = sctx->bios[sctx->curr]->next_free;
|
|
|
|
sctx->bios[sctx->curr]->next_free = -1;
|
|
|
|
sctx->bios[sctx->curr]->page_count = 0;
|
|
|
|
spin_unlock(&sctx->list_lock);
|
2011-03-08 21:14:00 +08:00
|
|
|
} else {
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_unlock(&sctx->list_lock);
|
|
|
|
wait_event(sctx->list_wait, sctx->first_free != -1);
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
}
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
sbio = sctx->bios[sctx->curr];
|
2012-03-28 02:21:27 +08:00
|
|
|
if (sbio->page_count == 0) {
|
2011-11-11 21:17:10 +08:00
|
|
|
struct bio *bio;
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
sbio->physical = spage->physical;
|
|
|
|
sbio->logical = spage->logical;
|
2012-11-02 20:26:57 +08:00
|
|
|
sbio->dev = spage->dev;
|
2012-03-28 02:21:27 +08:00
|
|
|
bio = sbio->bio;
|
|
|
|
if (!bio) {
|
2021-09-15 15:17:18 +08:00
|
|
|
bio = btrfs_bio_alloc(sctx->pages_per_rd_bio);
|
2012-03-28 02:21:27 +08:00
|
|
|
sbio->bio = bio;
|
|
|
|
}
|
2011-11-11 21:17:10 +08:00
|
|
|
|
|
|
|
bio->bi_private = sbio;
|
|
|
|
bio->bi_end_io = scrub_bio_end_io;
|
2017-08-24 01:10:32 +08:00
|
|
|
bio_set_dev(bio, sbio->dev->bdev);
|
2013-10-12 06:44:27 +08:00
|
|
|
bio->bi_iter.bi_sector = sbio->physical >> 9;
|
2018-06-29 16:56:53 +08:00
|
|
|
bio->bi_opf = REQ_OP_READ;
|
2017-06-03 15:38:06 +08:00
|
|
|
sbio->status = 0;
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
} else if (sbio->physical + sbio->page_count * sectorsize !=
|
2012-03-28 02:21:27 +08:00
|
|
|
spage->physical ||
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
sbio->logical + sbio->page_count * sectorsize !=
|
2012-11-02 20:26:57 +08:00
|
|
|
spage->logical ||
|
|
|
|
sbio->dev != spage->dev) {
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
scrub_submit(sctx);
|
2011-03-08 21:14:00 +08:00
|
|
|
goto again;
|
|
|
|
}
|
2011-11-11 21:17:10 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
sbio->pagev[sbio->page_count] = spage;
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
ret = bio_add_page(sbio->bio, spage->page, sectorsize, 0);
|
|
|
|
if (ret != sectorsize) {
|
2012-03-28 02:21:27 +08:00
|
|
|
if (sbio->page_count < 1) {
|
|
|
|
bio_put(sbio->bio);
|
|
|
|
sbio->bio = NULL;
|
|
|
|
return -EIO;
|
|
|
|
}
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
scrub_submit(sctx);
|
2011-11-11 21:17:10 +08:00
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
scrub_block_get(sblock); /* one for the page added to the bio */
|
2012-03-28 02:21:27 +08:00
|
|
|
atomic_inc(&sblock->outstanding_pages);
|
|
|
|
sbio->page_count++;
|
2012-11-06 18:43:11 +08:00
|
|
|
if (sbio->page_count == sctx->pages_per_rd_bio)
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
scrub_submit(sctx);
|
2012-03-28 02:21:27 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-09-06 06:14:43 +08:00
|
|
|
static void scrub_missing_raid56_end_io(struct bio *bio)
|
2015-06-20 02:52:51 +08:00
|
|
|
{
|
|
|
|
struct scrub_block *sblock = bio->bi_private;
|
2016-06-23 06:54:56 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sblock->sctx->fs_info;
|
2015-06-20 02:52:51 +08:00
|
|
|
|
2017-06-03 15:38:06 +08:00
|
|
|
if (bio->bi_status)
|
2015-06-20 02:52:51 +08:00
|
|
|
sblock->no_io_error_seen = 0;
|
|
|
|
|
2016-05-09 21:14:28 +08:00
|
|
|
bio_put(bio);
|
|
|
|
|
2015-06-20 02:52:51 +08:00
|
|
|
btrfs_queue_work(fs_info->scrub_workers, &sblock->work);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void scrub_missing_raid56_worker(struct btrfs_work *work)
|
|
|
|
{
|
|
|
|
struct scrub_block *sblock = container_of(work, struct scrub_block, work);
|
|
|
|
struct scrub_ctx *sctx = sblock->sctx;
|
2016-06-23 06:54:23 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
2015-06-20 02:52:51 +08:00
|
|
|
u64 logical;
|
|
|
|
struct btrfs_device *dev;
|
|
|
|
|
|
|
|
logical = sblock->pagev[0]->logical;
|
|
|
|
dev = sblock->pagev[0]->dev;
|
|
|
|
|
2015-08-24 21:32:06 +08:00
|
|
|
if (sblock->no_io_error_seen)
|
2015-08-24 21:18:02 +08:00
|
|
|
scrub_recheck_block_checksum(sblock);
|
2015-06-20 02:52:51 +08:00
|
|
|
|
|
|
|
if (!sblock->no_io_error_seen) {
|
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.read_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2016-06-23 06:54:23 +08:00
|
|
|
btrfs_err_rl_in_rcu(fs_info,
|
2015-10-08 16:43:10 +08:00
|
|
|
"IO error rebuilding logical %llu for dev %s",
|
2015-06-20 02:52:51 +08:00
|
|
|
logical, rcu_str_deref(dev->name));
|
|
|
|
} else if (sblock->header_error || sblock->checksum_error) {
|
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.uncorrectable_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2016-06-23 06:54:23 +08:00
|
|
|
btrfs_err_rl_in_rcu(fs_info,
|
2015-10-08 16:43:10 +08:00
|
|
|
"failed to rebuild valid logical %llu for dev %s",
|
2015-06-20 02:52:51 +08:00
|
|
|
logical, rcu_str_deref(dev->name));
|
|
|
|
} else {
|
|
|
|
scrub_write_block_to_dev_replace(sblock);
|
|
|
|
}
|
|
|
|
|
2017-03-31 23:12:51 +08:00
|
|
|
if (sctx->is_dev_replace && sctx->flush_all_writes) {
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_lock(&sctx->wr_lock);
|
2015-06-20 02:52:51 +08:00
|
|
|
scrub_wr_submit(sctx);
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_unlock(&sctx->wr_lock);
|
2015-06-20 02:52:51 +08:00
|
|
|
}
|
|
|
|
|
2019-09-17 02:30:56 +08:00
|
|
|
scrub_block_put(sblock);
|
2015-06-20 02:52:51 +08:00
|
|
|
scrub_pending_bio_dec(sctx);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void scrub_missing_raid56_pages(struct scrub_block *sblock)
|
|
|
|
{
|
|
|
|
struct scrub_ctx *sctx = sblock->sctx;
|
2016-06-23 06:54:56 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
2015-06-20 02:52:51 +08:00
|
|
|
u64 length = sblock->page_count * PAGE_SIZE;
|
|
|
|
u64 logical = sblock->pagev[0]->logical;
|
2021-09-15 15:17:16 +08:00
|
|
|
struct btrfs_io_context *bioc = NULL;
|
2015-06-20 02:52:51 +08:00
|
|
|
struct bio *bio;
|
|
|
|
struct btrfs_raid_bio *rbio;
|
|
|
|
int ret;
|
|
|
|
int i;
|
|
|
|
|
btrfs: Wait for in-flight bios before freeing target device for raid56
When raid56 dev-replace is cancelled by running scrub, we will free
target device without waiting for in-flight bios, causing the following
NULL pointer deference or general protection failure.
BUG: unable to handle kernel NULL pointer dereference at 00000000000005e0
IP: generic_make_request_checks+0x4d/0x610
CPU: 1 PID: 11676 Comm: kworker/u4:14 Tainted: G O 4.11.0-rc2 #72
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-20170228_101828-anatol 04/01/2014
Workqueue: btrfs-endio-raid56 btrfs_endio_raid56_helper [btrfs]
task: ffff88002875b4c0 task.stack: ffffc90001334000
RIP: 0010:generic_make_request_checks+0x4d/0x610
Call Trace:
? generic_make_request+0xc7/0x360
generic_make_request+0x24/0x360
? generic_make_request+0xc7/0x360
submit_bio+0x64/0x120
? page_in_rbio+0x4d/0x80 [btrfs]
? rbio_orig_end_io+0x80/0x80 [btrfs]
finish_rmw+0x3f4/0x540 [btrfs]
validate_rbio_for_rmw+0x36/0x40 [btrfs]
raid_rmw_end_io+0x7a/0x90 [btrfs]
bio_endio+0x56/0x60
end_workqueue_fn+0x3c/0x40 [btrfs]
btrfs_scrubparity_helper+0xef/0x620 [btrfs]
btrfs_endio_raid56_helper+0xe/0x10 [btrfs]
process_one_work+0x2af/0x720
? process_one_work+0x22b/0x720
worker_thread+0x4b/0x4f0
kthread+0x10f/0x150
? process_one_work+0x720/0x720
? kthread_create_on_node+0x40/0x40
ret_from_fork+0x2e/0x40
RIP: generic_make_request_checks+0x4d/0x610 RSP: ffffc90001337bb8
In btrfs_dev_replace_finishing(), we will call
btrfs_rm_dev_replace_blocked() to wait bios before destroying the target
device when scrub is finished normally.
However when dev-replace is aborted, either due to error or cancelled by
scrub, we didn't wait for bios, this can lead to use-after-free if there
are bios holding the target device.
Furthermore, for raid56 scrub, at least 2 places are calling
btrfs_map_sblock() without protection of bio_counter, leading to the
problem.
This patch fixes the problem:
1) Wait for bio_counter before freeing target device when canceling
replace
2) When calling btrfs_map_sblock() for raid56, use bio_counter to
protect the call.
Cc: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Reviewed-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2017-03-29 09:33:21 +08:00
|
|
|
btrfs_bio_counter_inc_blocked(fs_info);
|
2016-10-27 15:27:36 +08:00
|
|
|
ret = btrfs_map_sblock(fs_info, BTRFS_MAP_GET_READ_MIRRORS, logical,
|
2021-09-15 15:17:16 +08:00
|
|
|
&length, &bioc);
|
|
|
|
if (ret || !bioc || !bioc->raid_map)
|
|
|
|
goto bioc_out;
|
2015-06-20 02:52:51 +08:00
|
|
|
|
|
|
|
if (WARN_ON(!sctx->is_dev_replace ||
|
2021-09-15 15:17:16 +08:00
|
|
|
!(bioc->map_type & BTRFS_BLOCK_GROUP_RAID56_MASK))) {
|
2015-06-20 02:52:51 +08:00
|
|
|
/*
|
|
|
|
* We shouldn't be scrubbing a missing device. Even for dev
|
|
|
|
* replace, we should only get here for RAID 5/6. We either
|
|
|
|
* managed to mount something with no mirrors remaining or
|
|
|
|
* there's a bug in scrub_remap_extent()/btrfs_map_block().
|
|
|
|
*/
|
2021-09-15 15:17:16 +08:00
|
|
|
goto bioc_out;
|
2015-06-20 02:52:51 +08:00
|
|
|
}
|
|
|
|
|
2021-09-15 15:17:18 +08:00
|
|
|
bio = btrfs_bio_alloc(BIO_MAX_VECS);
|
2015-06-20 02:52:51 +08:00
|
|
|
bio->bi_iter.bi_sector = logical >> 9;
|
|
|
|
bio->bi_private = sblock;
|
|
|
|
bio->bi_end_io = scrub_missing_raid56_end_io;
|
|
|
|
|
2021-09-23 14:00:09 +08:00
|
|
|
rbio = raid56_alloc_missing_rbio(bio, bioc, length);
|
2015-06-20 02:52:51 +08:00
|
|
|
if (!rbio)
|
|
|
|
goto rbio_out;
|
|
|
|
|
|
|
|
for (i = 0; i < sblock->page_count; i++) {
|
|
|
|
struct scrub_page *spage = sblock->pagev[i];
|
|
|
|
|
|
|
|
raid56_add_scrub_pages(rbio, spage->page, spage->logical);
|
|
|
|
}
|
|
|
|
|
2019-09-17 02:30:57 +08:00
|
|
|
btrfs_init_work(&sblock->work, scrub_missing_raid56_worker, NULL, NULL);
|
2015-06-20 02:52:51 +08:00
|
|
|
scrub_block_get(sblock);
|
|
|
|
scrub_pending_bio_inc(sctx);
|
|
|
|
raid56_submit_missing_rbio(rbio);
|
|
|
|
return;
|
|
|
|
|
|
|
|
rbio_out:
|
|
|
|
bio_put(bio);
|
2021-09-15 15:17:16 +08:00
|
|
|
bioc_out:
|
btrfs: Wait for in-flight bios before freeing target device for raid56
When raid56 dev-replace is cancelled by running scrub, we will free
target device without waiting for in-flight bios, causing the following
NULL pointer deference or general protection failure.
BUG: unable to handle kernel NULL pointer dereference at 00000000000005e0
IP: generic_make_request_checks+0x4d/0x610
CPU: 1 PID: 11676 Comm: kworker/u4:14 Tainted: G O 4.11.0-rc2 #72
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-20170228_101828-anatol 04/01/2014
Workqueue: btrfs-endio-raid56 btrfs_endio_raid56_helper [btrfs]
task: ffff88002875b4c0 task.stack: ffffc90001334000
RIP: 0010:generic_make_request_checks+0x4d/0x610
Call Trace:
? generic_make_request+0xc7/0x360
generic_make_request+0x24/0x360
? generic_make_request+0xc7/0x360
submit_bio+0x64/0x120
? page_in_rbio+0x4d/0x80 [btrfs]
? rbio_orig_end_io+0x80/0x80 [btrfs]
finish_rmw+0x3f4/0x540 [btrfs]
validate_rbio_for_rmw+0x36/0x40 [btrfs]
raid_rmw_end_io+0x7a/0x90 [btrfs]
bio_endio+0x56/0x60
end_workqueue_fn+0x3c/0x40 [btrfs]
btrfs_scrubparity_helper+0xef/0x620 [btrfs]
btrfs_endio_raid56_helper+0xe/0x10 [btrfs]
process_one_work+0x2af/0x720
? process_one_work+0x22b/0x720
worker_thread+0x4b/0x4f0
kthread+0x10f/0x150
? process_one_work+0x720/0x720
? kthread_create_on_node+0x40/0x40
ret_from_fork+0x2e/0x40
RIP: generic_make_request_checks+0x4d/0x610 RSP: ffffc90001337bb8
In btrfs_dev_replace_finishing(), we will call
btrfs_rm_dev_replace_blocked() to wait bios before destroying the target
device when scrub is finished normally.
However when dev-replace is aborted, either due to error or cancelled by
scrub, we didn't wait for bios, this can lead to use-after-free if there
are bios holding the target device.
Furthermore, for raid56 scrub, at least 2 places are calling
btrfs_map_sblock() without protection of bio_counter, leading to the
problem.
This patch fixes the problem:
1) Wait for bio_counter before freeing target device when canceling
replace
2) When calling btrfs_map_sblock() for raid56, use bio_counter to
protect the call.
Cc: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Reviewed-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2017-03-29 09:33:21 +08:00
|
|
|
btrfs_bio_counter_dec(fs_info);
|
2021-09-15 15:17:16 +08:00
|
|
|
btrfs_put_bioc(bioc);
|
2015-06-20 02:52:51 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.malloc_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
|
|
|
}
|
|
|
|
|
2020-12-02 14:48:07 +08:00
|
|
|
static int scrub_pages(struct scrub_ctx *sctx, u64 logical, u32 len,
|
2012-11-02 20:26:57 +08:00
|
|
|
u64 physical, struct btrfs_device *dev, u64 flags,
|
2020-11-03 21:31:02 +08:00
|
|
|
u64 gen, int mirror_num, u8 *csum,
|
2012-11-06 18:43:11 +08:00
|
|
|
u64 physical_for_dev_replace)
|
2012-03-28 02:21:27 +08:00
|
|
|
{
|
|
|
|
struct scrub_block *sblock;
|
btrfs: scrub: always allocate one full page for one sector for RAID56
For scrub_pages() and scrub_pages_for_parity(), we currently allocate
one scrub_page structure for one page.
This is fine if we only read/write one sector one time. But for cases
like scrubbing RAID56, we need to read/write the full stripe, which is
in 64K size for now.
For subpage size, we will submit the read in just one page, which is
normally a good thing, but for RAID56 case, it only expects to see one
sector, not the full stripe in its endio function.
This could lead to wrong parity checksum for RAID56 on subpage.
To make the existing code work well for subpage case, here we take a
shortcut by always allocating a full page for one sector.
This should provide the base to make RAID56 work for subpage case.
The cost is pretty obvious now, for one RAID56 stripe now we always need
16 pages. For support subpage situation (64K page size, 4K sector size),
this means we need full one megabyte to scrub just one RAID56 stripe.
And for data scrub, each 4K sector will also need one 64K page.
This is mostly just a workaround, the proper fix for this is a much
larger project, using scrub_block to replace scrub_page, and allow
scrub_block to handle multi pages, csums, and csum_bitmap to avoid
allocating one page for each sector.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-12-02 14:48:08 +08:00
|
|
|
const u32 sectorsize = sctx->fs_info->sectorsize;
|
2012-03-28 02:21:27 +08:00
|
|
|
int index;
|
|
|
|
|
2016-02-11 17:49:42 +08:00
|
|
|
sblock = kzalloc(sizeof(*sblock), GFP_KERNEL);
|
2012-03-28 02:21:27 +08:00
|
|
|
if (!sblock) {
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.malloc_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2012-03-28 02:21:27 +08:00
|
|
|
return -ENOMEM;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2012-11-02 21:58:04 +08:00
|
|
|
/* one ref inside this function, plus one for each page added to
|
|
|
|
* a bio later on */
|
2017-03-03 16:55:23 +08:00
|
|
|
refcount_set(&sblock->refs, 1);
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
sblock->sctx = sctx;
|
2012-03-28 02:21:27 +08:00
|
|
|
sblock->no_io_error_seen = 1;
|
|
|
|
|
|
|
|
for (index = 0; len > 0; index++) {
|
2012-11-02 21:58:04 +08:00
|
|
|
struct scrub_page *spage;
|
btrfs: scrub: always allocate one full page for one sector for RAID56
For scrub_pages() and scrub_pages_for_parity(), we currently allocate
one scrub_page structure for one page.
This is fine if we only read/write one sector one time. But for cases
like scrubbing RAID56, we need to read/write the full stripe, which is
in 64K size for now.
For subpage size, we will submit the read in just one page, which is
normally a good thing, but for RAID56 case, it only expects to see one
sector, not the full stripe in its endio function.
This could lead to wrong parity checksum for RAID56 on subpage.
To make the existing code work well for subpage case, here we take a
shortcut by always allocating a full page for one sector.
This should provide the base to make RAID56 work for subpage case.
The cost is pretty obvious now, for one RAID56 stripe now we always need
16 pages. For support subpage situation (64K page size, 4K sector size),
this means we need full one megabyte to scrub just one RAID56 stripe.
And for data scrub, each 4K sector will also need one 64K page.
This is mostly just a workaround, the proper fix for this is a much
larger project, using scrub_block to replace scrub_page, and allow
scrub_block to handle multi pages, csums, and csum_bitmap to avoid
allocating one page for each sector.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-12-02 14:48:08 +08:00
|
|
|
/*
|
|
|
|
* Here we will allocate one page for one sector to scrub.
|
|
|
|
* This is fine if PAGE_SIZE == sectorsize, but will cost
|
|
|
|
* more memory for PAGE_SIZE > sectorsize case.
|
|
|
|
*/
|
|
|
|
u32 l = min(sectorsize, len);
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2016-02-11 17:49:42 +08:00
|
|
|
spage = kzalloc(sizeof(*spage), GFP_KERNEL);
|
2012-11-02 21:58:04 +08:00
|
|
|
if (!spage) {
|
|
|
|
leave_nomem:
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.malloc_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2012-11-02 21:58:04 +08:00
|
|
|
scrub_block_put(sblock);
|
2012-03-28 02:21:27 +08:00
|
|
|
return -ENOMEM;
|
|
|
|
}
|
2012-11-02 21:58:04 +08:00
|
|
|
BUG_ON(index >= SCRUB_MAX_PAGES_PER_BLOCK);
|
|
|
|
scrub_page_get(spage);
|
|
|
|
sblock->pagev[index] = spage;
|
2012-03-28 02:21:27 +08:00
|
|
|
spage->sblock = sblock;
|
2012-11-02 20:26:57 +08:00
|
|
|
spage->dev = dev;
|
2012-03-28 02:21:27 +08:00
|
|
|
spage->flags = flags;
|
|
|
|
spage->generation = gen;
|
|
|
|
spage->logical = logical;
|
|
|
|
spage->physical = physical;
|
2012-11-06 18:43:11 +08:00
|
|
|
spage->physical_for_dev_replace = physical_for_dev_replace;
|
2012-03-28 02:21:27 +08:00
|
|
|
spage->mirror_num = mirror_num;
|
|
|
|
if (csum) {
|
|
|
|
spage->have_csum = 1;
|
2020-06-30 23:44:49 +08:00
|
|
|
memcpy(spage->csum, csum, sctx->fs_info->csum_size);
|
2012-03-28 02:21:27 +08:00
|
|
|
} else {
|
|
|
|
spage->have_csum = 0;
|
|
|
|
}
|
|
|
|
sblock->page_count++;
|
2016-02-11 17:49:42 +08:00
|
|
|
spage->page = alloc_page(GFP_KERNEL);
|
2012-11-02 21:58:04 +08:00
|
|
|
if (!spage->page)
|
|
|
|
goto leave_nomem;
|
2012-03-28 02:21:27 +08:00
|
|
|
len -= l;
|
|
|
|
logical += l;
|
|
|
|
physical += l;
|
2012-11-06 18:43:11 +08:00
|
|
|
physical_for_dev_replace += l;
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
|
|
|
|
2012-11-02 21:58:04 +08:00
|
|
|
WARN_ON(sblock->page_count == 0);
|
2017-12-04 12:54:54 +08:00
|
|
|
if (test_bit(BTRFS_DEV_STATE_MISSING, &dev->dev_state)) {
|
2015-06-20 02:52:51 +08:00
|
|
|
/*
|
|
|
|
* This case should only be hit for RAID 5/6 device replace. See
|
|
|
|
* the comment in scrub_missing_raid56_pages() for details.
|
|
|
|
*/
|
|
|
|
scrub_missing_raid56_pages(sblock);
|
|
|
|
} else {
|
|
|
|
for (index = 0; index < sblock->page_count; index++) {
|
|
|
|
struct scrub_page *spage = sblock->pagev[index];
|
|
|
|
int ret;
|
2011-05-29 03:57:55 +08:00
|
|
|
|
2015-06-20 02:52:51 +08:00
|
|
|
ret = scrub_add_page_to_rd_bio(sctx, spage);
|
|
|
|
if (ret) {
|
|
|
|
scrub_block_put(sblock);
|
|
|
|
return ret;
|
|
|
|
}
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2020-11-03 21:31:02 +08:00
|
|
|
if (flags & BTRFS_EXTENT_FLAG_SUPER)
|
2015-06-20 02:52:51 +08:00
|
|
|
scrub_submit(sctx);
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
/* last one frees, either here or in bio completion for last page */
|
|
|
|
scrub_block_put(sblock);
|
2011-03-08 21:14:00 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-07-20 21:29:37 +08:00
|
|
|
static void scrub_bio_end_io(struct bio *bio)
|
2012-03-28 02:21:27 +08:00
|
|
|
{
|
|
|
|
struct scrub_bio *sbio = bio->bi_private;
|
2016-06-23 06:54:56 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sbio->dev->fs_info;
|
2012-03-28 02:21:27 +08:00
|
|
|
|
2017-06-03 15:38:06 +08:00
|
|
|
sbio->status = bio->bi_status;
|
2012-03-28 02:21:27 +08:00
|
|
|
sbio->bio = bio;
|
|
|
|
|
2014-02-28 10:46:17 +08:00
|
|
|
btrfs_queue_work(fs_info->scrub_workers, &sbio->work);
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void scrub_bio_end_io_worker(struct btrfs_work *work)
|
|
|
|
{
|
|
|
|
struct scrub_bio *sbio = container_of(work, struct scrub_bio, work);
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx *sctx = sbio->sctx;
|
2012-03-28 02:21:27 +08:00
|
|
|
int i;
|
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
BUG_ON(sbio->page_count > SCRUB_PAGES_PER_RD_BIO);
|
2017-06-03 15:38:06 +08:00
|
|
|
if (sbio->status) {
|
2012-03-28 02:21:27 +08:00
|
|
|
for (i = 0; i < sbio->page_count; i++) {
|
|
|
|
struct scrub_page *spage = sbio->pagev[i];
|
|
|
|
|
|
|
|
spage->io_error = 1;
|
|
|
|
spage->sblock->no_io_error_seen = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* now complete the scrub_block items that have all pages completed */
|
|
|
|
for (i = 0; i < sbio->page_count; i++) {
|
|
|
|
struct scrub_page *spage = sbio->pagev[i];
|
|
|
|
struct scrub_block *sblock = spage->sblock;
|
|
|
|
|
|
|
|
if (atomic_dec_and_test(&sblock->outstanding_pages))
|
|
|
|
scrub_block_complete(sblock);
|
|
|
|
scrub_block_put(sblock);
|
|
|
|
}
|
|
|
|
|
|
|
|
bio_put(sbio->bio);
|
|
|
|
sbio->bio = NULL;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->list_lock);
|
|
|
|
sbio->next_free = sctx->first_free;
|
|
|
|
sctx->first_free = sbio->index;
|
|
|
|
spin_unlock(&sctx->list_lock);
|
2012-11-06 18:43:11 +08:00
|
|
|
|
2017-03-31 23:12:51 +08:00
|
|
|
if (sctx->is_dev_replace && sctx->flush_all_writes) {
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_lock(&sctx->wr_lock);
|
2012-11-06 18:43:11 +08:00
|
|
|
scrub_wr_submit(sctx);
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_unlock(&sctx->wr_lock);
|
2012-11-06 18:43:11 +08:00
|
|
|
}
|
|
|
|
|
2012-11-02 23:44:58 +08:00
|
|
|
scrub_pending_bio_dec(sctx);
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
|
|
|
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
static inline void __scrub_mark_bitmap(struct scrub_parity *sparity,
|
|
|
|
unsigned long *bitmap,
|
2020-12-02 14:48:07 +08:00
|
|
|
u64 start, u32 len)
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
{
|
2017-04-04 04:45:33 +08:00
|
|
|
u64 offset;
|
2017-04-01 00:02:48 +08:00
|
|
|
u32 nsectors;
|
2020-07-02 02:45:04 +08:00
|
|
|
u32 sectorsize_bits = sparity->sctx->fs_info->sectorsize_bits;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
|
|
|
|
if (len >= sparity->stripe_len) {
|
|
|
|
bitmap_set(bitmap, 0, sparity->nsectors);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
start -= sparity->logic_start;
|
2017-04-04 04:45:33 +08:00
|
|
|
start = div64_u64_rem(start, sparity->stripe_len, &offset);
|
2020-07-02 02:45:04 +08:00
|
|
|
offset = offset >> sectorsize_bits;
|
2020-12-02 14:48:07 +08:00
|
|
|
nsectors = len >> sectorsize_bits;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
|
|
|
|
if (offset + nsectors <= sparity->nsectors) {
|
|
|
|
bitmap_set(bitmap, offset, nsectors);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
bitmap_set(bitmap, offset, sparity->nsectors - offset);
|
|
|
|
bitmap_set(bitmap, 0, nsectors - (sparity->nsectors - offset));
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void scrub_parity_mark_sectors_error(struct scrub_parity *sparity,
|
2020-12-02 14:48:07 +08:00
|
|
|
u64 start, u32 len)
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
{
|
|
|
|
__scrub_mark_bitmap(sparity, sparity->ebitmap, start, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void scrub_parity_mark_sectors_data(struct scrub_parity *sparity,
|
2020-12-02 14:48:07 +08:00
|
|
|
u64 start, u32 len)
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
{
|
|
|
|
__scrub_mark_bitmap(sparity, sparity->dbitmap, start, len);
|
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
static void scrub_block_complete(struct scrub_block *sblock)
|
|
|
|
{
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
int corrupted = 0;
|
|
|
|
|
2012-11-06 18:43:11 +08:00
|
|
|
if (!sblock->no_io_error_seen) {
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
corrupted = 1;
|
2012-03-28 02:21:27 +08:00
|
|
|
scrub_handle_errored_block(sblock);
|
2012-11-06 18:43:11 +08:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* if has checksum error, write via repair mechanism in
|
|
|
|
* dev replace case, otherwise write here in dev replace
|
|
|
|
* case.
|
|
|
|
*/
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
corrupted = scrub_checksum(sblock);
|
|
|
|
if (!corrupted && sblock->sctx->is_dev_replace)
|
2012-11-06 18:43:11 +08:00
|
|
|
scrub_write_block_to_dev_replace(sblock);
|
|
|
|
}
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
|
|
|
|
if (sblock->sparity && corrupted && !sblock->data_corrected) {
|
|
|
|
u64 start = sblock->pagev[0]->logical;
|
|
|
|
u64 end = sblock->pagev[sblock->page_count - 1]->logical +
|
btrfs: scrub: fix subpage repair error caused by hard coded PAGE_SIZE
[BUG]
For the following file layout, scrub will not be able to repair all
these two repairable error, but in fact make one corruption even
unrepairable:
inode offset 0 4k 8K
Mirror 1 |XXXXXX| |
Mirror 2 | |XXXXXX|
[CAUSE]
The root cause is the hard coded PAGE_SIZE, which makes scrub repair to
go crazy for subpage.
For above case, when reading the first sector, we use PAGE_SIZE other
than sectorsize to read, which makes us to read the full range [0, 64K).
In fact, after 8K there may be no data at all, we can just get some
garbage.
Then when doing the repair, we also writeback a full page from mirror 2,
this means, we will also writeback the corrupted data in mirror 2 back
to mirror 1, leaving the range [4K, 8K) unrepairable.
[FIX]
This patch will modify the following PAGE_SIZE use with sectorsize:
- scrub_print_warning_inode()
Remove the min() and replace PAGE_SIZE with sectorsize.
The min() makes no sense, as csum is done for the full sector with
padding.
This fixes a bug that subpage report extra length like:
checksum error at logical 298844160 on dev /dev/mapper/arm_nvme-test,
physical 575668224, root 5, inode 257, offset 0, length 12288, links 1 (path: file)
Where the error is only 1 sector.
- scrub_handle_errored_block()
Comments with PAGE|page involved, all changed to sector.
- scrub_setup_recheck_block()
- scrub_repair_page_from_good_copy()
- scrub_add_page_to_wr_bio()
- scrub_wr_submit()
- scrub_add_page_to_rd_bio()
- scrub_block_complete()
Replace PAGE_SIZE with sectorsize.
This solves several problems where we read/write extra range for
subpage case.
RAID56 code is excluded intentionally, as RAID56 has extra PAGE_SIZE
usage, and is not really safe enough.
Thus we will reject RAID56 for subpage in later commit.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-04-22 19:02:46 +08:00
|
|
|
sblock->sctx->fs_info->sectorsize;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
|
2020-12-02 14:48:07 +08:00
|
|
|
ASSERT(end - start <= U32_MAX);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
scrub_parity_mark_sectors_error(sblock->sparity,
|
|
|
|
start, end - start);
|
|
|
|
}
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
|
|
|
|
2020-11-03 21:31:04 +08:00
|
|
|
static void drop_csum_range(struct scrub_ctx *sctx, struct btrfs_ordered_sum *sum)
|
|
|
|
{
|
|
|
|
sctx->stat.csum_discards += sum->len >> sctx->fs_info->sectorsize_bits;
|
|
|
|
list_del(&sum->list);
|
|
|
|
kfree(sum);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Find the desired csum for range [logical, logical + sectorsize), and store
|
|
|
|
* the csum into @csum.
|
|
|
|
*
|
|
|
|
* The search source is sctx->csum_list, which is a pre-populated list
|
2021-05-21 23:42:23 +08:00
|
|
|
* storing bytenr ordered csum ranges. We're responsible to cleanup any range
|
2020-11-03 21:31:04 +08:00
|
|
|
* that is before @logical.
|
|
|
|
*
|
|
|
|
* Return 0 if there is no csum for the range.
|
|
|
|
* Return 1 if there is csum for the range and copied to @csum.
|
|
|
|
*/
|
2015-08-24 22:03:02 +08:00
|
|
|
static int scrub_find_csum(struct scrub_ctx *sctx, u64 logical, u8 *csum)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
2020-11-03 21:31:04 +08:00
|
|
|
bool found = false;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
while (!list_empty(&sctx->csum_list)) {
|
2020-11-03 21:31:04 +08:00
|
|
|
struct btrfs_ordered_sum *sum = NULL;
|
|
|
|
unsigned long index;
|
|
|
|
unsigned long num_sectors;
|
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
sum = list_first_entry(&sctx->csum_list,
|
2011-03-08 21:14:00 +08:00
|
|
|
struct btrfs_ordered_sum, list);
|
2020-11-03 21:31:04 +08:00
|
|
|
/* The current csum range is beyond our range, no csum found */
|
2011-03-08 21:14:00 +08:00
|
|
|
if (sum->bytenr > logical)
|
|
|
|
break;
|
|
|
|
|
2020-11-03 21:31:04 +08:00
|
|
|
/*
|
|
|
|
* The current sum is before our bytenr, since scrub is always
|
|
|
|
* done in bytenr order, the csum will never be used anymore,
|
|
|
|
* clean it up so that later calls won't bother with the range,
|
|
|
|
* and continue search the next range.
|
|
|
|
*/
|
|
|
|
if (sum->bytenr + sum->len <= logical) {
|
|
|
|
drop_csum_range(sctx, sum);
|
|
|
|
continue;
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2020-11-03 21:31:04 +08:00
|
|
|
/* Now the csum range covers our bytenr, copy the csum */
|
|
|
|
found = true;
|
|
|
|
index = (logical - sum->bytenr) >> sctx->fs_info->sectorsize_bits;
|
|
|
|
num_sectors = sum->len >> sctx->fs_info->sectorsize_bits;
|
2017-04-01 00:02:48 +08:00
|
|
|
|
2020-11-03 21:31:04 +08:00
|
|
|
memcpy(csum, sum->sums + index * sctx->fs_info->csum_size,
|
|
|
|
sctx->fs_info->csum_size);
|
|
|
|
|
|
|
|
/* Cleanup the range if we're at the end of the csum range */
|
|
|
|
if (index == num_sectors - 1)
|
|
|
|
drop_csum_range(sctx, sum);
|
|
|
|
break;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
2020-11-03 21:31:04 +08:00
|
|
|
if (!found)
|
|
|
|
return 0;
|
Btrfs: remove btrfs_sector_sum structure
Using the structure btrfs_sector_sum to keep the checksum value is
unnecessary, because the extents that btrfs_sector_sum points to are
continuous, we can find out the expected checksums by btrfs_ordered_sum's
bytenr and the offset, so we can remove btrfs_sector_sum's bytenr. After
removing bytenr, there is only one member in the structure, so it makes
no sense to keep the structure, just remove it, and use a u32 array to
store the checksum value.
By this change, we don't use the while loop to get the checksums one by
one. Now, we can get several checksum value at one time, it improved the
performance by ~74% on my SSD (31MB/s -> 54MB/s).
test command:
# dd if=/dev/zero of=/mnt/btrfs/file0 bs=1M count=1024 oflag=sync
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Josef Bacik <jbacik@fusionio.com>
2013-06-19 10:36:09 +08:00
|
|
|
return 1;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* scrub extent tries to collect up to 64 kB for each bio */
|
2018-03-08 03:08:09 +08:00
|
|
|
static int scrub_extent(struct scrub_ctx *sctx, struct map_lookup *map,
|
2020-12-02 14:48:07 +08:00
|
|
|
u64 logical, u32 len,
|
2012-11-02 20:26:57 +08:00
|
|
|
u64 physical, struct btrfs_device *dev, u64 flags,
|
2012-11-06 18:43:11 +08:00
|
|
|
u64 gen, int mirror_num, u64 physical_for_dev_replace)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
u8 csum[BTRFS_CSUM_SIZE];
|
2012-03-28 02:21:27 +08:00
|
|
|
u32 blocksize;
|
|
|
|
|
|
|
|
if (flags & BTRFS_EXTENT_FLAG_DATA) {
|
2018-03-08 03:08:09 +08:00
|
|
|
if (map->type & BTRFS_BLOCK_GROUP_RAID56_MASK)
|
|
|
|
blocksize = map->stripe_len;
|
|
|
|
else
|
|
|
|
blocksize = sctx->fs_info->sectorsize;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.data_extents_scrubbed++;
|
|
|
|
sctx->stat.data_bytes_scrubbed += len;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2012-03-28 02:21:27 +08:00
|
|
|
} else if (flags & BTRFS_EXTENT_FLAG_TREE_BLOCK) {
|
2018-03-08 03:08:09 +08:00
|
|
|
if (map->type & BTRFS_BLOCK_GROUP_RAID56_MASK)
|
|
|
|
blocksize = map->stripe_len;
|
|
|
|
else
|
|
|
|
blocksize = sctx->fs_info->nodesize;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.tree_extents_scrubbed++;
|
|
|
|
sctx->stat.tree_bytes_scrubbed += len;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2012-03-28 02:21:27 +08:00
|
|
|
} else {
|
2017-05-17 01:10:41 +08:00
|
|
|
blocksize = sctx->fs_info->sectorsize;
|
2012-11-06 18:43:11 +08:00
|
|
|
WARN_ON(1);
|
2012-03-28 02:21:27 +08:00
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
while (len) {
|
2020-12-02 14:48:07 +08:00
|
|
|
u32 l = min(len, blocksize);
|
2011-03-08 21:14:00 +08:00
|
|
|
int have_csum = 0;
|
|
|
|
|
|
|
|
if (flags & BTRFS_EXTENT_FLAG_DATA) {
|
|
|
|
/* push csums to sbio */
|
2015-08-24 22:03:02 +08:00
|
|
|
have_csum = scrub_find_csum(sctx, logical, csum);
|
2011-03-08 21:14:00 +08:00
|
|
|
if (have_csum == 0)
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
++sctx->stat.no_csum;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
2012-11-02 20:26:57 +08:00
|
|
|
ret = scrub_pages(sctx, logical, l, physical, dev, flags, gen,
|
2020-11-03 21:31:02 +08:00
|
|
|
mirror_num, have_csum ? csum : NULL,
|
2012-11-06 18:43:11 +08:00
|
|
|
physical_for_dev_replace);
|
2011-03-08 21:14:00 +08:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
len -= l;
|
|
|
|
logical += l;
|
|
|
|
physical += l;
|
2012-11-06 18:43:11 +08:00
|
|
|
physical_for_dev_replace += l;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
static int scrub_pages_for_parity(struct scrub_parity *sparity,
|
2020-12-02 14:48:07 +08:00
|
|
|
u64 logical, u32 len,
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
u64 physical, struct btrfs_device *dev,
|
|
|
|
u64 flags, u64 gen, int mirror_num, u8 *csum)
|
|
|
|
{
|
|
|
|
struct scrub_ctx *sctx = sparity->sctx;
|
|
|
|
struct scrub_block *sblock;
|
btrfs: scrub: always allocate one full page for one sector for RAID56
For scrub_pages() and scrub_pages_for_parity(), we currently allocate
one scrub_page structure for one page.
This is fine if we only read/write one sector one time. But for cases
like scrubbing RAID56, we need to read/write the full stripe, which is
in 64K size for now.
For subpage size, we will submit the read in just one page, which is
normally a good thing, but for RAID56 case, it only expects to see one
sector, not the full stripe in its endio function.
This could lead to wrong parity checksum for RAID56 on subpage.
To make the existing code work well for subpage case, here we take a
shortcut by always allocating a full page for one sector.
This should provide the base to make RAID56 work for subpage case.
The cost is pretty obvious now, for one RAID56 stripe now we always need
16 pages. For support subpage situation (64K page size, 4K sector size),
this means we need full one megabyte to scrub just one RAID56 stripe.
And for data scrub, each 4K sector will also need one 64K page.
This is mostly just a workaround, the proper fix for this is a much
larger project, using scrub_block to replace scrub_page, and allow
scrub_block to handle multi pages, csums, and csum_bitmap to avoid
allocating one page for each sector.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-12-02 14:48:08 +08:00
|
|
|
const u32 sectorsize = sctx->fs_info->sectorsize;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
int index;
|
|
|
|
|
btrfs: scrub: always allocate one full page for one sector for RAID56
For scrub_pages() and scrub_pages_for_parity(), we currently allocate
one scrub_page structure for one page.
This is fine if we only read/write one sector one time. But for cases
like scrubbing RAID56, we need to read/write the full stripe, which is
in 64K size for now.
For subpage size, we will submit the read in just one page, which is
normally a good thing, but for RAID56 case, it only expects to see one
sector, not the full stripe in its endio function.
This could lead to wrong parity checksum for RAID56 on subpage.
To make the existing code work well for subpage case, here we take a
shortcut by always allocating a full page for one sector.
This should provide the base to make RAID56 work for subpage case.
The cost is pretty obvious now, for one RAID56 stripe now we always need
16 pages. For support subpage situation (64K page size, 4K sector size),
this means we need full one megabyte to scrub just one RAID56 stripe.
And for data scrub, each 4K sector will also need one 64K page.
This is mostly just a workaround, the proper fix for this is a much
larger project, using scrub_block to replace scrub_page, and allow
scrub_block to handle multi pages, csums, and csum_bitmap to avoid
allocating one page for each sector.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-12-02 14:48:08 +08:00
|
|
|
ASSERT(IS_ALIGNED(len, sectorsize));
|
|
|
|
|
2016-02-11 17:49:42 +08:00
|
|
|
sblock = kzalloc(sizeof(*sblock), GFP_KERNEL);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
if (!sblock) {
|
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.malloc_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* one ref inside this function, plus one for each page added to
|
|
|
|
* a bio later on */
|
2017-03-03 16:55:23 +08:00
|
|
|
refcount_set(&sblock->refs, 1);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
sblock->sctx = sctx;
|
|
|
|
sblock->no_io_error_seen = 1;
|
|
|
|
sblock->sparity = sparity;
|
|
|
|
scrub_parity_get(sparity);
|
|
|
|
|
|
|
|
for (index = 0; len > 0; index++) {
|
|
|
|
struct scrub_page *spage;
|
|
|
|
|
2016-02-11 17:49:42 +08:00
|
|
|
spage = kzalloc(sizeof(*spage), GFP_KERNEL);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
if (!spage) {
|
|
|
|
leave_nomem:
|
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.malloc_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
|
|
|
scrub_block_put(sblock);
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
BUG_ON(index >= SCRUB_MAX_PAGES_PER_BLOCK);
|
|
|
|
/* For scrub block */
|
|
|
|
scrub_page_get(spage);
|
|
|
|
sblock->pagev[index] = spage;
|
|
|
|
/* For scrub parity */
|
|
|
|
scrub_page_get(spage);
|
|
|
|
list_add_tail(&spage->list, &sparity->spages);
|
|
|
|
spage->sblock = sblock;
|
|
|
|
spage->dev = dev;
|
|
|
|
spage->flags = flags;
|
|
|
|
spage->generation = gen;
|
|
|
|
spage->logical = logical;
|
|
|
|
spage->physical = physical;
|
|
|
|
spage->mirror_num = mirror_num;
|
|
|
|
if (csum) {
|
|
|
|
spage->have_csum = 1;
|
2020-06-30 23:44:49 +08:00
|
|
|
memcpy(spage->csum, csum, sctx->fs_info->csum_size);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
} else {
|
|
|
|
spage->have_csum = 0;
|
|
|
|
}
|
|
|
|
sblock->page_count++;
|
2016-02-11 17:49:42 +08:00
|
|
|
spage->page = alloc_page(GFP_KERNEL);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
if (!spage->page)
|
|
|
|
goto leave_nomem;
|
btrfs: scrub: always allocate one full page for one sector for RAID56
For scrub_pages() and scrub_pages_for_parity(), we currently allocate
one scrub_page structure for one page.
This is fine if we only read/write one sector one time. But for cases
like scrubbing RAID56, we need to read/write the full stripe, which is
in 64K size for now.
For subpage size, we will submit the read in just one page, which is
normally a good thing, but for RAID56 case, it only expects to see one
sector, not the full stripe in its endio function.
This could lead to wrong parity checksum for RAID56 on subpage.
To make the existing code work well for subpage case, here we take a
shortcut by always allocating a full page for one sector.
This should provide the base to make RAID56 work for subpage case.
The cost is pretty obvious now, for one RAID56 stripe now we always need
16 pages. For support subpage situation (64K page size, 4K sector size),
this means we need full one megabyte to scrub just one RAID56 stripe.
And for data scrub, each 4K sector will also need one 64K page.
This is mostly just a workaround, the proper fix for this is a much
larger project, using scrub_block to replace scrub_page, and allow
scrub_block to handle multi pages, csums, and csum_bitmap to avoid
allocating one page for each sector.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-12-02 14:48:08 +08:00
|
|
|
|
|
|
|
|
|
|
|
/* Iterate over the stripe range in sectorsize steps */
|
|
|
|
len -= sectorsize;
|
|
|
|
logical += sectorsize;
|
|
|
|
physical += sectorsize;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
WARN_ON(sblock->page_count == 0);
|
|
|
|
for (index = 0; index < sblock->page_count; index++) {
|
|
|
|
struct scrub_page *spage = sblock->pagev[index];
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
ret = scrub_add_page_to_rd_bio(sctx, spage);
|
|
|
|
if (ret) {
|
|
|
|
scrub_block_put(sblock);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* last one frees, either here or in bio completion for last page */
|
|
|
|
scrub_block_put(sblock);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int scrub_extent_for_parity(struct scrub_parity *sparity,
|
2020-12-02 14:48:07 +08:00
|
|
|
u64 logical, u32 len,
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
u64 physical, struct btrfs_device *dev,
|
|
|
|
u64 flags, u64 gen, int mirror_num)
|
|
|
|
{
|
|
|
|
struct scrub_ctx *sctx = sparity->sctx;
|
|
|
|
int ret;
|
|
|
|
u8 csum[BTRFS_CSUM_SIZE];
|
|
|
|
u32 blocksize;
|
|
|
|
|
2017-12-04 12:54:54 +08:00
|
|
|
if (test_bit(BTRFS_DEV_STATE_MISSING, &dev->dev_state)) {
|
2015-06-20 02:52:52 +08:00
|
|
|
scrub_parity_mark_sectors_error(sparity, logical, len);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
if (flags & BTRFS_EXTENT_FLAG_DATA) {
|
2018-03-08 03:08:09 +08:00
|
|
|
blocksize = sparity->stripe_len;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
} else if (flags & BTRFS_EXTENT_FLAG_TREE_BLOCK) {
|
2018-03-08 03:08:09 +08:00
|
|
|
blocksize = sparity->stripe_len;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
} else {
|
2017-05-17 01:10:41 +08:00
|
|
|
blocksize = sctx->fs_info->sectorsize;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
WARN_ON(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
while (len) {
|
2020-12-02 14:48:07 +08:00
|
|
|
u32 l = min(len, blocksize);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
int have_csum = 0;
|
|
|
|
|
|
|
|
if (flags & BTRFS_EXTENT_FLAG_DATA) {
|
|
|
|
/* push csums to sbio */
|
2015-08-24 22:03:02 +08:00
|
|
|
have_csum = scrub_find_csum(sctx, logical, csum);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
if (have_csum == 0)
|
|
|
|
goto skip;
|
|
|
|
}
|
|
|
|
ret = scrub_pages_for_parity(sparity, logical, l, physical, dev,
|
|
|
|
flags, gen, mirror_num,
|
|
|
|
have_csum ? csum : NULL);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
2014-12-13 03:30:00 +08:00
|
|
|
skip:
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
len -= l;
|
|
|
|
logical += l;
|
|
|
|
physical += l;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2014-04-01 18:01:43 +08:00
|
|
|
/*
|
|
|
|
* Given a physical address, this will calculate it's
|
|
|
|
* logical offset. if this is a parity stripe, it will return
|
|
|
|
* the most left data stripe's logical offset.
|
|
|
|
*
|
|
|
|
* return 0 if it is a data stripe, 1 means parity stripe.
|
|
|
|
*/
|
|
|
|
static int get_raid56_logic_offset(u64 physical, int num,
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
struct map_lookup *map, u64 *offset,
|
|
|
|
u64 *stripe_start)
|
2014-04-01 18:01:43 +08:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
int j = 0;
|
|
|
|
u64 stripe_nr;
|
|
|
|
u64 last_offset;
|
2015-02-21 01:42:11 +08:00
|
|
|
u32 stripe_index;
|
|
|
|
u32 rot;
|
2019-05-17 17:43:45 +08:00
|
|
|
const int data_stripes = nr_data_stripes(map);
|
2014-04-01 18:01:43 +08:00
|
|
|
|
2019-05-17 17:43:45 +08:00
|
|
|
last_offset = (physical - map->stripes[num].physical) * data_stripes;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
if (stripe_start)
|
|
|
|
*stripe_start = last_offset;
|
|
|
|
|
2014-04-01 18:01:43 +08:00
|
|
|
*offset = last_offset;
|
2019-05-17 17:43:45 +08:00
|
|
|
for (i = 0; i < data_stripes; i++) {
|
2014-04-01 18:01:43 +08:00
|
|
|
*offset = last_offset + i * map->stripe_len;
|
|
|
|
|
2017-04-04 04:45:24 +08:00
|
|
|
stripe_nr = div64_u64(*offset, map->stripe_len);
|
2019-05-17 17:43:45 +08:00
|
|
|
stripe_nr = div_u64(stripe_nr, data_stripes);
|
2014-04-01 18:01:43 +08:00
|
|
|
|
|
|
|
/* Work out the disk rotation on this stripe-set */
|
2015-02-21 01:43:47 +08:00
|
|
|
stripe_nr = div_u64_rem(stripe_nr, map->num_stripes, &rot);
|
2014-04-01 18:01:43 +08:00
|
|
|
/* calculate which stripe this data locates */
|
|
|
|
rot += i;
|
2014-04-11 18:32:25 +08:00
|
|
|
stripe_index = rot % map->num_stripes;
|
2014-04-01 18:01:43 +08:00
|
|
|
if (stripe_index == num)
|
|
|
|
return 0;
|
|
|
|
if (stripe_index < num)
|
|
|
|
j++;
|
|
|
|
}
|
|
|
|
*offset = last_offset + j * map->stripe_len;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
static void scrub_free_parity(struct scrub_parity *sparity)
|
|
|
|
{
|
|
|
|
struct scrub_ctx *sctx = sparity->sctx;
|
|
|
|
struct scrub_page *curr, *next;
|
|
|
|
int nbits;
|
|
|
|
|
|
|
|
nbits = bitmap_weight(sparity->ebitmap, sparity->nsectors);
|
|
|
|
if (nbits) {
|
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.read_errors += nbits;
|
|
|
|
sctx->stat.uncorrectable_errors += nbits;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
list_for_each_entry_safe(curr, next, &sparity->spages, list) {
|
|
|
|
list_del_init(&curr->list);
|
|
|
|
scrub_page_put(curr);
|
|
|
|
}
|
|
|
|
|
|
|
|
kfree(sparity);
|
|
|
|
}
|
|
|
|
|
2015-06-04 20:09:15 +08:00
|
|
|
static void scrub_parity_bio_endio_worker(struct btrfs_work *work)
|
|
|
|
{
|
|
|
|
struct scrub_parity *sparity = container_of(work, struct scrub_parity,
|
|
|
|
work);
|
|
|
|
struct scrub_ctx *sctx = sparity->sctx;
|
|
|
|
|
|
|
|
scrub_free_parity(sparity);
|
|
|
|
scrub_pending_bio_dec(sctx);
|
|
|
|
}
|
|
|
|
|
2015-07-20 21:29:37 +08:00
|
|
|
static void scrub_parity_bio_endio(struct bio *bio)
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
{
|
|
|
|
struct scrub_parity *sparity = (struct scrub_parity *)bio->bi_private;
|
2016-06-23 06:54:23 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sparity->sctx->fs_info;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
|
2017-06-03 15:38:06 +08:00
|
|
|
if (bio->bi_status)
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
bitmap_or(sparity->ebitmap, sparity->ebitmap, sparity->dbitmap,
|
|
|
|
sparity->nsectors);
|
|
|
|
|
|
|
|
bio_put(bio);
|
2015-06-04 20:09:15 +08:00
|
|
|
|
2019-09-17 02:30:57 +08:00
|
|
|
btrfs_init_work(&sparity->work, scrub_parity_bio_endio_worker, NULL,
|
|
|
|
NULL);
|
2016-06-23 06:54:23 +08:00
|
|
|
btrfs_queue_work(fs_info->scrub_parity_workers, &sparity->work);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void scrub_parity_check_and_repair(struct scrub_parity *sparity)
|
|
|
|
{
|
|
|
|
struct scrub_ctx *sctx = sparity->sctx;
|
2016-06-23 06:54:23 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
struct bio *bio;
|
|
|
|
struct btrfs_raid_bio *rbio;
|
2021-09-15 15:17:16 +08:00
|
|
|
struct btrfs_io_context *bioc = NULL;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
u64 length;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (!bitmap_andnot(sparity->dbitmap, sparity->dbitmap, sparity->ebitmap,
|
|
|
|
sparity->nsectors))
|
|
|
|
goto out;
|
|
|
|
|
btrfs: Fix calculate typo caused by ambiguous meaning of logic_end
For example, in scrub_raid56_parity(), following lines are used
to judge is all data processed:
place1: if (key.objectid > logic_end) ...
place2: if (logic_start >= logic_end) ...
...
(place2 is typo, is should be ">", it is copied from other
place, where logic_end's meaning is different, long story...)
We can fix above typo directly, but the root reason is ambiguous
meaning of logic_end in scrub raid56 parity.
In other place, XXX_end is pointed to data which is not included,
and we need to process segment of [XXX_start, XXX_end).
But for scrub raid56 parity, logic_end is pointed to lattest data
need to process, and introduced many "+ 1" and "- 1" in code as
below:
length = sparity->logic_end - sparity->logic_start + 1
logic_end - logic_start + 1
stripe_logical + increment - 1
This patch changed logic_end's meaning to make it in normal understanding
in raid56 parity functions and data struct alone with above bugfix.
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-07-21 15:42:26 +08:00
|
|
|
length = sparity->logic_end - sparity->logic_start;
|
btrfs: Wait for in-flight bios before freeing target device for raid56
When raid56 dev-replace is cancelled by running scrub, we will free
target device without waiting for in-flight bios, causing the following
NULL pointer deference or general protection failure.
BUG: unable to handle kernel NULL pointer dereference at 00000000000005e0
IP: generic_make_request_checks+0x4d/0x610
CPU: 1 PID: 11676 Comm: kworker/u4:14 Tainted: G O 4.11.0-rc2 #72
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-20170228_101828-anatol 04/01/2014
Workqueue: btrfs-endio-raid56 btrfs_endio_raid56_helper [btrfs]
task: ffff88002875b4c0 task.stack: ffffc90001334000
RIP: 0010:generic_make_request_checks+0x4d/0x610
Call Trace:
? generic_make_request+0xc7/0x360
generic_make_request+0x24/0x360
? generic_make_request+0xc7/0x360
submit_bio+0x64/0x120
? page_in_rbio+0x4d/0x80 [btrfs]
? rbio_orig_end_io+0x80/0x80 [btrfs]
finish_rmw+0x3f4/0x540 [btrfs]
validate_rbio_for_rmw+0x36/0x40 [btrfs]
raid_rmw_end_io+0x7a/0x90 [btrfs]
bio_endio+0x56/0x60
end_workqueue_fn+0x3c/0x40 [btrfs]
btrfs_scrubparity_helper+0xef/0x620 [btrfs]
btrfs_endio_raid56_helper+0xe/0x10 [btrfs]
process_one_work+0x2af/0x720
? process_one_work+0x22b/0x720
worker_thread+0x4b/0x4f0
kthread+0x10f/0x150
? process_one_work+0x720/0x720
? kthread_create_on_node+0x40/0x40
ret_from_fork+0x2e/0x40
RIP: generic_make_request_checks+0x4d/0x610 RSP: ffffc90001337bb8
In btrfs_dev_replace_finishing(), we will call
btrfs_rm_dev_replace_blocked() to wait bios before destroying the target
device when scrub is finished normally.
However when dev-replace is aborted, either due to error or cancelled by
scrub, we didn't wait for bios, this can lead to use-after-free if there
are bios holding the target device.
Furthermore, for raid56 scrub, at least 2 places are calling
btrfs_map_sblock() without protection of bio_counter, leading to the
problem.
This patch fixes the problem:
1) Wait for bio_counter before freeing target device when canceling
replace
2) When calling btrfs_map_sblock() for raid56, use bio_counter to
protect the call.
Cc: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Reviewed-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2017-03-29 09:33:21 +08:00
|
|
|
|
|
|
|
btrfs_bio_counter_inc_blocked(fs_info);
|
2016-06-23 06:54:23 +08:00
|
|
|
ret = btrfs_map_sblock(fs_info, BTRFS_MAP_WRITE, sparity->logic_start,
|
2021-09-15 15:17:16 +08:00
|
|
|
&length, &bioc);
|
|
|
|
if (ret || !bioc || !bioc->raid_map)
|
|
|
|
goto bioc_out;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
|
2021-09-15 15:17:18 +08:00
|
|
|
bio = btrfs_bio_alloc(BIO_MAX_VECS);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
bio->bi_iter.bi_sector = sparity->logic_start >> 9;
|
|
|
|
bio->bi_private = sparity;
|
|
|
|
bio->bi_end_io = scrub_parity_bio_endio;
|
|
|
|
|
2021-09-23 14:00:09 +08:00
|
|
|
rbio = raid56_parity_alloc_scrub_rbio(bio, bioc, length,
|
|
|
|
sparity->scrub_dev,
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
sparity->dbitmap,
|
|
|
|
sparity->nsectors);
|
|
|
|
if (!rbio)
|
|
|
|
goto rbio_out;
|
|
|
|
|
|
|
|
scrub_pending_bio_inc(sctx);
|
|
|
|
raid56_parity_submit_scrub_rbio(rbio);
|
|
|
|
return;
|
|
|
|
|
|
|
|
rbio_out:
|
|
|
|
bio_put(bio);
|
2021-09-15 15:17:16 +08:00
|
|
|
bioc_out:
|
btrfs: Wait for in-flight bios before freeing target device for raid56
When raid56 dev-replace is cancelled by running scrub, we will free
target device without waiting for in-flight bios, causing the following
NULL pointer deference or general protection failure.
BUG: unable to handle kernel NULL pointer dereference at 00000000000005e0
IP: generic_make_request_checks+0x4d/0x610
CPU: 1 PID: 11676 Comm: kworker/u4:14 Tainted: G O 4.11.0-rc2 #72
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-20170228_101828-anatol 04/01/2014
Workqueue: btrfs-endio-raid56 btrfs_endio_raid56_helper [btrfs]
task: ffff88002875b4c0 task.stack: ffffc90001334000
RIP: 0010:generic_make_request_checks+0x4d/0x610
Call Trace:
? generic_make_request+0xc7/0x360
generic_make_request+0x24/0x360
? generic_make_request+0xc7/0x360
submit_bio+0x64/0x120
? page_in_rbio+0x4d/0x80 [btrfs]
? rbio_orig_end_io+0x80/0x80 [btrfs]
finish_rmw+0x3f4/0x540 [btrfs]
validate_rbio_for_rmw+0x36/0x40 [btrfs]
raid_rmw_end_io+0x7a/0x90 [btrfs]
bio_endio+0x56/0x60
end_workqueue_fn+0x3c/0x40 [btrfs]
btrfs_scrubparity_helper+0xef/0x620 [btrfs]
btrfs_endio_raid56_helper+0xe/0x10 [btrfs]
process_one_work+0x2af/0x720
? process_one_work+0x22b/0x720
worker_thread+0x4b/0x4f0
kthread+0x10f/0x150
? process_one_work+0x720/0x720
? kthread_create_on_node+0x40/0x40
ret_from_fork+0x2e/0x40
RIP: generic_make_request_checks+0x4d/0x610 RSP: ffffc90001337bb8
In btrfs_dev_replace_finishing(), we will call
btrfs_rm_dev_replace_blocked() to wait bios before destroying the target
device when scrub is finished normally.
However when dev-replace is aborted, either due to error or cancelled by
scrub, we didn't wait for bios, this can lead to use-after-free if there
are bios holding the target device.
Furthermore, for raid56 scrub, at least 2 places are calling
btrfs_map_sblock() without protection of bio_counter, leading to the
problem.
This patch fixes the problem:
1) Wait for bio_counter before freeing target device when canceling
replace
2) When calling btrfs_map_sblock() for raid56, use bio_counter to
protect the call.
Cc: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Reviewed-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2017-03-29 09:33:21 +08:00
|
|
|
btrfs_bio_counter_dec(fs_info);
|
2021-09-15 15:17:16 +08:00
|
|
|
btrfs_put_bioc(bioc);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
bitmap_or(sparity->ebitmap, sparity->ebitmap, sparity->dbitmap,
|
|
|
|
sparity->nsectors);
|
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.malloc_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
|
|
|
out:
|
|
|
|
scrub_free_parity(sparity);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline int scrub_calc_parity_bitmap_len(int nsectors)
|
|
|
|
{
|
2014-12-08 19:55:57 +08:00
|
|
|
return DIV_ROUND_UP(nsectors, BITS_PER_LONG) * sizeof(long);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void scrub_parity_get(struct scrub_parity *sparity)
|
|
|
|
{
|
2017-03-03 16:55:24 +08:00
|
|
|
refcount_inc(&sparity->refs);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void scrub_parity_put(struct scrub_parity *sparity)
|
|
|
|
{
|
2017-03-03 16:55:24 +08:00
|
|
|
if (!refcount_dec_and_test(&sparity->refs))
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
return;
|
|
|
|
|
|
|
|
scrub_parity_check_and_repair(sparity);
|
|
|
|
}
|
|
|
|
|
|
|
|
static noinline_for_stack int scrub_raid56_parity(struct scrub_ctx *sctx,
|
|
|
|
struct map_lookup *map,
|
|
|
|
struct btrfs_device *sdev,
|
|
|
|
struct btrfs_path *path,
|
|
|
|
u64 logic_start,
|
|
|
|
u64 logic_end)
|
|
|
|
{
|
2016-06-23 06:54:56 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
struct btrfs_root *root = fs_info->extent_root;
|
|
|
|
struct btrfs_root *csum_root = fs_info->csum_root;
|
|
|
|
struct btrfs_extent_item *extent;
|
2021-09-15 15:17:16 +08:00
|
|
|
struct btrfs_io_context *bioc = NULL;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
u64 flags;
|
|
|
|
int ret;
|
|
|
|
int slot;
|
|
|
|
struct extent_buffer *l;
|
|
|
|
struct btrfs_key key;
|
|
|
|
u64 generation;
|
|
|
|
u64 extent_logical;
|
|
|
|
u64 extent_physical;
|
2020-12-02 14:48:07 +08:00
|
|
|
/* Check the comment in scrub_stripe() for why u32 is enough here */
|
|
|
|
u32 extent_len;
|
2015-06-20 02:52:52 +08:00
|
|
|
u64 mapped_length;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
struct btrfs_device *extent_dev;
|
|
|
|
struct scrub_parity *sparity;
|
|
|
|
int nsectors;
|
|
|
|
int bitmap_len;
|
|
|
|
int extent_mirror_num;
|
|
|
|
int stop_loop = 0;
|
|
|
|
|
2020-12-02 14:48:07 +08:00
|
|
|
ASSERT(map->stripe_len <= U32_MAX);
|
2020-07-02 02:45:04 +08:00
|
|
|
nsectors = map->stripe_len >> fs_info->sectorsize_bits;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
bitmap_len = scrub_calc_parity_bitmap_len(nsectors);
|
|
|
|
sparity = kzalloc(sizeof(struct scrub_parity) + 2 * bitmap_len,
|
|
|
|
GFP_NOFS);
|
|
|
|
if (!sparity) {
|
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.malloc_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
2020-12-02 14:48:07 +08:00
|
|
|
ASSERT(map->stripe_len <= U32_MAX);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
sparity->stripe_len = map->stripe_len;
|
|
|
|
sparity->nsectors = nsectors;
|
|
|
|
sparity->sctx = sctx;
|
|
|
|
sparity->scrub_dev = sdev;
|
|
|
|
sparity->logic_start = logic_start;
|
|
|
|
sparity->logic_end = logic_end;
|
2017-03-03 16:55:24 +08:00
|
|
|
refcount_set(&sparity->refs, 1);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
INIT_LIST_HEAD(&sparity->spages);
|
|
|
|
sparity->dbitmap = sparity->bitmap;
|
|
|
|
sparity->ebitmap = (void *)sparity->bitmap + bitmap_len;
|
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
while (logic_start < logic_end) {
|
|
|
|
if (btrfs_fs_incompat(fs_info, SKINNY_METADATA))
|
|
|
|
key.type = BTRFS_METADATA_ITEM_KEY;
|
|
|
|
else
|
|
|
|
key.type = BTRFS_EXTENT_ITEM_KEY;
|
|
|
|
key.objectid = logic_start;
|
|
|
|
key.offset = (u64)-1;
|
|
|
|
|
|
|
|
ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
|
|
|
|
if (ret < 0)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (ret > 0) {
|
|
|
|
ret = btrfs_previous_extent_item(root, path, 0);
|
|
|
|
if (ret < 0)
|
|
|
|
goto out;
|
|
|
|
if (ret > 0) {
|
|
|
|
btrfs_release_path(path);
|
|
|
|
ret = btrfs_search_slot(NULL, root, &key,
|
|
|
|
path, 0, 0);
|
|
|
|
if (ret < 0)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
stop_loop = 0;
|
|
|
|
while (1) {
|
|
|
|
u64 bytes;
|
|
|
|
|
|
|
|
l = path->nodes[0];
|
|
|
|
slot = path->slots[0];
|
|
|
|
if (slot >= btrfs_header_nritems(l)) {
|
|
|
|
ret = btrfs_next_leaf(root, path);
|
|
|
|
if (ret == 0)
|
|
|
|
continue;
|
|
|
|
if (ret < 0)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
stop_loop = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
btrfs_item_key_to_cpu(l, &key, slot);
|
|
|
|
|
2015-07-22 13:14:48 +08:00
|
|
|
if (key.type != BTRFS_EXTENT_ITEM_KEY &&
|
|
|
|
key.type != BTRFS_METADATA_ITEM_KEY)
|
|
|
|
goto next;
|
|
|
|
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
if (key.type == BTRFS_METADATA_ITEM_KEY)
|
2016-06-23 06:54:23 +08:00
|
|
|
bytes = fs_info->nodesize;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
else
|
|
|
|
bytes = key.offset;
|
|
|
|
|
|
|
|
if (key.objectid + bytes <= logic_start)
|
|
|
|
goto next;
|
|
|
|
|
btrfs: Fix calculate typo caused by ambiguous meaning of logic_end
For example, in scrub_raid56_parity(), following lines are used
to judge is all data processed:
place1: if (key.objectid > logic_end) ...
place2: if (logic_start >= logic_end) ...
...
(place2 is typo, is should be ">", it is copied from other
place, where logic_end's meaning is different, long story...)
We can fix above typo directly, but the root reason is ambiguous
meaning of logic_end in scrub raid56 parity.
In other place, XXX_end is pointed to data which is not included,
and we need to process segment of [XXX_start, XXX_end).
But for scrub raid56 parity, logic_end is pointed to lattest data
need to process, and introduced many "+ 1" and "- 1" in code as
below:
length = sparity->logic_end - sparity->logic_start + 1
logic_end - logic_start + 1
stripe_logical + increment - 1
This patch changed logic_end's meaning to make it in normal understanding
in raid56 parity functions and data struct alone with above bugfix.
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-07-21 15:42:26 +08:00
|
|
|
if (key.objectid >= logic_end) {
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
stop_loop = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
while (key.objectid >= logic_start + map->stripe_len)
|
|
|
|
logic_start += map->stripe_len;
|
|
|
|
|
|
|
|
extent = btrfs_item_ptr(l, slot,
|
|
|
|
struct btrfs_extent_item);
|
|
|
|
flags = btrfs_extent_flags(l, extent);
|
|
|
|
generation = btrfs_extent_generation(l, extent);
|
|
|
|
|
btrfs: Fix scrub panic when leaf crosses stripes
Scrub panic in following operation:
mkfs.ext4 /dev/vdh
btrfs-convert /dev/vdh
mount /dev/vdh /mnt/tmp1
btrfs scrub start -B /dev/vdh
(panic)
Reason:
1: In some case, leaf created by btrfs-convert was splited into 2
strips.
2: Scrub bypassed part of above wrong leaf data, but remain data
caused panic in scrub_checksum_tree_block().
For reason 1:
we can get following information after some simple operation.
a. mkfs.ext4 /dev/vdh
btrfs-convert /dev/vdh
b. btrfs-debug-tree /dev/vdh
we can see following item in extent tree:
item 25 key (27054080 METADATA_ITEM 0) itemoff 15083 itemsize 33
Its logical address is [27054080, 27070464)
and acrossed 2 strips:
[27000832, 27066368)
[27066368, 27131904)
Will be fixed in btrfs-progs(btrfs-convert, btrfsck, ...)
For reason 2:
Scrub is trying to do a "bypass" in this case, but the result is
"panic", because current code lacks of some condition in bypass,
and let some wrong leaf data escaped.
This patch fixed above scrub code.
Before patch:
# btrfs scrub start -B /dev/vdh
(panic)
After patch:
# btrfs scrub start -B /dev/vdh
scrub done for 353cec8f-da31-4a94-aa35-be72d997b06e
...
# dmesg
...
[ 59.088697] BTRFS error (device vdh): scrub: tree block 27054080 spanning stripes, ignored. logical=27000832
[ 59.089929] BTRFS error (device vdh): scrub: tree block 27054080 spanning stripes, ignored. logical=27066368
#
Reported-by: Chris Murphy <lists@colorremedies.com>
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-07-23 12:29:49 +08:00
|
|
|
if ((flags & BTRFS_EXTENT_FLAG_TREE_BLOCK) &&
|
|
|
|
(key.objectid < logic_start ||
|
|
|
|
key.objectid + bytes >
|
|
|
|
logic_start + map->stripe_len)) {
|
2016-09-20 22:05:00 +08:00
|
|
|
btrfs_err(fs_info,
|
|
|
|
"scrub: tree block %llu spanning stripes, ignored. logical=%llu",
|
btrfs: Fix scrub panic when leaf crosses stripes
Scrub panic in following operation:
mkfs.ext4 /dev/vdh
btrfs-convert /dev/vdh
mount /dev/vdh /mnt/tmp1
btrfs scrub start -B /dev/vdh
(panic)
Reason:
1: In some case, leaf created by btrfs-convert was splited into 2
strips.
2: Scrub bypassed part of above wrong leaf data, but remain data
caused panic in scrub_checksum_tree_block().
For reason 1:
we can get following information after some simple operation.
a. mkfs.ext4 /dev/vdh
btrfs-convert /dev/vdh
b. btrfs-debug-tree /dev/vdh
we can see following item in extent tree:
item 25 key (27054080 METADATA_ITEM 0) itemoff 15083 itemsize 33
Its logical address is [27054080, 27070464)
and acrossed 2 strips:
[27000832, 27066368)
[27066368, 27131904)
Will be fixed in btrfs-progs(btrfs-convert, btrfsck, ...)
For reason 2:
Scrub is trying to do a "bypass" in this case, but the result is
"panic", because current code lacks of some condition in bypass,
and let some wrong leaf data escaped.
This patch fixed above scrub code.
Before patch:
# btrfs scrub start -B /dev/vdh
(panic)
After patch:
# btrfs scrub start -B /dev/vdh
scrub done for 353cec8f-da31-4a94-aa35-be72d997b06e
...
# dmesg
...
[ 59.088697] BTRFS error (device vdh): scrub: tree block 27054080 spanning stripes, ignored. logical=27000832
[ 59.089929] BTRFS error (device vdh): scrub: tree block 27054080 spanning stripes, ignored. logical=27066368
#
Reported-by: Chris Murphy <lists@colorremedies.com>
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-07-23 12:29:49 +08:00
|
|
|
key.objectid, logic_start);
|
2015-08-25 21:31:40 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.uncorrectable_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
goto next;
|
|
|
|
}
|
|
|
|
again:
|
|
|
|
extent_logical = key.objectid;
|
2020-12-02 14:48:07 +08:00
|
|
|
ASSERT(bytes <= U32_MAX);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
extent_len = bytes;
|
|
|
|
|
|
|
|
if (extent_logical < logic_start) {
|
|
|
|
extent_len -= logic_start - extent_logical;
|
|
|
|
extent_logical = logic_start;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (extent_logical + extent_len >
|
|
|
|
logic_start + map->stripe_len)
|
|
|
|
extent_len = logic_start + map->stripe_len -
|
|
|
|
extent_logical;
|
|
|
|
|
|
|
|
scrub_parity_mark_sectors_data(sparity, extent_logical,
|
|
|
|
extent_len);
|
|
|
|
|
2015-06-20 02:52:52 +08:00
|
|
|
mapped_length = extent_len;
|
2021-09-15 15:17:16 +08:00
|
|
|
bioc = NULL;
|
2016-10-27 15:27:36 +08:00
|
|
|
ret = btrfs_map_block(fs_info, BTRFS_MAP_READ,
|
2021-09-15 15:17:16 +08:00
|
|
|
extent_logical, &mapped_length, &bioc,
|
2016-10-27 15:27:36 +08:00
|
|
|
0);
|
2015-06-20 02:52:52 +08:00
|
|
|
if (!ret) {
|
2021-09-15 15:17:16 +08:00
|
|
|
if (!bioc || mapped_length < extent_len)
|
2015-06-20 02:52:52 +08:00
|
|
|
ret = -EIO;
|
|
|
|
}
|
|
|
|
if (ret) {
|
2021-09-15 15:17:16 +08:00
|
|
|
btrfs_put_bioc(bioc);
|
2015-06-20 02:52:52 +08:00
|
|
|
goto out;
|
|
|
|
}
|
2021-09-15 15:17:16 +08:00
|
|
|
extent_physical = bioc->stripes[0].physical;
|
|
|
|
extent_mirror_num = bioc->mirror_num;
|
|
|
|
extent_dev = bioc->stripes[0].dev;
|
|
|
|
btrfs_put_bioc(bioc);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
|
|
|
|
ret = btrfs_lookup_csums_range(csum_root,
|
|
|
|
extent_logical,
|
|
|
|
extent_logical + extent_len - 1,
|
|
|
|
&sctx->csum_list, 1);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
ret = scrub_extent_for_parity(sparity, extent_logical,
|
|
|
|
extent_len,
|
|
|
|
extent_physical,
|
|
|
|
extent_dev, flags,
|
|
|
|
generation,
|
|
|
|
extent_mirror_num);
|
2015-07-21 12:22:30 +08:00
|
|
|
|
|
|
|
scrub_free_csums(sctx);
|
|
|
|
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (extent_logical + extent_len <
|
|
|
|
key.objectid + bytes) {
|
|
|
|
logic_start += map->stripe_len;
|
|
|
|
|
|
|
|
if (logic_start >= logic_end) {
|
|
|
|
stop_loop = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (logic_start < key.objectid + bytes) {
|
|
|
|
cond_resched();
|
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
next:
|
|
|
|
path->slots[0]++;
|
|
|
|
}
|
|
|
|
|
|
|
|
btrfs_release_path(path);
|
|
|
|
|
|
|
|
if (stop_loop)
|
|
|
|
break;
|
|
|
|
|
|
|
|
logic_start += map->stripe_len;
|
|
|
|
}
|
|
|
|
out:
|
2020-12-02 14:48:07 +08:00
|
|
|
if (ret < 0) {
|
|
|
|
ASSERT(logic_end - logic_start <= U32_MAX);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
scrub_parity_mark_sectors_error(sparity, logic_start,
|
btrfs: Fix calculate typo caused by ambiguous meaning of logic_end
For example, in scrub_raid56_parity(), following lines are used
to judge is all data processed:
place1: if (key.objectid > logic_end) ...
place2: if (logic_start >= logic_end) ...
...
(place2 is typo, is should be ">", it is copied from other
place, where logic_end's meaning is different, long story...)
We can fix above typo directly, but the root reason is ambiguous
meaning of logic_end in scrub raid56 parity.
In other place, XXX_end is pointed to data which is not included,
and we need to process segment of [XXX_start, XXX_end).
But for scrub raid56 parity, logic_end is pointed to lattest data
need to process, and introduced many "+ 1" and "- 1" in code as
below:
length = sparity->logic_end - sparity->logic_start + 1
logic_end - logic_start + 1
stripe_logical + increment - 1
This patch changed logic_end's meaning to make it in normal understanding
in raid56 parity functions and data struct alone with above bugfix.
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-07-21 15:42:26 +08:00
|
|
|
logic_end - logic_start);
|
2020-12-02 14:48:07 +08:00
|
|
|
}
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
scrub_parity_put(sparity);
|
|
|
|
scrub_submit(sctx);
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_lock(&sctx->wr_lock);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
scrub_wr_submit(sctx);
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_unlock(&sctx->wr_lock);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
|
|
|
|
btrfs_release_path(path);
|
|
|
|
return ret < 0 ? ret : 0;
|
|
|
|
}
|
|
|
|
|
2021-02-04 18:22:13 +08:00
|
|
|
static void sync_replace_for_zoned(struct scrub_ctx *sctx)
|
|
|
|
{
|
|
|
|
if (!btrfs_is_zoned(sctx->fs_info))
|
|
|
|
return;
|
|
|
|
|
|
|
|
sctx->flush_all_writes = true;
|
|
|
|
scrub_submit(sctx);
|
|
|
|
mutex_lock(&sctx->wr_lock);
|
|
|
|
scrub_wr_submit(sctx);
|
|
|
|
mutex_unlock(&sctx->wr_lock);
|
|
|
|
|
|
|
|
wait_event(sctx->list_wait, atomic_read(&sctx->bios_in_flight) == 0);
|
|
|
|
}
|
|
|
|
|
2021-02-04 18:22:14 +08:00
|
|
|
static int sync_write_pointer_for_zoned(struct scrub_ctx *sctx, u64 logical,
|
|
|
|
u64 physical, u64 physical_end)
|
|
|
|
{
|
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
if (!btrfs_is_zoned(fs_info))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
wait_event(sctx->list_wait, atomic_read(&sctx->bios_in_flight) == 0);
|
|
|
|
|
|
|
|
mutex_lock(&sctx->wr_lock);
|
|
|
|
if (sctx->write_pointer < physical_end) {
|
|
|
|
ret = btrfs_sync_zone_write_pointer(sctx->wr_tgtdev, logical,
|
|
|
|
physical,
|
|
|
|
sctx->write_pointer);
|
|
|
|
if (ret)
|
|
|
|
btrfs_err(fs_info,
|
|
|
|
"zoned: failed to recover write pointer");
|
|
|
|
}
|
|
|
|
mutex_unlock(&sctx->wr_lock);
|
|
|
|
btrfs_dev_clear_zone_empty(sctx->wr_tgtdev, physical);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx,
|
2012-11-02 20:26:57 +08:00
|
|
|
struct map_lookup *map,
|
|
|
|
struct btrfs_device *scrub_dev,
|
btrfs: fix a race between scrub and block group removal/allocation
When scrub is verifying the extents of a block group for a device, it is
possible that the corresponding block group gets removed and its logical
address and device extents get used for a new block group allocation.
When this happens scrub incorrectly reports that errors were detected
and, if the the new block group has a different profile then the old one,
deleted block group, we can crash due to a null pointer dereference.
Possibly other unexpected and weird consequences can happen as well.
Consider the following sequence of actions that leads to the null pointer
dereference crash when scrub is running in parallel with balance:
1) Balance sets block group X to read-only mode and starts relocating it.
Block group X is a metadata block group, has a raid1 profile (two
device extents, each one in a different device) and a logical address
of 19424870400;
2) Scrub is running and finds device extent E, which belongs to block
group X. It enters scrub_stripe() to find all extents allocated to
block group X, the search is done using the extent tree;
3) Balance finishes relocating block group X and removes block group X;
4) Balance starts relocating another block group and when trying to
commit the current transaction as part of the preparation step
(prepare_to_relocate()), it blocks because scrub is running;
5) The scrub task finds the metadata extent at the logical address
19425001472 and marks the pages of the extent to be read by a bio
(struct scrub_bio). The extent item's flags, which have the bit
BTRFS_EXTENT_FLAG_TREE_BLOCK set, are added to each page (struct
scrub_page). It is these flags in the scrub pages that tells the
bio's end io function (scrub_bio_end_io_worker) which type of extent
it is dealing with. At this point we end up with 4 pages in a bio
which is ready for submission (the metadata extent has a size of
16Kb, so that gives 4 pages on x86);
6) At the next iteration of scrub_stripe(), scrub checks that there is a
pause request from the relocation task trying to commit a transaction,
therefore it submits the pending bio and pauses, waiting for the
transaction commit to complete before resuming;
7) The relocation task commits the transaction. The device extent E, that
was used by our block group X, is now available for allocation, since
the commit root for the device tree was swapped by the transaction
commit;
8) Another task doing a direct IO write allocates a new data block group Y
which ends using device extent E. This new block group Y also ends up
getting the same logical address that block group X had: 19424870400.
This happens because block group X was the block group with the highest
logical address and, when allocating Y, find_next_chunk() returns the
end offset of the current last block group to be used as the logical
address for the new block group, which is
18351128576 + 1073741824 = 19424870400
So our new block group Y has the same logical address and device extent
that block group X had. However Y is a data block group, while X was
a metadata one, and Y has a raid0 profile, while X had a raid1 profile;
9) After allocating block group Y, the direct IO submits a bio to write
to device extent E;
10) The read bio submitted by scrub reads the 4 pages (16Kb) from device
extent E, which now correspond to the data written by the task that
did a direct IO write. Then at the end io function associated with
the bio, scrub_bio_end_io_worker(), we call scrub_block_complete()
which calls scrub_checksum(). This later function checks the flags
of the first page, and sees that the bit BTRFS_EXTENT_FLAG_TREE_BLOCK
is set in the flags, so it assumes it has a metadata extent and
then calls scrub_checksum_tree_block(). That functions returns an
error, since interpreting data as a metadata extent causes the
checksum verification to fail.
So this makes scrub_checksum() call scrub_handle_errored_block(),
which determines 'failed_mirror_index' to be 1, since the device
extent E was allocated as the second mirror of block group X.
It allocates BTRFS_MAX_MIRRORS scrub_block structures as an array at
'sblocks_for_recheck', and all the memory is initialized to zeroes by
kcalloc().
After that it calls scrub_setup_recheck_block(), which is responsible
for filling each of those structures. However, when that function
calls btrfs_map_sblock() against the logical address of the metadata
extent, 19425001472, it gets a struct btrfs_bio ('bbio') that matches
the current block group Y. However block group Y has a raid0 profile
and not a raid1 profile like X had, so the following call returns 1:
scrub_nr_raid_mirrors(bbio)
And as a result scrub_setup_recheck_block() only initializes the
first (index 0) scrub_block structure in 'sblocks_for_recheck'.
Then scrub_recheck_block() is called by scrub_handle_errored_block()
with the second (index 1) scrub_block structure as the argument,
because 'failed_mirror_index' was previously set to 1.
This scrub_block was not initialized by scrub_setup_recheck_block(),
so it has zero pages, its 'page_count' member is 0 and its 'pagev'
page array has all members pointing to NULL.
Finally when scrub_recheck_block() calls scrub_recheck_block_checksum()
we have a NULL pointer dereference when accessing the flags of the first
page, as pavev[0] is NULL:
static void scrub_recheck_block_checksum(struct scrub_block *sblock)
{
(...)
if (sblock->pagev[0]->flags & BTRFS_EXTENT_FLAG_DATA)
scrub_checksum_data(sblock);
(...)
}
Producing a stack trace like the following:
[542998.008985] BUG: kernel NULL pointer dereference, address: 0000000000000028
[542998.010238] #PF: supervisor read access in kernel mode
[542998.010878] #PF: error_code(0x0000) - not-present page
[542998.011516] PGD 0 P4D 0
[542998.011929] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
[542998.012786] CPU: 3 PID: 4846 Comm: kworker/u8:1 Tainted: G B W 5.6.0-rc7-btrfs-next-58 #1
[542998.014524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[542998.016065] Workqueue: btrfs-scrub btrfs_work_helper [btrfs]
[542998.017255] RIP: 0010:scrub_recheck_block_checksum+0xf/0x20 [btrfs]
[542998.018474] Code: 4c 89 e6 ...
[542998.021419] RSP: 0018:ffffa7af0375fbd8 EFLAGS: 00010202
[542998.022120] RAX: 0000000000000000 RBX: ffff9792e674d120 RCX: 0000000000000000
[542998.023178] RDX: 0000000000000001 RSI: ffff9792e674d120 RDI: ffff9792e674d120
[542998.024465] RBP: 0000000000000000 R08: 0000000000000067 R09: 0000000000000001
[542998.025462] R10: ffffa7af0375fa50 R11: 0000000000000000 R12: ffff9791f61fe800
[542998.026357] R13: ffff9792e674d120 R14: 0000000000000001 R15: ffffffffc0e3dfc0
[542998.027237] FS: 0000000000000000(0000) GS:ffff9792fb200000(0000) knlGS:0000000000000000
[542998.028327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[542998.029261] CR2: 0000000000000028 CR3: 00000000b3b18003 CR4: 00000000003606e0
[542998.030301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[542998.031316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[542998.032380] Call Trace:
[542998.032752] scrub_recheck_block+0x162/0x400 [btrfs]
[542998.033500] ? __alloc_pages_nodemask+0x31e/0x460
[542998.034228] scrub_handle_errored_block+0x6f8/0x1920 [btrfs]
[542998.035170] scrub_bio_end_io_worker+0x100/0x520 [btrfs]
[542998.035991] btrfs_work_helper+0xaa/0x720 [btrfs]
[542998.036735] process_one_work+0x26d/0x6a0
[542998.037275] worker_thread+0x4f/0x3e0
[542998.037740] ? process_one_work+0x6a0/0x6a0
[542998.038378] kthread+0x103/0x140
[542998.038789] ? kthread_create_worker_on_cpu+0x70/0x70
[542998.039419] ret_from_fork+0x3a/0x50
[542998.039875] Modules linked in: dm_snapshot dm_thin_pool ...
[542998.047288] CR2: 0000000000000028
[542998.047724] ---[ end trace bde186e176c7f96a ]---
This issue has been around for a long time, possibly since scrub exists.
The last time I ran into it was over 2 years ago. After recently fixing
fstests to pass the "--full-balance" command line option to btrfs-progs
when doing balance, several tests started to more heavily exercise balance
with fsstress, scrub and other operations in parallel, and therefore
started to hit this issue again (with btrfs/061 for example).
Fix this by having scrub increment the 'trimming' counter of the block
group, which pins the block group in such a way that it guarantees neither
its logical address nor device extents can be reused by future block group
allocations until we decrement the 'trimming' counter. Also make sure that
on each iteration of scrub_stripe() we stop scrubbing the block group if
it was removed already.
A later patch in the series will rename the block group's 'trimming'
counter and its helpers to a more generic name, since now it is not used
exclusively for pinning while trimming anymore.
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-05-08 18:01:10 +08:00
|
|
|
int num, u64 base, u64 length,
|
|
|
|
struct btrfs_block_group *cache)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
struct btrfs_path *path, *ppath;
|
2016-06-23 06:54:56 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
2011-03-08 21:14:00 +08:00
|
|
|
struct btrfs_root *root = fs_info->extent_root;
|
|
|
|
struct btrfs_root *csum_root = fs_info->csum_root;
|
|
|
|
struct btrfs_extent_item *extent;
|
2011-05-29 04:58:38 +08:00
|
|
|
struct blk_plug plug;
|
2011-03-08 21:14:00 +08:00
|
|
|
u64 flags;
|
|
|
|
int ret;
|
|
|
|
int slot;
|
|
|
|
u64 nstripes;
|
|
|
|
struct extent_buffer *l;
|
|
|
|
u64 physical;
|
|
|
|
u64 logical;
|
2013-04-27 10:56:57 +08:00
|
|
|
u64 logic_end;
|
2014-04-01 18:01:43 +08:00
|
|
|
u64 physical_end;
|
2011-03-08 21:14:00 +08:00
|
|
|
u64 generation;
|
2011-06-17 21:55:21 +08:00
|
|
|
int mirror_num;
|
2011-06-10 18:39:23 +08:00
|
|
|
struct reada_control *reada1;
|
|
|
|
struct reada_control *reada2;
|
2016-03-25 01:00:53 +08:00
|
|
|
struct btrfs_key key;
|
2011-06-10 18:39:23 +08:00
|
|
|
struct btrfs_key key_end;
|
2011-03-08 21:14:00 +08:00
|
|
|
u64 increment = map->stripe_len;
|
|
|
|
u64 offset;
|
2012-11-06 18:43:11 +08:00
|
|
|
u64 extent_logical;
|
|
|
|
u64 extent_physical;
|
2020-12-02 14:48:07 +08:00
|
|
|
/*
|
|
|
|
* Unlike chunk length, extent length should never go beyond
|
|
|
|
* BTRFS_MAX_EXTENT_SIZE, thus u32 is enough here.
|
|
|
|
*/
|
|
|
|
u32 extent_len;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
u64 stripe_logical;
|
|
|
|
u64 stripe_end;
|
2012-11-06 18:43:11 +08:00
|
|
|
struct btrfs_device *extent_dev;
|
|
|
|
int extent_mirror_num;
|
2014-04-01 18:01:43 +08:00
|
|
|
int stop_loop = 0;
|
2013-01-30 07:40:14 +08:00
|
|
|
|
2014-04-01 18:01:43 +08:00
|
|
|
physical = map->stripes[num].physical;
|
2011-03-08 21:14:00 +08:00
|
|
|
offset = 0;
|
2017-04-04 04:45:24 +08:00
|
|
|
nstripes = div64_u64(length, map->stripe_len);
|
2019-11-28 22:37:46 +08:00
|
|
|
mirror_num = 1;
|
|
|
|
increment = map->stripe_len;
|
2011-03-08 21:14:00 +08:00
|
|
|
if (map->type & BTRFS_BLOCK_GROUP_RAID0) {
|
|
|
|
offset = map->stripe_len * num;
|
|
|
|
increment = map->stripe_len * map->num_stripes;
|
|
|
|
} else if (map->type & BTRFS_BLOCK_GROUP_RAID10) {
|
|
|
|
int factor = map->num_stripes / map->sub_stripes;
|
|
|
|
offset = map->stripe_len * (num / map->sub_stripes);
|
|
|
|
increment = map->stripe_len * factor;
|
2011-06-14 01:56:54 +08:00
|
|
|
mirror_num = num % map->sub_stripes + 1;
|
2019-05-31 21:39:31 +08:00
|
|
|
} else if (map->type & BTRFS_BLOCK_GROUP_RAID1_MASK) {
|
2011-06-14 01:56:54 +08:00
|
|
|
mirror_num = num % map->num_stripes + 1;
|
2011-03-08 21:14:00 +08:00
|
|
|
} else if (map->type & BTRFS_BLOCK_GROUP_DUP) {
|
2011-06-14 01:56:54 +08:00
|
|
|
mirror_num = num % map->num_stripes + 1;
|
2015-01-20 15:11:44 +08:00
|
|
|
} else if (map->type & BTRFS_BLOCK_GROUP_RAID56_MASK) {
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
get_raid56_logic_offset(physical, num, map, &offset, NULL);
|
2014-04-01 18:01:43 +08:00
|
|
|
increment = map->stripe_len * nr_data_stripes(map);
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
path = btrfs_alloc_path();
|
|
|
|
if (!path)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
ppath = btrfs_alloc_path();
|
|
|
|
if (!ppath) {
|
2015-01-09 16:37:52 +08:00
|
|
|
btrfs_free_path(path);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
2012-03-28 02:21:27 +08:00
|
|
|
/*
|
|
|
|
* work on commit root. The related disk blocks are static as
|
|
|
|
* long as COW is applied. This means, it is save to rewrite
|
|
|
|
* them to repair disk errors without any race conditions
|
|
|
|
*/
|
2011-03-08 21:14:00 +08:00
|
|
|
path->search_commit_root = 1;
|
|
|
|
path->skip_locking = 1;
|
|
|
|
|
2015-01-09 09:39:40 +08:00
|
|
|
ppath->search_commit_root = 1;
|
|
|
|
ppath->skip_locking = 1;
|
2011-03-08 21:14:00 +08:00
|
|
|
/*
|
2011-06-10 18:39:23 +08:00
|
|
|
* trigger the readahead for extent tree csum tree and wait for
|
|
|
|
* completion. During readahead, the scrub is officially paused
|
|
|
|
* to not hold off transaction commits
|
2011-03-08 21:14:00 +08:00
|
|
|
*/
|
|
|
|
logical = base + offset;
|
2014-04-01 18:01:43 +08:00
|
|
|
physical_end = physical + nstripes * map->stripe_len;
|
2015-01-20 15:11:44 +08:00
|
|
|
if (map->type & BTRFS_BLOCK_GROUP_RAID56_MASK) {
|
2014-04-01 18:01:43 +08:00
|
|
|
get_raid56_logic_offset(physical_end, num,
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
map, &logic_end, NULL);
|
2014-04-01 18:01:43 +08:00
|
|
|
logic_end += base;
|
|
|
|
} else {
|
|
|
|
logic_end = logical + increment * nstripes;
|
|
|
|
}
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
wait_event(sctx->list_wait,
|
2012-11-02 23:44:58 +08:00
|
|
|
atomic_read(&sctx->bios_in_flight) == 0);
|
2013-12-04 21:16:53 +08:00
|
|
|
scrub_blocked_if_needed(fs_info);
|
2011-06-10 18:39:23 +08:00
|
|
|
|
|
|
|
/* FIXME it might be better to start readahead at commit root */
|
2016-03-25 01:00:53 +08:00
|
|
|
key.objectid = logical;
|
|
|
|
key.type = BTRFS_EXTENT_ITEM_KEY;
|
|
|
|
key.offset = (u64)0;
|
2014-04-01 18:01:43 +08:00
|
|
|
key_end.objectid = logic_end;
|
2013-03-08 03:22:04 +08:00
|
|
|
key_end.type = BTRFS_METADATA_ITEM_KEY;
|
|
|
|
key_end.offset = (u64)-1;
|
2016-03-25 01:00:53 +08:00
|
|
|
reada1 = btrfs_reada_add(root, &key, &key_end);
|
2011-06-10 18:39:23 +08:00
|
|
|
|
2020-10-12 18:55:26 +08:00
|
|
|
if (cache->flags & BTRFS_BLOCK_GROUP_DATA) {
|
|
|
|
key.objectid = BTRFS_EXTENT_CSUM_OBJECTID;
|
|
|
|
key.type = BTRFS_EXTENT_CSUM_KEY;
|
|
|
|
key.offset = logical;
|
|
|
|
key_end.objectid = BTRFS_EXTENT_CSUM_OBJECTID;
|
|
|
|
key_end.type = BTRFS_EXTENT_CSUM_KEY;
|
|
|
|
key_end.offset = logic_end;
|
|
|
|
reada2 = btrfs_reada_add(csum_root, &key, &key_end);
|
|
|
|
} else {
|
|
|
|
reada2 = NULL;
|
|
|
|
}
|
2011-06-10 18:39:23 +08:00
|
|
|
|
|
|
|
if (!IS_ERR(reada1))
|
|
|
|
btrfs_reada_wait(reada1);
|
2020-10-12 18:55:26 +08:00
|
|
|
if (!IS_ERR_OR_NULL(reada2))
|
2011-06-10 18:39:23 +08:00
|
|
|
btrfs_reada_wait(reada2);
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* collect all data csums for the stripe to avoid seeking during
|
|
|
|
* the scrub. This might currently (crc32) end up to be about 1MB
|
|
|
|
*/
|
2011-05-29 04:58:38 +08:00
|
|
|
blk_start_plug(&plug);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2021-02-04 18:22:13 +08:00
|
|
|
if (sctx->is_dev_replace &&
|
|
|
|
btrfs_dev_is_sequential(sctx->wr_tgtdev, physical)) {
|
|
|
|
mutex_lock(&sctx->wr_lock);
|
|
|
|
sctx->write_pointer = physical;
|
|
|
|
mutex_unlock(&sctx->wr_lock);
|
|
|
|
sctx->flush_all_writes = true;
|
|
|
|
}
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
/*
|
|
|
|
* now find all extents for each stripe and scrub them
|
|
|
|
*/
|
|
|
|
ret = 0;
|
2014-04-01 18:01:43 +08:00
|
|
|
while (physical < physical_end) {
|
2011-03-08 21:14:00 +08:00
|
|
|
/*
|
|
|
|
* canceled?
|
|
|
|
*/
|
|
|
|
if (atomic_read(&fs_info->scrub_cancel_req) ||
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
atomic_read(&sctx->cancel_req)) {
|
2011-03-08 21:14:00 +08:00
|
|
|
ret = -ECANCELED;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* check to see if we have to pause
|
|
|
|
*/
|
|
|
|
if (atomic_read(&fs_info->scrub_pause_req)) {
|
|
|
|
/* push queued extents */
|
2017-03-31 23:12:51 +08:00
|
|
|
sctx->flush_all_writes = true;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
scrub_submit(sctx);
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_lock(&sctx->wr_lock);
|
2012-11-06 18:43:11 +08:00
|
|
|
scrub_wr_submit(sctx);
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_unlock(&sctx->wr_lock);
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
wait_event(sctx->list_wait,
|
2012-11-02 23:44:58 +08:00
|
|
|
atomic_read(&sctx->bios_in_flight) == 0);
|
2017-03-31 23:12:51 +08:00
|
|
|
sctx->flush_all_writes = false;
|
2013-12-04 21:15:19 +08:00
|
|
|
scrub_blocked_if_needed(fs_info);
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2015-07-21 12:22:29 +08:00
|
|
|
if (map->type & BTRFS_BLOCK_GROUP_RAID56_MASK) {
|
|
|
|
ret = get_raid56_logic_offset(physical, num, map,
|
|
|
|
&logical,
|
|
|
|
&stripe_logical);
|
|
|
|
logical += base;
|
|
|
|
if (ret) {
|
2015-08-18 17:54:30 +08:00
|
|
|
/* it is parity strip */
|
2015-07-21 12:22:29 +08:00
|
|
|
stripe_logical += base;
|
btrfs: Fix calculate typo caused by ambiguous meaning of logic_end
For example, in scrub_raid56_parity(), following lines are used
to judge is all data processed:
place1: if (key.objectid > logic_end) ...
place2: if (logic_start >= logic_end) ...
...
(place2 is typo, is should be ">", it is copied from other
place, where logic_end's meaning is different, long story...)
We can fix above typo directly, but the root reason is ambiguous
meaning of logic_end in scrub raid56 parity.
In other place, XXX_end is pointed to data which is not included,
and we need to process segment of [XXX_start, XXX_end).
But for scrub raid56 parity, logic_end is pointed to lattest data
need to process, and introduced many "+ 1" and "- 1" in code as
below:
length = sparity->logic_end - sparity->logic_start + 1
logic_end - logic_start + 1
stripe_logical + increment - 1
This patch changed logic_end's meaning to make it in normal understanding
in raid56 parity functions and data struct alone with above bugfix.
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-07-21 15:42:26 +08:00
|
|
|
stripe_end = stripe_logical + increment;
|
2015-07-21 12:22:29 +08:00
|
|
|
ret = scrub_raid56_parity(sctx, map, scrub_dev,
|
|
|
|
ppath, stripe_logical,
|
|
|
|
stripe_end);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
goto skip;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-01-12 21:38:32 +08:00
|
|
|
if (btrfs_fs_incompat(fs_info, SKINNY_METADATA))
|
|
|
|
key.type = BTRFS_METADATA_ITEM_KEY;
|
|
|
|
else
|
|
|
|
key.type = BTRFS_EXTENT_ITEM_KEY;
|
2011-03-08 21:14:00 +08:00
|
|
|
key.objectid = logical;
|
2013-04-27 10:56:57 +08:00
|
|
|
key.offset = (u64)-1;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
|
|
|
|
if (ret < 0)
|
|
|
|
goto out;
|
2013-03-08 03:22:04 +08:00
|
|
|
|
2011-06-03 16:09:26 +08:00
|
|
|
if (ret > 0) {
|
2014-01-12 21:38:33 +08:00
|
|
|
ret = btrfs_previous_extent_item(root, path, 0);
|
2011-03-08 21:14:00 +08:00
|
|
|
if (ret < 0)
|
|
|
|
goto out;
|
2011-06-03 16:09:26 +08:00
|
|
|
if (ret > 0) {
|
|
|
|
/* there's no smaller item, so stick with the
|
|
|
|
* larger one */
|
|
|
|
btrfs_release_path(path);
|
|
|
|
ret = btrfs_search_slot(NULL, root, &key,
|
|
|
|
path, 0, 0);
|
|
|
|
if (ret < 0)
|
|
|
|
goto out;
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2013-04-27 10:56:57 +08:00
|
|
|
stop_loop = 0;
|
2011-03-08 21:14:00 +08:00
|
|
|
while (1) {
|
2013-03-08 03:22:04 +08:00
|
|
|
u64 bytes;
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
l = path->nodes[0];
|
|
|
|
slot = path->slots[0];
|
|
|
|
if (slot >= btrfs_header_nritems(l)) {
|
|
|
|
ret = btrfs_next_leaf(root, path);
|
|
|
|
if (ret == 0)
|
|
|
|
continue;
|
|
|
|
if (ret < 0)
|
|
|
|
goto out;
|
|
|
|
|
2013-04-27 10:56:57 +08:00
|
|
|
stop_loop = 1;
|
2011-03-08 21:14:00 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
btrfs_item_key_to_cpu(l, &key, slot);
|
|
|
|
|
2015-07-22 13:14:48 +08:00
|
|
|
if (key.type != BTRFS_EXTENT_ITEM_KEY &&
|
|
|
|
key.type != BTRFS_METADATA_ITEM_KEY)
|
|
|
|
goto next;
|
|
|
|
|
2013-03-08 03:22:04 +08:00
|
|
|
if (key.type == BTRFS_METADATA_ITEM_KEY)
|
2016-06-23 06:54:23 +08:00
|
|
|
bytes = fs_info->nodesize;
|
2013-03-08 03:22:04 +08:00
|
|
|
else
|
|
|
|
bytes = key.offset;
|
|
|
|
|
|
|
|
if (key.objectid + bytes <= logical)
|
2011-03-08 21:14:00 +08:00
|
|
|
goto next;
|
|
|
|
|
2013-04-27 10:56:57 +08:00
|
|
|
if (key.objectid >= logical + map->stripe_len) {
|
|
|
|
/* out of this device extent */
|
|
|
|
if (key.objectid >= logic_end)
|
|
|
|
stop_loop = 1;
|
|
|
|
break;
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
btrfs: fix a race between scrub and block group removal/allocation
When scrub is verifying the extents of a block group for a device, it is
possible that the corresponding block group gets removed and its logical
address and device extents get used for a new block group allocation.
When this happens scrub incorrectly reports that errors were detected
and, if the the new block group has a different profile then the old one,
deleted block group, we can crash due to a null pointer dereference.
Possibly other unexpected and weird consequences can happen as well.
Consider the following sequence of actions that leads to the null pointer
dereference crash when scrub is running in parallel with balance:
1) Balance sets block group X to read-only mode and starts relocating it.
Block group X is a metadata block group, has a raid1 profile (two
device extents, each one in a different device) and a logical address
of 19424870400;
2) Scrub is running and finds device extent E, which belongs to block
group X. It enters scrub_stripe() to find all extents allocated to
block group X, the search is done using the extent tree;
3) Balance finishes relocating block group X and removes block group X;
4) Balance starts relocating another block group and when trying to
commit the current transaction as part of the preparation step
(prepare_to_relocate()), it blocks because scrub is running;
5) The scrub task finds the metadata extent at the logical address
19425001472 and marks the pages of the extent to be read by a bio
(struct scrub_bio). The extent item's flags, which have the bit
BTRFS_EXTENT_FLAG_TREE_BLOCK set, are added to each page (struct
scrub_page). It is these flags in the scrub pages that tells the
bio's end io function (scrub_bio_end_io_worker) which type of extent
it is dealing with. At this point we end up with 4 pages in a bio
which is ready for submission (the metadata extent has a size of
16Kb, so that gives 4 pages on x86);
6) At the next iteration of scrub_stripe(), scrub checks that there is a
pause request from the relocation task trying to commit a transaction,
therefore it submits the pending bio and pauses, waiting for the
transaction commit to complete before resuming;
7) The relocation task commits the transaction. The device extent E, that
was used by our block group X, is now available for allocation, since
the commit root for the device tree was swapped by the transaction
commit;
8) Another task doing a direct IO write allocates a new data block group Y
which ends using device extent E. This new block group Y also ends up
getting the same logical address that block group X had: 19424870400.
This happens because block group X was the block group with the highest
logical address and, when allocating Y, find_next_chunk() returns the
end offset of the current last block group to be used as the logical
address for the new block group, which is
18351128576 + 1073741824 = 19424870400
So our new block group Y has the same logical address and device extent
that block group X had. However Y is a data block group, while X was
a metadata one, and Y has a raid0 profile, while X had a raid1 profile;
9) After allocating block group Y, the direct IO submits a bio to write
to device extent E;
10) The read bio submitted by scrub reads the 4 pages (16Kb) from device
extent E, which now correspond to the data written by the task that
did a direct IO write. Then at the end io function associated with
the bio, scrub_bio_end_io_worker(), we call scrub_block_complete()
which calls scrub_checksum(). This later function checks the flags
of the first page, and sees that the bit BTRFS_EXTENT_FLAG_TREE_BLOCK
is set in the flags, so it assumes it has a metadata extent and
then calls scrub_checksum_tree_block(). That functions returns an
error, since interpreting data as a metadata extent causes the
checksum verification to fail.
So this makes scrub_checksum() call scrub_handle_errored_block(),
which determines 'failed_mirror_index' to be 1, since the device
extent E was allocated as the second mirror of block group X.
It allocates BTRFS_MAX_MIRRORS scrub_block structures as an array at
'sblocks_for_recheck', and all the memory is initialized to zeroes by
kcalloc().
After that it calls scrub_setup_recheck_block(), which is responsible
for filling each of those structures. However, when that function
calls btrfs_map_sblock() against the logical address of the metadata
extent, 19425001472, it gets a struct btrfs_bio ('bbio') that matches
the current block group Y. However block group Y has a raid0 profile
and not a raid1 profile like X had, so the following call returns 1:
scrub_nr_raid_mirrors(bbio)
And as a result scrub_setup_recheck_block() only initializes the
first (index 0) scrub_block structure in 'sblocks_for_recheck'.
Then scrub_recheck_block() is called by scrub_handle_errored_block()
with the second (index 1) scrub_block structure as the argument,
because 'failed_mirror_index' was previously set to 1.
This scrub_block was not initialized by scrub_setup_recheck_block(),
so it has zero pages, its 'page_count' member is 0 and its 'pagev'
page array has all members pointing to NULL.
Finally when scrub_recheck_block() calls scrub_recheck_block_checksum()
we have a NULL pointer dereference when accessing the flags of the first
page, as pavev[0] is NULL:
static void scrub_recheck_block_checksum(struct scrub_block *sblock)
{
(...)
if (sblock->pagev[0]->flags & BTRFS_EXTENT_FLAG_DATA)
scrub_checksum_data(sblock);
(...)
}
Producing a stack trace like the following:
[542998.008985] BUG: kernel NULL pointer dereference, address: 0000000000000028
[542998.010238] #PF: supervisor read access in kernel mode
[542998.010878] #PF: error_code(0x0000) - not-present page
[542998.011516] PGD 0 P4D 0
[542998.011929] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
[542998.012786] CPU: 3 PID: 4846 Comm: kworker/u8:1 Tainted: G B W 5.6.0-rc7-btrfs-next-58 #1
[542998.014524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[542998.016065] Workqueue: btrfs-scrub btrfs_work_helper [btrfs]
[542998.017255] RIP: 0010:scrub_recheck_block_checksum+0xf/0x20 [btrfs]
[542998.018474] Code: 4c 89 e6 ...
[542998.021419] RSP: 0018:ffffa7af0375fbd8 EFLAGS: 00010202
[542998.022120] RAX: 0000000000000000 RBX: ffff9792e674d120 RCX: 0000000000000000
[542998.023178] RDX: 0000000000000001 RSI: ffff9792e674d120 RDI: ffff9792e674d120
[542998.024465] RBP: 0000000000000000 R08: 0000000000000067 R09: 0000000000000001
[542998.025462] R10: ffffa7af0375fa50 R11: 0000000000000000 R12: ffff9791f61fe800
[542998.026357] R13: ffff9792e674d120 R14: 0000000000000001 R15: ffffffffc0e3dfc0
[542998.027237] FS: 0000000000000000(0000) GS:ffff9792fb200000(0000) knlGS:0000000000000000
[542998.028327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[542998.029261] CR2: 0000000000000028 CR3: 00000000b3b18003 CR4: 00000000003606e0
[542998.030301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[542998.031316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[542998.032380] Call Trace:
[542998.032752] scrub_recheck_block+0x162/0x400 [btrfs]
[542998.033500] ? __alloc_pages_nodemask+0x31e/0x460
[542998.034228] scrub_handle_errored_block+0x6f8/0x1920 [btrfs]
[542998.035170] scrub_bio_end_io_worker+0x100/0x520 [btrfs]
[542998.035991] btrfs_work_helper+0xaa/0x720 [btrfs]
[542998.036735] process_one_work+0x26d/0x6a0
[542998.037275] worker_thread+0x4f/0x3e0
[542998.037740] ? process_one_work+0x6a0/0x6a0
[542998.038378] kthread+0x103/0x140
[542998.038789] ? kthread_create_worker_on_cpu+0x70/0x70
[542998.039419] ret_from_fork+0x3a/0x50
[542998.039875] Modules linked in: dm_snapshot dm_thin_pool ...
[542998.047288] CR2: 0000000000000028
[542998.047724] ---[ end trace bde186e176c7f96a ]---
This issue has been around for a long time, possibly since scrub exists.
The last time I ran into it was over 2 years ago. After recently fixing
fstests to pass the "--full-balance" command line option to btrfs-progs
when doing balance, several tests started to more heavily exercise balance
with fsstress, scrub and other operations in parallel, and therefore
started to hit this issue again (with btrfs/061 for example).
Fix this by having scrub increment the 'trimming' counter of the block
group, which pins the block group in such a way that it guarantees neither
its logical address nor device extents can be reused by future block group
allocations until we decrement the 'trimming' counter. Also make sure that
on each iteration of scrub_stripe() we stop scrubbing the block group if
it was removed already.
A later patch in the series will rename the block group's 'trimming'
counter and its helpers to a more generic name, since now it is not used
exclusively for pinning while trimming anymore.
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-05-08 18:01:10 +08:00
|
|
|
/*
|
|
|
|
* If our block group was removed in the meanwhile, just
|
|
|
|
* stop scrubbing since there is no point in continuing.
|
|
|
|
* Continuing would prevent reusing its device extents
|
|
|
|
* for new block groups for a long time.
|
|
|
|
*/
|
|
|
|
spin_lock(&cache->lock);
|
|
|
|
if (cache->removed) {
|
|
|
|
spin_unlock(&cache->lock);
|
|
|
|
ret = 0;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
spin_unlock(&cache->lock);
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
extent = btrfs_item_ptr(l, slot,
|
|
|
|
struct btrfs_extent_item);
|
|
|
|
flags = btrfs_extent_flags(l, extent);
|
|
|
|
generation = btrfs_extent_generation(l, extent);
|
|
|
|
|
btrfs: Fix scrub panic when leaf crosses stripes
Scrub panic in following operation:
mkfs.ext4 /dev/vdh
btrfs-convert /dev/vdh
mount /dev/vdh /mnt/tmp1
btrfs scrub start -B /dev/vdh
(panic)
Reason:
1: In some case, leaf created by btrfs-convert was splited into 2
strips.
2: Scrub bypassed part of above wrong leaf data, but remain data
caused panic in scrub_checksum_tree_block().
For reason 1:
we can get following information after some simple operation.
a. mkfs.ext4 /dev/vdh
btrfs-convert /dev/vdh
b. btrfs-debug-tree /dev/vdh
we can see following item in extent tree:
item 25 key (27054080 METADATA_ITEM 0) itemoff 15083 itemsize 33
Its logical address is [27054080, 27070464)
and acrossed 2 strips:
[27000832, 27066368)
[27066368, 27131904)
Will be fixed in btrfs-progs(btrfs-convert, btrfsck, ...)
For reason 2:
Scrub is trying to do a "bypass" in this case, but the result is
"panic", because current code lacks of some condition in bypass,
and let some wrong leaf data escaped.
This patch fixed above scrub code.
Before patch:
# btrfs scrub start -B /dev/vdh
(panic)
After patch:
# btrfs scrub start -B /dev/vdh
scrub done for 353cec8f-da31-4a94-aa35-be72d997b06e
...
# dmesg
...
[ 59.088697] BTRFS error (device vdh): scrub: tree block 27054080 spanning stripes, ignored. logical=27000832
[ 59.089929] BTRFS error (device vdh): scrub: tree block 27054080 spanning stripes, ignored. logical=27066368
#
Reported-by: Chris Murphy <lists@colorremedies.com>
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-07-23 12:29:49 +08:00
|
|
|
if ((flags & BTRFS_EXTENT_FLAG_TREE_BLOCK) &&
|
|
|
|
(key.objectid < logical ||
|
|
|
|
key.objectid + bytes >
|
|
|
|
logical + map->stripe_len)) {
|
2013-12-21 00:37:06 +08:00
|
|
|
btrfs_err(fs_info,
|
2016-09-20 22:05:00 +08:00
|
|
|
"scrub: tree block %llu spanning stripes, ignored. logical=%llu",
|
2013-08-20 19:20:07 +08:00
|
|
|
key.objectid, logical);
|
2015-08-25 21:31:40 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
|
|
|
sctx->stat.uncorrectable_errors++;
|
|
|
|
spin_unlock(&sctx->stat_lock);
|
2011-03-08 21:14:00 +08:00
|
|
|
goto next;
|
|
|
|
}
|
|
|
|
|
2013-04-27 10:56:57 +08:00
|
|
|
again:
|
|
|
|
extent_logical = key.objectid;
|
2020-12-02 14:48:07 +08:00
|
|
|
ASSERT(bytes <= U32_MAX);
|
2013-04-27 10:56:57 +08:00
|
|
|
extent_len = bytes;
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
/*
|
|
|
|
* trim extent to this stripe
|
|
|
|
*/
|
2013-04-27 10:56:57 +08:00
|
|
|
if (extent_logical < logical) {
|
|
|
|
extent_len -= logical - extent_logical;
|
|
|
|
extent_logical = logical;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
2013-04-27 10:56:57 +08:00
|
|
|
if (extent_logical + extent_len >
|
2011-03-08 21:14:00 +08:00
|
|
|
logical + map->stripe_len) {
|
2013-04-27 10:56:57 +08:00
|
|
|
extent_len = logical + map->stripe_len -
|
|
|
|
extent_logical;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2013-04-27 10:56:57 +08:00
|
|
|
extent_physical = extent_logical - logical + physical;
|
2012-11-06 18:43:11 +08:00
|
|
|
extent_dev = scrub_dev;
|
|
|
|
extent_mirror_num = mirror_num;
|
2018-08-15 02:09:52 +08:00
|
|
|
if (sctx->is_dev_replace)
|
2012-11-06 18:43:11 +08:00
|
|
|
scrub_remap_extent(fs_info, extent_logical,
|
|
|
|
extent_len, &extent_physical,
|
|
|
|
&extent_dev,
|
|
|
|
&extent_mirror_num);
|
2013-04-27 10:56:57 +08:00
|
|
|
|
2020-05-08 18:02:07 +08:00
|
|
|
if (flags & BTRFS_EXTENT_FLAG_DATA) {
|
|
|
|
ret = btrfs_lookup_csums_range(csum_root,
|
|
|
|
extent_logical,
|
|
|
|
extent_logical + extent_len - 1,
|
|
|
|
&sctx->csum_list, 1);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
}
|
2013-04-27 10:56:57 +08:00
|
|
|
|
2018-03-08 03:08:09 +08:00
|
|
|
ret = scrub_extent(sctx, map, extent_logical, extent_len,
|
2012-11-06 18:43:11 +08:00
|
|
|
extent_physical, extent_dev, flags,
|
|
|
|
generation, extent_mirror_num,
|
2013-07-04 22:14:23 +08:00
|
|
|
extent_logical - logical + physical);
|
2015-07-21 12:22:30 +08:00
|
|
|
|
|
|
|
scrub_free_csums(sctx);
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
|
2021-02-04 18:22:13 +08:00
|
|
|
if (sctx->is_dev_replace)
|
|
|
|
sync_replace_for_zoned(sctx);
|
|
|
|
|
2013-04-27 10:56:57 +08:00
|
|
|
if (extent_logical + extent_len <
|
|
|
|
key.objectid + bytes) {
|
2015-01-20 15:11:44 +08:00
|
|
|
if (map->type & BTRFS_BLOCK_GROUP_RAID56_MASK) {
|
2014-04-01 18:01:43 +08:00
|
|
|
/*
|
|
|
|
* loop until we find next data stripe
|
|
|
|
* or we have finished all stripes.
|
|
|
|
*/
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
loop:
|
|
|
|
physical += map->stripe_len;
|
|
|
|
ret = get_raid56_logic_offset(physical,
|
|
|
|
num, map, &logical,
|
|
|
|
&stripe_logical);
|
|
|
|
logical += base;
|
|
|
|
|
|
|
|
if (ret && physical < physical_end) {
|
|
|
|
stripe_logical += base;
|
|
|
|
stripe_end = stripe_logical +
|
btrfs: Fix calculate typo caused by ambiguous meaning of logic_end
For example, in scrub_raid56_parity(), following lines are used
to judge is all data processed:
place1: if (key.objectid > logic_end) ...
place2: if (logic_start >= logic_end) ...
...
(place2 is typo, is should be ">", it is copied from other
place, where logic_end's meaning is different, long story...)
We can fix above typo directly, but the root reason is ambiguous
meaning of logic_end in scrub raid56 parity.
In other place, XXX_end is pointed to data which is not included,
and we need to process segment of [XXX_start, XXX_end).
But for scrub raid56 parity, logic_end is pointed to lattest data
need to process, and introduced many "+ 1" and "- 1" in code as
below:
length = sparity->logic_end - sparity->logic_start + 1
logic_end - logic_start + 1
stripe_logical + increment - 1
This patch changed logic_end's meaning to make it in normal understanding
in raid56 parity functions and data struct alone with above bugfix.
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-07-21 15:42:26 +08:00
|
|
|
increment;
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
ret = scrub_raid56_parity(sctx,
|
|
|
|
map, scrub_dev, ppath,
|
|
|
|
stripe_logical,
|
|
|
|
stripe_end);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
goto loop;
|
|
|
|
}
|
2014-04-01 18:01:43 +08:00
|
|
|
} else {
|
|
|
|
physical += map->stripe_len;
|
|
|
|
logical += increment;
|
|
|
|
}
|
2013-04-27 10:56:57 +08:00
|
|
|
if (logical < key.objectid + bytes) {
|
|
|
|
cond_resched();
|
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
|
2014-04-01 18:01:43 +08:00
|
|
|
if (physical >= physical_end) {
|
2013-04-27 10:56:57 +08:00
|
|
|
stop_loop = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
next:
|
|
|
|
path->slots[0]++;
|
|
|
|
}
|
2011-05-23 18:30:52 +08:00
|
|
|
btrfs_release_path(path);
|
2014-04-01 18:01:43 +08:00
|
|
|
skip:
|
2011-03-08 21:14:00 +08:00
|
|
|
logical += increment;
|
|
|
|
physical += map->stripe_len;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_lock(&sctx->stat_lock);
|
2013-04-27 10:56:57 +08:00
|
|
|
if (stop_loop)
|
|
|
|
sctx->stat.last_physical = map->stripes[num].physical +
|
|
|
|
length;
|
|
|
|
else
|
|
|
|
sctx->stat.last_physical = physical;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
spin_unlock(&sctx->stat_lock);
|
2013-04-27 10:56:57 +08:00
|
|
|
if (stop_loop)
|
|
|
|
break;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
2012-11-06 18:43:11 +08:00
|
|
|
out:
|
2011-03-08 21:14:00 +08:00
|
|
|
/* push queued extents */
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
scrub_submit(sctx);
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_lock(&sctx->wr_lock);
|
2012-11-06 18:43:11 +08:00
|
|
|
scrub_wr_submit(sctx);
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_unlock(&sctx->wr_lock);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2011-05-29 04:58:38 +08:00
|
|
|
blk_finish_plug(&plug);
|
2011-03-08 21:14:00 +08:00
|
|
|
btrfs_free_path(path);
|
Btrfs, raid56: support parity scrub on raid56
The implementation is:
- Read and check all the data with checksum in the same stripe.
All the data which has checksum is COW data, and we are sure
that it is not changed though we don't lock the stripe. because
the space of that data just can be reclaimed after the current
transction is committed, and then the fs can use it to store the
other data, but when doing scrub, we hold the current transaction,
that is that data can not be recovered, it is safe that read and check
it out of the stripe lock.
- Lock the stripe
- Read out all the data without checksum and parity
The data without checksum and the parity may be changed if we don't
lock the stripe, so we need read it in the stripe lock context.
- Check the parity
- Re-calculate the new parity and write back it if the old parity
is not right
- Unlock the stripe
If we can not read out the data or the data we read is corrupted,
we will try to repair it. If the repair fails. we will mark the
horizontal sub-stripe(pages on the same horizontal) as corrupted
sub-stripe, and we will skip the parity check and repair of that
horizontal sub-stripe.
And in order to skip the horizontal sub-stripe that has no data, we
introduce a bitmap. If there is some data on the horizontal sub-stripe,
we will the relative bit to 1, and when we check and repair the
parity, we will skip those horizontal sub-stripes that the relative
bits is 0.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2014-11-06 17:20:58 +08:00
|
|
|
btrfs_free_path(ppath);
|
2021-02-04 18:22:14 +08:00
|
|
|
|
|
|
|
if (sctx->is_dev_replace && ret >= 0) {
|
|
|
|
int ret2;
|
|
|
|
|
|
|
|
ret2 = sync_write_pointer_for_zoned(sctx, base + offset,
|
|
|
|
map->stripes[num].physical,
|
|
|
|
physical_end);
|
|
|
|
if (ret2)
|
|
|
|
ret = ret2;
|
|
|
|
}
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
return ret < 0 ? ret : 0;
|
|
|
|
}
|
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
static noinline_for_stack int scrub_chunk(struct scrub_ctx *sctx,
|
2012-11-02 20:26:57 +08:00
|
|
|
struct btrfs_device *scrub_dev,
|
|
|
|
u64 chunk_offset, u64 length,
|
2015-11-19 18:57:20 +08:00
|
|
|
u64 dev_offset,
|
2019-10-30 02:20:18 +08:00
|
|
|
struct btrfs_block_group *cache)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
2016-06-23 06:54:56 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
2019-05-17 17:43:17 +08:00
|
|
|
struct extent_map_tree *map_tree = &fs_info->mapping_tree;
|
2011-03-08 21:14:00 +08:00
|
|
|
struct map_lookup *map;
|
|
|
|
struct extent_map *em;
|
|
|
|
int i;
|
2012-11-06 18:43:11 +08:00
|
|
|
int ret = 0;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2019-05-17 17:43:17 +08:00
|
|
|
read_lock(&map_tree->lock);
|
|
|
|
em = lookup_extent_mapping(map_tree, chunk_offset, 1);
|
|
|
|
read_unlock(&map_tree->lock);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2015-11-19 18:57:20 +08:00
|
|
|
if (!em) {
|
|
|
|
/*
|
|
|
|
* Might have been an unused block group deleted by the cleaner
|
|
|
|
* kthread or relocation.
|
|
|
|
*/
|
|
|
|
spin_lock(&cache->lock);
|
|
|
|
if (!cache->removed)
|
|
|
|
ret = -EINVAL;
|
|
|
|
spin_unlock(&cache->lock);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2015-06-03 22:55:48 +08:00
|
|
|
map = em->map_lookup;
|
2011-03-08 21:14:00 +08:00
|
|
|
if (em->start != chunk_offset)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (em->len < length)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
for (i = 0; i < map->num_stripes; ++i) {
|
2012-11-02 20:26:57 +08:00
|
|
|
if (map->stripes[i].dev->bdev == scrub_dev->bdev &&
|
2012-02-09 22:09:02 +08:00
|
|
|
map->stripes[i].physical == dev_offset) {
|
2012-11-02 20:26:57 +08:00
|
|
|
ret = scrub_stripe(sctx, map, scrub_dev, i,
|
btrfs: fix a race between scrub and block group removal/allocation
When scrub is verifying the extents of a block group for a device, it is
possible that the corresponding block group gets removed and its logical
address and device extents get used for a new block group allocation.
When this happens scrub incorrectly reports that errors were detected
and, if the the new block group has a different profile then the old one,
deleted block group, we can crash due to a null pointer dereference.
Possibly other unexpected and weird consequences can happen as well.
Consider the following sequence of actions that leads to the null pointer
dereference crash when scrub is running in parallel with balance:
1) Balance sets block group X to read-only mode and starts relocating it.
Block group X is a metadata block group, has a raid1 profile (two
device extents, each one in a different device) and a logical address
of 19424870400;
2) Scrub is running and finds device extent E, which belongs to block
group X. It enters scrub_stripe() to find all extents allocated to
block group X, the search is done using the extent tree;
3) Balance finishes relocating block group X and removes block group X;
4) Balance starts relocating another block group and when trying to
commit the current transaction as part of the preparation step
(prepare_to_relocate()), it blocks because scrub is running;
5) The scrub task finds the metadata extent at the logical address
19425001472 and marks the pages of the extent to be read by a bio
(struct scrub_bio). The extent item's flags, which have the bit
BTRFS_EXTENT_FLAG_TREE_BLOCK set, are added to each page (struct
scrub_page). It is these flags in the scrub pages that tells the
bio's end io function (scrub_bio_end_io_worker) which type of extent
it is dealing with. At this point we end up with 4 pages in a bio
which is ready for submission (the metadata extent has a size of
16Kb, so that gives 4 pages on x86);
6) At the next iteration of scrub_stripe(), scrub checks that there is a
pause request from the relocation task trying to commit a transaction,
therefore it submits the pending bio and pauses, waiting for the
transaction commit to complete before resuming;
7) The relocation task commits the transaction. The device extent E, that
was used by our block group X, is now available for allocation, since
the commit root for the device tree was swapped by the transaction
commit;
8) Another task doing a direct IO write allocates a new data block group Y
which ends using device extent E. This new block group Y also ends up
getting the same logical address that block group X had: 19424870400.
This happens because block group X was the block group with the highest
logical address and, when allocating Y, find_next_chunk() returns the
end offset of the current last block group to be used as the logical
address for the new block group, which is
18351128576 + 1073741824 = 19424870400
So our new block group Y has the same logical address and device extent
that block group X had. However Y is a data block group, while X was
a metadata one, and Y has a raid0 profile, while X had a raid1 profile;
9) After allocating block group Y, the direct IO submits a bio to write
to device extent E;
10) The read bio submitted by scrub reads the 4 pages (16Kb) from device
extent E, which now correspond to the data written by the task that
did a direct IO write. Then at the end io function associated with
the bio, scrub_bio_end_io_worker(), we call scrub_block_complete()
which calls scrub_checksum(). This later function checks the flags
of the first page, and sees that the bit BTRFS_EXTENT_FLAG_TREE_BLOCK
is set in the flags, so it assumes it has a metadata extent and
then calls scrub_checksum_tree_block(). That functions returns an
error, since interpreting data as a metadata extent causes the
checksum verification to fail.
So this makes scrub_checksum() call scrub_handle_errored_block(),
which determines 'failed_mirror_index' to be 1, since the device
extent E was allocated as the second mirror of block group X.
It allocates BTRFS_MAX_MIRRORS scrub_block structures as an array at
'sblocks_for_recheck', and all the memory is initialized to zeroes by
kcalloc().
After that it calls scrub_setup_recheck_block(), which is responsible
for filling each of those structures. However, when that function
calls btrfs_map_sblock() against the logical address of the metadata
extent, 19425001472, it gets a struct btrfs_bio ('bbio') that matches
the current block group Y. However block group Y has a raid0 profile
and not a raid1 profile like X had, so the following call returns 1:
scrub_nr_raid_mirrors(bbio)
And as a result scrub_setup_recheck_block() only initializes the
first (index 0) scrub_block structure in 'sblocks_for_recheck'.
Then scrub_recheck_block() is called by scrub_handle_errored_block()
with the second (index 1) scrub_block structure as the argument,
because 'failed_mirror_index' was previously set to 1.
This scrub_block was not initialized by scrub_setup_recheck_block(),
so it has zero pages, its 'page_count' member is 0 and its 'pagev'
page array has all members pointing to NULL.
Finally when scrub_recheck_block() calls scrub_recheck_block_checksum()
we have a NULL pointer dereference when accessing the flags of the first
page, as pavev[0] is NULL:
static void scrub_recheck_block_checksum(struct scrub_block *sblock)
{
(...)
if (sblock->pagev[0]->flags & BTRFS_EXTENT_FLAG_DATA)
scrub_checksum_data(sblock);
(...)
}
Producing a stack trace like the following:
[542998.008985] BUG: kernel NULL pointer dereference, address: 0000000000000028
[542998.010238] #PF: supervisor read access in kernel mode
[542998.010878] #PF: error_code(0x0000) - not-present page
[542998.011516] PGD 0 P4D 0
[542998.011929] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
[542998.012786] CPU: 3 PID: 4846 Comm: kworker/u8:1 Tainted: G B W 5.6.0-rc7-btrfs-next-58 #1
[542998.014524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[542998.016065] Workqueue: btrfs-scrub btrfs_work_helper [btrfs]
[542998.017255] RIP: 0010:scrub_recheck_block_checksum+0xf/0x20 [btrfs]
[542998.018474] Code: 4c 89 e6 ...
[542998.021419] RSP: 0018:ffffa7af0375fbd8 EFLAGS: 00010202
[542998.022120] RAX: 0000000000000000 RBX: ffff9792e674d120 RCX: 0000000000000000
[542998.023178] RDX: 0000000000000001 RSI: ffff9792e674d120 RDI: ffff9792e674d120
[542998.024465] RBP: 0000000000000000 R08: 0000000000000067 R09: 0000000000000001
[542998.025462] R10: ffffa7af0375fa50 R11: 0000000000000000 R12: ffff9791f61fe800
[542998.026357] R13: ffff9792e674d120 R14: 0000000000000001 R15: ffffffffc0e3dfc0
[542998.027237] FS: 0000000000000000(0000) GS:ffff9792fb200000(0000) knlGS:0000000000000000
[542998.028327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[542998.029261] CR2: 0000000000000028 CR3: 00000000b3b18003 CR4: 00000000003606e0
[542998.030301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[542998.031316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[542998.032380] Call Trace:
[542998.032752] scrub_recheck_block+0x162/0x400 [btrfs]
[542998.033500] ? __alloc_pages_nodemask+0x31e/0x460
[542998.034228] scrub_handle_errored_block+0x6f8/0x1920 [btrfs]
[542998.035170] scrub_bio_end_io_worker+0x100/0x520 [btrfs]
[542998.035991] btrfs_work_helper+0xaa/0x720 [btrfs]
[542998.036735] process_one_work+0x26d/0x6a0
[542998.037275] worker_thread+0x4f/0x3e0
[542998.037740] ? process_one_work+0x6a0/0x6a0
[542998.038378] kthread+0x103/0x140
[542998.038789] ? kthread_create_worker_on_cpu+0x70/0x70
[542998.039419] ret_from_fork+0x3a/0x50
[542998.039875] Modules linked in: dm_snapshot dm_thin_pool ...
[542998.047288] CR2: 0000000000000028
[542998.047724] ---[ end trace bde186e176c7f96a ]---
This issue has been around for a long time, possibly since scrub exists.
The last time I ran into it was over 2 years ago. After recently fixing
fstests to pass the "--full-balance" command line option to btrfs-progs
when doing balance, several tests started to more heavily exercise balance
with fsstress, scrub and other operations in parallel, and therefore
started to hit this issue again (with btrfs/061 for example).
Fix this by having scrub increment the 'trimming' counter of the block
group, which pins the block group in such a way that it guarantees neither
its logical address nor device extents can be reused by future block group
allocations until we decrement the 'trimming' counter. Also make sure that
on each iteration of scrub_stripe() we stop scrubbing the block group if
it was removed already.
A later patch in the series will rename the block group's 'trimming'
counter and its helpers to a more generic name, since now it is not used
exclusively for pinning while trimming anymore.
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-05-08 18:01:10 +08:00
|
|
|
chunk_offset, length, cache);
|
2011-03-08 21:14:00 +08:00
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
free_extent_map(em);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2021-02-04 18:22:13 +08:00
|
|
|
static int finish_extent_writes_for_zoned(struct btrfs_root *root,
|
|
|
|
struct btrfs_block_group *cache)
|
|
|
|
{
|
|
|
|
struct btrfs_fs_info *fs_info = cache->fs_info;
|
|
|
|
struct btrfs_trans_handle *trans;
|
|
|
|
|
|
|
|
if (!btrfs_is_zoned(fs_info))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
btrfs_wait_block_group_reservations(cache);
|
|
|
|
btrfs_wait_nocow_writers(cache);
|
|
|
|
btrfs_wait_ordered_roots(fs_info, U64_MAX, cache->start, cache->length);
|
|
|
|
|
|
|
|
trans = btrfs_join_transaction(root);
|
|
|
|
if (IS_ERR(trans))
|
|
|
|
return PTR_ERR(trans);
|
|
|
|
return btrfs_commit_transaction(trans);
|
|
|
|
}
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
static noinline_for_stack
|
2012-11-02 20:26:57 +08:00
|
|
|
int scrub_enumerate_chunks(struct scrub_ctx *sctx,
|
2018-08-15 02:09:52 +08:00
|
|
|
struct btrfs_device *scrub_dev, u64 start, u64 end)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
|
|
|
struct btrfs_dev_extent *dev_extent = NULL;
|
|
|
|
struct btrfs_path *path;
|
2016-06-23 06:54:23 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
|
|
|
struct btrfs_root *root = fs_info->dev_root;
|
2011-03-08 21:14:00 +08:00
|
|
|
u64 length;
|
|
|
|
u64 chunk_offset;
|
2015-08-05 16:43:30 +08:00
|
|
|
int ret = 0;
|
btrfs: Continue replace when set_block_ro failed
xfstests/011 failed in node with small_size filesystem.
Can be reproduced by following script:
DEV_LIST="/dev/vdd /dev/vde"
DEV_REPLACE="/dev/vdf"
do_test()
{
local mkfs_opt="$1"
local size="$2"
dmesg -c >/dev/null
umount $SCRATCH_MNT &>/dev/null
echo mkfs.btrfs -f $mkfs_opt "${DEV_LIST[*]}"
mkfs.btrfs -f $mkfs_opt "${DEV_LIST[@]}" || return 1
mount "${DEV_LIST[0]}" $SCRATCH_MNT
echo -n "Writing big files"
dd if=/dev/urandom of=$SCRATCH_MNT/t0 bs=1M count=1 >/dev/null 2>&1
for ((i = 1; i <= size; i++)); do
echo -n .
/bin/cp $SCRATCH_MNT/t0 $SCRATCH_MNT/t$i || return 1
done
echo
echo Start replace
btrfs replace start -Bf "${DEV_LIST[0]}" "$DEV_REPLACE" $SCRATCH_MNT || {
dmesg
return 1
}
return 0
}
# Set size to value near fs size
# for example, 1897 can trigger this bug in 2.6G device.
#
./do_test "-d raid1 -m raid1" 1897
System will report replace fail with following warning in dmesg:
[ 134.710853] BTRFS: dev_replace from /dev/vdd (devid 1) to /dev/vdf started
[ 135.542390] BTRFS: btrfs_scrub_dev(/dev/vdd, 1, /dev/vdf) failed -28
[ 135.543505] ------------[ cut here ]------------
[ 135.544127] WARNING: CPU: 0 PID: 4080 at fs/btrfs/dev-replace.c:428 btrfs_dev_replace_start+0x398/0x440()
[ 135.545276] Modules linked in:
[ 135.545681] CPU: 0 PID: 4080 Comm: btrfs Not tainted 4.3.0 #256
[ 135.546439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
[ 135.547798] ffffffff81c5bfcf ffff88003cbb3d28 ffffffff817fe7b5 0000000000000000
[ 135.548774] ffff88003cbb3d60 ffffffff810a88f1 ffff88002b030000 00000000ffffffe4
[ 135.549774] ffff88003c080000 ffff88003c082588 ffff88003c28ab60 ffff88003cbb3d70
[ 135.550758] Call Trace:
[ 135.551086] [<ffffffff817fe7b5>] dump_stack+0x44/0x55
[ 135.551737] [<ffffffff810a88f1>] warn_slowpath_common+0x81/0xc0
[ 135.552487] [<ffffffff810a89e5>] warn_slowpath_null+0x15/0x20
[ 135.553211] [<ffffffff81448c88>] btrfs_dev_replace_start+0x398/0x440
[ 135.554051] [<ffffffff81412c3e>] btrfs_ioctl+0x1d2e/0x25c0
[ 135.554722] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.555506] [<ffffffff8111ab36>] ? current_kernel_time64+0x56/0xa0
[ 135.556304] [<ffffffff81201e3d>] do_vfs_ioctl+0x30d/0x580
[ 135.557009] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.557855] [<ffffffff810011d1>] ? do_audit_syscall_entry+0x61/0x70
[ 135.558669] [<ffffffff8120d1c1>] ? __fget_light+0x61/0x90
[ 135.559374] [<ffffffff81202124>] SyS_ioctl+0x74/0x80
[ 135.559987] [<ffffffff81809857>] entry_SYSCALL_64_fastpath+0x12/0x6f
[ 135.560842] ---[ end trace 2a5c1fc3205abbdd ]---
Reason:
When big data writen to fs, the whole free space will be allocated
for data chunk.
And operation as scrub need to set_block_ro(), and when there is
only one metadata chunk in system(or other metadata chunks
are all full), the function will try to allocate a new chunk,
and failed because no space in device.
Fix:
When set_block_ro failed for metadata chunk, it is not a problem
because scrub_lock paused commit_trancaction in same time, and
metadata are always cowed, so the on-the-fly writepages will not
write data into same place with scrub/replace.
Let replace continue in this case is no problem.
Tested by above script, and xfstests/011, plus 100 times xfstests/070.
Changelog v1->v2:
1: Add detail comments in source and commit-message.
2: Add dmesg detail into commit-message.
3: Limit return value of -ENOSPC to be passed.
All suggested by: Filipe Manana <fdmanana@gmail.com>
Suggested-by: Filipe Manana <fdmanana@gmail.com>
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-11-17 18:46:17 +08:00
|
|
|
int ro_set;
|
2011-03-08 21:14:00 +08:00
|
|
|
int slot;
|
|
|
|
struct extent_buffer *l;
|
|
|
|
struct btrfs_key key;
|
|
|
|
struct btrfs_key found_key;
|
2019-10-30 02:20:18 +08:00
|
|
|
struct btrfs_block_group *cache;
|
2012-11-06 18:43:11 +08:00
|
|
|
struct btrfs_dev_replace *dev_replace = &fs_info->dev_replace;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
path = btrfs_alloc_path();
|
|
|
|
if (!path)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2015-11-27 23:31:35 +08:00
|
|
|
path->reada = READA_FORWARD;
|
2011-03-08 21:14:00 +08:00
|
|
|
path->search_commit_root = 1;
|
|
|
|
path->skip_locking = 1;
|
|
|
|
|
2012-11-02 20:26:57 +08:00
|
|
|
key.objectid = scrub_dev->devid;
|
2011-03-08 21:14:00 +08:00
|
|
|
key.offset = 0ull;
|
|
|
|
key.type = BTRFS_DEV_EXTENT_KEY;
|
|
|
|
|
|
|
|
while (1) {
|
|
|
|
ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
|
|
|
|
if (ret < 0)
|
2011-06-03 16:09:26 +08:00
|
|
|
break;
|
|
|
|
if (ret > 0) {
|
|
|
|
if (path->slots[0] >=
|
|
|
|
btrfs_header_nritems(path->nodes[0])) {
|
|
|
|
ret = btrfs_next_leaf(root, path);
|
2015-08-05 16:43:30 +08:00
|
|
|
if (ret < 0)
|
|
|
|
break;
|
|
|
|
if (ret > 0) {
|
|
|
|
ret = 0;
|
2011-06-03 16:09:26 +08:00
|
|
|
break;
|
2015-08-05 16:43:30 +08:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ret = 0;
|
2011-06-03 16:09:26 +08:00
|
|
|
}
|
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
l = path->nodes[0];
|
|
|
|
slot = path->slots[0];
|
|
|
|
|
|
|
|
btrfs_item_key_to_cpu(l, &found_key, slot);
|
|
|
|
|
2012-11-02 20:26:57 +08:00
|
|
|
if (found_key.objectid != scrub_dev->devid)
|
2011-03-08 21:14:00 +08:00
|
|
|
break;
|
|
|
|
|
2014-06-05 00:41:45 +08:00
|
|
|
if (found_key.type != BTRFS_DEV_EXTENT_KEY)
|
2011-03-08 21:14:00 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
if (found_key.offset >= end)
|
|
|
|
break;
|
|
|
|
|
|
|
|
if (found_key.offset < key.offset)
|
|
|
|
break;
|
|
|
|
|
|
|
|
dev_extent = btrfs_item_ptr(l, slot, struct btrfs_dev_extent);
|
|
|
|
length = btrfs_dev_extent_length(l, dev_extent);
|
|
|
|
|
2014-06-19 10:42:51 +08:00
|
|
|
if (found_key.offset + length <= start)
|
|
|
|
goto skip;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
chunk_offset = btrfs_dev_extent_chunk_offset(l, dev_extent);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* get a reference on the corresponding block group to prevent
|
|
|
|
* the chunk from going away while we scrub it
|
|
|
|
*/
|
|
|
|
cache = btrfs_lookup_block_group(fs_info, chunk_offset);
|
2014-06-19 10:42:51 +08:00
|
|
|
|
|
|
|
/* some chunks are removed but not committed to disk yet,
|
|
|
|
* continue scrubbing */
|
|
|
|
if (!cache)
|
|
|
|
goto skip;
|
|
|
|
|
2021-02-04 18:22:11 +08:00
|
|
|
if (sctx->is_dev_replace && btrfs_is_zoned(fs_info)) {
|
|
|
|
spin_lock(&cache->lock);
|
|
|
|
if (!cache->to_copy) {
|
|
|
|
spin_unlock(&cache->lock);
|
2021-04-14 21:05:26 +08:00
|
|
|
btrfs_put_block_group(cache);
|
|
|
|
goto skip;
|
2021-02-04 18:22:11 +08:00
|
|
|
}
|
|
|
|
spin_unlock(&cache->lock);
|
|
|
|
}
|
|
|
|
|
btrfs: fix a race between scrub and block group removal/allocation
When scrub is verifying the extents of a block group for a device, it is
possible that the corresponding block group gets removed and its logical
address and device extents get used for a new block group allocation.
When this happens scrub incorrectly reports that errors were detected
and, if the the new block group has a different profile then the old one,
deleted block group, we can crash due to a null pointer dereference.
Possibly other unexpected and weird consequences can happen as well.
Consider the following sequence of actions that leads to the null pointer
dereference crash when scrub is running in parallel with balance:
1) Balance sets block group X to read-only mode and starts relocating it.
Block group X is a metadata block group, has a raid1 profile (two
device extents, each one in a different device) and a logical address
of 19424870400;
2) Scrub is running and finds device extent E, which belongs to block
group X. It enters scrub_stripe() to find all extents allocated to
block group X, the search is done using the extent tree;
3) Balance finishes relocating block group X and removes block group X;
4) Balance starts relocating another block group and when trying to
commit the current transaction as part of the preparation step
(prepare_to_relocate()), it blocks because scrub is running;
5) The scrub task finds the metadata extent at the logical address
19425001472 and marks the pages of the extent to be read by a bio
(struct scrub_bio). The extent item's flags, which have the bit
BTRFS_EXTENT_FLAG_TREE_BLOCK set, are added to each page (struct
scrub_page). It is these flags in the scrub pages that tells the
bio's end io function (scrub_bio_end_io_worker) which type of extent
it is dealing with. At this point we end up with 4 pages in a bio
which is ready for submission (the metadata extent has a size of
16Kb, so that gives 4 pages on x86);
6) At the next iteration of scrub_stripe(), scrub checks that there is a
pause request from the relocation task trying to commit a transaction,
therefore it submits the pending bio and pauses, waiting for the
transaction commit to complete before resuming;
7) The relocation task commits the transaction. The device extent E, that
was used by our block group X, is now available for allocation, since
the commit root for the device tree was swapped by the transaction
commit;
8) Another task doing a direct IO write allocates a new data block group Y
which ends using device extent E. This new block group Y also ends up
getting the same logical address that block group X had: 19424870400.
This happens because block group X was the block group with the highest
logical address and, when allocating Y, find_next_chunk() returns the
end offset of the current last block group to be used as the logical
address for the new block group, which is
18351128576 + 1073741824 = 19424870400
So our new block group Y has the same logical address and device extent
that block group X had. However Y is a data block group, while X was
a metadata one, and Y has a raid0 profile, while X had a raid1 profile;
9) After allocating block group Y, the direct IO submits a bio to write
to device extent E;
10) The read bio submitted by scrub reads the 4 pages (16Kb) from device
extent E, which now correspond to the data written by the task that
did a direct IO write. Then at the end io function associated with
the bio, scrub_bio_end_io_worker(), we call scrub_block_complete()
which calls scrub_checksum(). This later function checks the flags
of the first page, and sees that the bit BTRFS_EXTENT_FLAG_TREE_BLOCK
is set in the flags, so it assumes it has a metadata extent and
then calls scrub_checksum_tree_block(). That functions returns an
error, since interpreting data as a metadata extent causes the
checksum verification to fail.
So this makes scrub_checksum() call scrub_handle_errored_block(),
which determines 'failed_mirror_index' to be 1, since the device
extent E was allocated as the second mirror of block group X.
It allocates BTRFS_MAX_MIRRORS scrub_block structures as an array at
'sblocks_for_recheck', and all the memory is initialized to zeroes by
kcalloc().
After that it calls scrub_setup_recheck_block(), which is responsible
for filling each of those structures. However, when that function
calls btrfs_map_sblock() against the logical address of the metadata
extent, 19425001472, it gets a struct btrfs_bio ('bbio') that matches
the current block group Y. However block group Y has a raid0 profile
and not a raid1 profile like X had, so the following call returns 1:
scrub_nr_raid_mirrors(bbio)
And as a result scrub_setup_recheck_block() only initializes the
first (index 0) scrub_block structure in 'sblocks_for_recheck'.
Then scrub_recheck_block() is called by scrub_handle_errored_block()
with the second (index 1) scrub_block structure as the argument,
because 'failed_mirror_index' was previously set to 1.
This scrub_block was not initialized by scrub_setup_recheck_block(),
so it has zero pages, its 'page_count' member is 0 and its 'pagev'
page array has all members pointing to NULL.
Finally when scrub_recheck_block() calls scrub_recheck_block_checksum()
we have a NULL pointer dereference when accessing the flags of the first
page, as pavev[0] is NULL:
static void scrub_recheck_block_checksum(struct scrub_block *sblock)
{
(...)
if (sblock->pagev[0]->flags & BTRFS_EXTENT_FLAG_DATA)
scrub_checksum_data(sblock);
(...)
}
Producing a stack trace like the following:
[542998.008985] BUG: kernel NULL pointer dereference, address: 0000000000000028
[542998.010238] #PF: supervisor read access in kernel mode
[542998.010878] #PF: error_code(0x0000) - not-present page
[542998.011516] PGD 0 P4D 0
[542998.011929] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
[542998.012786] CPU: 3 PID: 4846 Comm: kworker/u8:1 Tainted: G B W 5.6.0-rc7-btrfs-next-58 #1
[542998.014524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[542998.016065] Workqueue: btrfs-scrub btrfs_work_helper [btrfs]
[542998.017255] RIP: 0010:scrub_recheck_block_checksum+0xf/0x20 [btrfs]
[542998.018474] Code: 4c 89 e6 ...
[542998.021419] RSP: 0018:ffffa7af0375fbd8 EFLAGS: 00010202
[542998.022120] RAX: 0000000000000000 RBX: ffff9792e674d120 RCX: 0000000000000000
[542998.023178] RDX: 0000000000000001 RSI: ffff9792e674d120 RDI: ffff9792e674d120
[542998.024465] RBP: 0000000000000000 R08: 0000000000000067 R09: 0000000000000001
[542998.025462] R10: ffffa7af0375fa50 R11: 0000000000000000 R12: ffff9791f61fe800
[542998.026357] R13: ffff9792e674d120 R14: 0000000000000001 R15: ffffffffc0e3dfc0
[542998.027237] FS: 0000000000000000(0000) GS:ffff9792fb200000(0000) knlGS:0000000000000000
[542998.028327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[542998.029261] CR2: 0000000000000028 CR3: 00000000b3b18003 CR4: 00000000003606e0
[542998.030301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[542998.031316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[542998.032380] Call Trace:
[542998.032752] scrub_recheck_block+0x162/0x400 [btrfs]
[542998.033500] ? __alloc_pages_nodemask+0x31e/0x460
[542998.034228] scrub_handle_errored_block+0x6f8/0x1920 [btrfs]
[542998.035170] scrub_bio_end_io_worker+0x100/0x520 [btrfs]
[542998.035991] btrfs_work_helper+0xaa/0x720 [btrfs]
[542998.036735] process_one_work+0x26d/0x6a0
[542998.037275] worker_thread+0x4f/0x3e0
[542998.037740] ? process_one_work+0x6a0/0x6a0
[542998.038378] kthread+0x103/0x140
[542998.038789] ? kthread_create_worker_on_cpu+0x70/0x70
[542998.039419] ret_from_fork+0x3a/0x50
[542998.039875] Modules linked in: dm_snapshot dm_thin_pool ...
[542998.047288] CR2: 0000000000000028
[542998.047724] ---[ end trace bde186e176c7f96a ]---
This issue has been around for a long time, possibly since scrub exists.
The last time I ran into it was over 2 years ago. After recently fixing
fstests to pass the "--full-balance" command line option to btrfs-progs
when doing balance, several tests started to more heavily exercise balance
with fsstress, scrub and other operations in parallel, and therefore
started to hit this issue again (with btrfs/061 for example).
Fix this by having scrub increment the 'trimming' counter of the block
group, which pins the block group in such a way that it guarantees neither
its logical address nor device extents can be reused by future block group
allocations until we decrement the 'trimming' counter. Also make sure that
on each iteration of scrub_stripe() we stop scrubbing the block group if
it was removed already.
A later patch in the series will rename the block group's 'trimming'
counter and its helpers to a more generic name, since now it is not used
exclusively for pinning while trimming anymore.
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-05-08 18:01:10 +08:00
|
|
|
/*
|
|
|
|
* Make sure that while we are scrubbing the corresponding block
|
|
|
|
* group doesn't get its logical address and its device extents
|
|
|
|
* reused for another block group, which can possibly be of a
|
|
|
|
* different type and different profile. We do this to prevent
|
|
|
|
* false error detections and crashes due to bogus attempts to
|
|
|
|
* repair extents.
|
|
|
|
*/
|
|
|
|
spin_lock(&cache->lock);
|
|
|
|
if (cache->removed) {
|
|
|
|
spin_unlock(&cache->lock);
|
|
|
|
btrfs_put_block_group(cache);
|
|
|
|
goto skip;
|
|
|
|
}
|
2020-05-08 18:01:47 +08:00
|
|
|
btrfs_freeze_block_group(cache);
|
btrfs: fix a race between scrub and block group removal/allocation
When scrub is verifying the extents of a block group for a device, it is
possible that the corresponding block group gets removed and its logical
address and device extents get used for a new block group allocation.
When this happens scrub incorrectly reports that errors were detected
and, if the the new block group has a different profile then the old one,
deleted block group, we can crash due to a null pointer dereference.
Possibly other unexpected and weird consequences can happen as well.
Consider the following sequence of actions that leads to the null pointer
dereference crash when scrub is running in parallel with balance:
1) Balance sets block group X to read-only mode and starts relocating it.
Block group X is a metadata block group, has a raid1 profile (two
device extents, each one in a different device) and a logical address
of 19424870400;
2) Scrub is running and finds device extent E, which belongs to block
group X. It enters scrub_stripe() to find all extents allocated to
block group X, the search is done using the extent tree;
3) Balance finishes relocating block group X and removes block group X;
4) Balance starts relocating another block group and when trying to
commit the current transaction as part of the preparation step
(prepare_to_relocate()), it blocks because scrub is running;
5) The scrub task finds the metadata extent at the logical address
19425001472 and marks the pages of the extent to be read by a bio
(struct scrub_bio). The extent item's flags, which have the bit
BTRFS_EXTENT_FLAG_TREE_BLOCK set, are added to each page (struct
scrub_page). It is these flags in the scrub pages that tells the
bio's end io function (scrub_bio_end_io_worker) which type of extent
it is dealing with. At this point we end up with 4 pages in a bio
which is ready for submission (the metadata extent has a size of
16Kb, so that gives 4 pages on x86);
6) At the next iteration of scrub_stripe(), scrub checks that there is a
pause request from the relocation task trying to commit a transaction,
therefore it submits the pending bio and pauses, waiting for the
transaction commit to complete before resuming;
7) The relocation task commits the transaction. The device extent E, that
was used by our block group X, is now available for allocation, since
the commit root for the device tree was swapped by the transaction
commit;
8) Another task doing a direct IO write allocates a new data block group Y
which ends using device extent E. This new block group Y also ends up
getting the same logical address that block group X had: 19424870400.
This happens because block group X was the block group with the highest
logical address and, when allocating Y, find_next_chunk() returns the
end offset of the current last block group to be used as the logical
address for the new block group, which is
18351128576 + 1073741824 = 19424870400
So our new block group Y has the same logical address and device extent
that block group X had. However Y is a data block group, while X was
a metadata one, and Y has a raid0 profile, while X had a raid1 profile;
9) After allocating block group Y, the direct IO submits a bio to write
to device extent E;
10) The read bio submitted by scrub reads the 4 pages (16Kb) from device
extent E, which now correspond to the data written by the task that
did a direct IO write. Then at the end io function associated with
the bio, scrub_bio_end_io_worker(), we call scrub_block_complete()
which calls scrub_checksum(). This later function checks the flags
of the first page, and sees that the bit BTRFS_EXTENT_FLAG_TREE_BLOCK
is set in the flags, so it assumes it has a metadata extent and
then calls scrub_checksum_tree_block(). That functions returns an
error, since interpreting data as a metadata extent causes the
checksum verification to fail.
So this makes scrub_checksum() call scrub_handle_errored_block(),
which determines 'failed_mirror_index' to be 1, since the device
extent E was allocated as the second mirror of block group X.
It allocates BTRFS_MAX_MIRRORS scrub_block structures as an array at
'sblocks_for_recheck', and all the memory is initialized to zeroes by
kcalloc().
After that it calls scrub_setup_recheck_block(), which is responsible
for filling each of those structures. However, when that function
calls btrfs_map_sblock() against the logical address of the metadata
extent, 19425001472, it gets a struct btrfs_bio ('bbio') that matches
the current block group Y. However block group Y has a raid0 profile
and not a raid1 profile like X had, so the following call returns 1:
scrub_nr_raid_mirrors(bbio)
And as a result scrub_setup_recheck_block() only initializes the
first (index 0) scrub_block structure in 'sblocks_for_recheck'.
Then scrub_recheck_block() is called by scrub_handle_errored_block()
with the second (index 1) scrub_block structure as the argument,
because 'failed_mirror_index' was previously set to 1.
This scrub_block was not initialized by scrub_setup_recheck_block(),
so it has zero pages, its 'page_count' member is 0 and its 'pagev'
page array has all members pointing to NULL.
Finally when scrub_recheck_block() calls scrub_recheck_block_checksum()
we have a NULL pointer dereference when accessing the flags of the first
page, as pavev[0] is NULL:
static void scrub_recheck_block_checksum(struct scrub_block *sblock)
{
(...)
if (sblock->pagev[0]->flags & BTRFS_EXTENT_FLAG_DATA)
scrub_checksum_data(sblock);
(...)
}
Producing a stack trace like the following:
[542998.008985] BUG: kernel NULL pointer dereference, address: 0000000000000028
[542998.010238] #PF: supervisor read access in kernel mode
[542998.010878] #PF: error_code(0x0000) - not-present page
[542998.011516] PGD 0 P4D 0
[542998.011929] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
[542998.012786] CPU: 3 PID: 4846 Comm: kworker/u8:1 Tainted: G B W 5.6.0-rc7-btrfs-next-58 #1
[542998.014524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[542998.016065] Workqueue: btrfs-scrub btrfs_work_helper [btrfs]
[542998.017255] RIP: 0010:scrub_recheck_block_checksum+0xf/0x20 [btrfs]
[542998.018474] Code: 4c 89 e6 ...
[542998.021419] RSP: 0018:ffffa7af0375fbd8 EFLAGS: 00010202
[542998.022120] RAX: 0000000000000000 RBX: ffff9792e674d120 RCX: 0000000000000000
[542998.023178] RDX: 0000000000000001 RSI: ffff9792e674d120 RDI: ffff9792e674d120
[542998.024465] RBP: 0000000000000000 R08: 0000000000000067 R09: 0000000000000001
[542998.025462] R10: ffffa7af0375fa50 R11: 0000000000000000 R12: ffff9791f61fe800
[542998.026357] R13: ffff9792e674d120 R14: 0000000000000001 R15: ffffffffc0e3dfc0
[542998.027237] FS: 0000000000000000(0000) GS:ffff9792fb200000(0000) knlGS:0000000000000000
[542998.028327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[542998.029261] CR2: 0000000000000028 CR3: 00000000b3b18003 CR4: 00000000003606e0
[542998.030301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[542998.031316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[542998.032380] Call Trace:
[542998.032752] scrub_recheck_block+0x162/0x400 [btrfs]
[542998.033500] ? __alloc_pages_nodemask+0x31e/0x460
[542998.034228] scrub_handle_errored_block+0x6f8/0x1920 [btrfs]
[542998.035170] scrub_bio_end_io_worker+0x100/0x520 [btrfs]
[542998.035991] btrfs_work_helper+0xaa/0x720 [btrfs]
[542998.036735] process_one_work+0x26d/0x6a0
[542998.037275] worker_thread+0x4f/0x3e0
[542998.037740] ? process_one_work+0x6a0/0x6a0
[542998.038378] kthread+0x103/0x140
[542998.038789] ? kthread_create_worker_on_cpu+0x70/0x70
[542998.039419] ret_from_fork+0x3a/0x50
[542998.039875] Modules linked in: dm_snapshot dm_thin_pool ...
[542998.047288] CR2: 0000000000000028
[542998.047724] ---[ end trace bde186e176c7f96a ]---
This issue has been around for a long time, possibly since scrub exists.
The last time I ran into it was over 2 years ago. After recently fixing
fstests to pass the "--full-balance" command line option to btrfs-progs
when doing balance, several tests started to more heavily exercise balance
with fsstress, scrub and other operations in parallel, and therefore
started to hit this issue again (with btrfs/061 for example).
Fix this by having scrub increment the 'trimming' counter of the block
group, which pins the block group in such a way that it guarantees neither
its logical address nor device extents can be reused by future block group
allocations until we decrement the 'trimming' counter. Also make sure that
on each iteration of scrub_stripe() we stop scrubbing the block group if
it was removed already.
A later patch in the series will rename the block group's 'trimming'
counter and its helpers to a more generic name, since now it is not used
exclusively for pinning while trimming anymore.
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-05-08 18:01:10 +08:00
|
|
|
spin_unlock(&cache->lock);
|
|
|
|
|
2015-08-05 16:43:30 +08:00
|
|
|
/*
|
|
|
|
* we need call btrfs_inc_block_group_ro() with scrubs_paused,
|
|
|
|
* to avoid deadlock caused by:
|
|
|
|
* btrfs_inc_block_group_ro()
|
|
|
|
* -> btrfs_wait_for_commit()
|
|
|
|
* -> btrfs_commit_transaction()
|
|
|
|
* -> btrfs_scrub_pause()
|
|
|
|
*/
|
|
|
|
scrub_pause_on(fs_info);
|
btrfs: scrub: Don't check free space before marking a block group RO
[BUG]
When running btrfs/072 with only one online CPU, it has a pretty high
chance to fail:
btrfs/072 12s ... _check_dmesg: something found in dmesg (see xfstests-dev/results//btrfs/072.dmesg)
- output mismatch (see xfstests-dev/results//btrfs/072.out.bad)
--- tests/btrfs/072.out 2019-10-22 15:18:14.008965340 +0800
+++ /xfstests-dev/results//btrfs/072.out.bad 2019-11-14 15:56:45.877152240 +0800
@@ -1,2 +1,3 @@
QA output created by 072
Silence is golden
+Scrub find errors in "-m dup -d single" test
...
And with the following call trace:
BTRFS info (device dm-5): scrub: started on devid 1
------------[ cut here ]------------
BTRFS: Transaction aborted (error -27)
WARNING: CPU: 0 PID: 55087 at fs/btrfs/block-group.c:1890 btrfs_create_pending_block_groups+0x3e6/0x470 [btrfs]
CPU: 0 PID: 55087 Comm: btrfs Tainted: G W O 5.4.0-rc1-custom+ #13
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
RIP: 0010:btrfs_create_pending_block_groups+0x3e6/0x470 [btrfs]
Call Trace:
__btrfs_end_transaction+0xdb/0x310 [btrfs]
btrfs_end_transaction+0x10/0x20 [btrfs]
btrfs_inc_block_group_ro+0x1c9/0x210 [btrfs]
scrub_enumerate_chunks+0x264/0x940 [btrfs]
btrfs_scrub_dev+0x45c/0x8f0 [btrfs]
btrfs_ioctl+0x31a1/0x3fb0 [btrfs]
do_vfs_ioctl+0x636/0xaa0
ksys_ioctl+0x67/0x90
__x64_sys_ioctl+0x43/0x50
do_syscall_64+0x79/0xe0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
---[ end trace 166c865cec7688e7 ]---
[CAUSE]
The error number -27 is -EFBIG, returned from the following call chain:
btrfs_end_transaction()
|- __btrfs_end_transaction()
|- btrfs_create_pending_block_groups()
|- btrfs_finish_chunk_alloc()
|- btrfs_add_system_chunk()
This happens because we have used up all space of
btrfs_super_block::sys_chunk_array.
The root cause is, we have the following bad loop of creating tons of
system chunks:
1. The only SYSTEM chunk is being scrubbed
It's very common to have only one SYSTEM chunk.
2. New SYSTEM bg will be allocated
As btrfs_inc_block_group_ro() will check if we have enough space
after marking current bg RO. If not, then allocate a new chunk.
3. New SYSTEM bg is still empty, will be reclaimed
During the reclaim, we will mark it RO again.
4. That newly allocated empty SYSTEM bg get scrubbed
We go back to step 2, as the bg is already mark RO but still not
cleaned up yet.
If the cleaner kthread doesn't get executed fast enough (e.g. only one
CPU), then we will get more and more empty SYSTEM chunks, using up all
the space of btrfs_super_block::sys_chunk_array.
[FIX]
Since scrub/dev-replace doesn't always need to allocate new extent,
especially chunk tree extent, so we don't really need to do chunk
pre-allocation.
To break above spiral, here we introduce a new parameter to
btrfs_inc_block_group(), @do_chunk_alloc, which indicates whether we
need extra chunk pre-allocation.
For relocation, we pass @do_chunk_alloc=true, while for scrub, we pass
@do_chunk_alloc=false.
This should keep unnecessary empty chunks from popping up for scrub.
Also, since there are two parameters for btrfs_inc_block_group_ro(),
add more comment for it.
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2019-11-15 10:09:00 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Don't do chunk preallocation for scrub.
|
|
|
|
*
|
|
|
|
* This is especially important for SYSTEM bgs, or we can hit
|
|
|
|
* -EFBIG from btrfs_finish_chunk_alloc() like:
|
|
|
|
* 1. The only SYSTEM bg is marked RO.
|
|
|
|
* Since SYSTEM bg is small, that's pretty common.
|
|
|
|
* 2. New SYSTEM bg will be allocated
|
|
|
|
* Due to regular version will allocate new chunk.
|
|
|
|
* 3. New SYSTEM bg is empty and will get cleaned up
|
|
|
|
* Before cleanup really happens, it's marked RO again.
|
|
|
|
* 4. Empty SYSTEM bg get scrubbed
|
|
|
|
* We go back to 2.
|
|
|
|
*
|
|
|
|
* This can easily boost the amount of SYSTEM chunks if cleaner
|
|
|
|
* thread can't be triggered fast enough, and use up all space
|
|
|
|
* of btrfs_super_block::sys_chunk_array
|
btrfs: scrub: Require mandatory block group RO for dev-replace
[BUG]
For dev-replace test cases with fsstress, like btrfs/06[45] btrfs/071,
looped runs can lead to random failure, where scrub finds csum error.
The possibility is not high, around 1/20 to 1/100, but it's causing data
corruption.
The bug is observable after commit b12de52896c0 ("btrfs: scrub: Don't
check free space before marking a block group RO")
[CAUSE]
Dev-replace has two source of writes:
- Write duplication
All writes to source device will also be duplicated to target device.
Content: Not yet persisted data/meta
- Scrub copy
Dev-replace reused scrub code to iterate through existing extents, and
copy the verified data to target device.
Content: Previously persisted data and metadata
The difference in contents makes the following race possible:
Regular Writer | Dev-replace
-----------------------------------------------------------------
^ |
| Preallocate one data extent |
| at bytenr X, len 1M |
v |
^ Commit transaction |
| Now extent [X, X+1M) is in |
v commit root |
================== Dev replace starts =========================
| ^
| | Scrub extent [X, X+1M)
| | Read [X, X+1M)
| | (The content are mostly garbage
| | since it's preallocated)
^ | v
| Write back happens for |
| extent [X, X+512K) |
| New data writes to both |
| source and target dev. |
v |
| ^
| | Scrub writes back extent [X, X+1M)
| | to target device.
| | This will over write the new data in
| | [X, X+512K)
| v
This race can only happen for nocow writes. Thus metadata and data cow
writes are safe, as COW will never overwrite extents of previous
transaction (in commit root).
This behavior can be confirmed by disabling all fallocate related calls
in fsstress (*), then all related tests can pass a 2000 run loop.
*: FSSTRESS_AVOID="-f fallocate=0 -f allocsp=0 -f zero=0 -f insert=0 \
-f collapse=0 -f punch=0 -f resvsp=0"
I didn't expect resvsp ioctl will fallback to fallocate in VFS...
[FIX]
Make dev-replace to require mandatory block group RO, and wait for current
nocow writes before calling scrub_chunk().
This patch will mostly revert commit 76a8efa171bf ("btrfs: Continue replace
when set_block_ro failed") for dev-replace path.
The side effect is, dev-replace can be more strict on avaialble space, but
definitely worth to avoid data corruption.
Reported-by: Filipe Manana <fdmanana@suse.com>
Fixes: 76a8efa171bf ("btrfs: Continue replace when set_block_ro failed")
Fixes: b12de52896c0 ("btrfs: scrub: Don't check free space before marking a block group RO")
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-01-24 07:58:20 +08:00
|
|
|
*
|
|
|
|
* While for dev replace, we need to try our best to mark block
|
|
|
|
* group RO, to prevent race between:
|
|
|
|
* - Write duplication
|
|
|
|
* Contains latest data
|
|
|
|
* - Scrub copy
|
|
|
|
* Contains data from commit tree
|
|
|
|
*
|
|
|
|
* If target block group is not marked RO, nocow writes can
|
|
|
|
* be overwritten by scrub copy, causing data corruption.
|
|
|
|
* So for dev-replace, it's not allowed to continue if a block
|
|
|
|
* group is not RO.
|
btrfs: scrub: Don't check free space before marking a block group RO
[BUG]
When running btrfs/072 with only one online CPU, it has a pretty high
chance to fail:
btrfs/072 12s ... _check_dmesg: something found in dmesg (see xfstests-dev/results//btrfs/072.dmesg)
- output mismatch (see xfstests-dev/results//btrfs/072.out.bad)
--- tests/btrfs/072.out 2019-10-22 15:18:14.008965340 +0800
+++ /xfstests-dev/results//btrfs/072.out.bad 2019-11-14 15:56:45.877152240 +0800
@@ -1,2 +1,3 @@
QA output created by 072
Silence is golden
+Scrub find errors in "-m dup -d single" test
...
And with the following call trace:
BTRFS info (device dm-5): scrub: started on devid 1
------------[ cut here ]------------
BTRFS: Transaction aborted (error -27)
WARNING: CPU: 0 PID: 55087 at fs/btrfs/block-group.c:1890 btrfs_create_pending_block_groups+0x3e6/0x470 [btrfs]
CPU: 0 PID: 55087 Comm: btrfs Tainted: G W O 5.4.0-rc1-custom+ #13
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
RIP: 0010:btrfs_create_pending_block_groups+0x3e6/0x470 [btrfs]
Call Trace:
__btrfs_end_transaction+0xdb/0x310 [btrfs]
btrfs_end_transaction+0x10/0x20 [btrfs]
btrfs_inc_block_group_ro+0x1c9/0x210 [btrfs]
scrub_enumerate_chunks+0x264/0x940 [btrfs]
btrfs_scrub_dev+0x45c/0x8f0 [btrfs]
btrfs_ioctl+0x31a1/0x3fb0 [btrfs]
do_vfs_ioctl+0x636/0xaa0
ksys_ioctl+0x67/0x90
__x64_sys_ioctl+0x43/0x50
do_syscall_64+0x79/0xe0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
---[ end trace 166c865cec7688e7 ]---
[CAUSE]
The error number -27 is -EFBIG, returned from the following call chain:
btrfs_end_transaction()
|- __btrfs_end_transaction()
|- btrfs_create_pending_block_groups()
|- btrfs_finish_chunk_alloc()
|- btrfs_add_system_chunk()
This happens because we have used up all space of
btrfs_super_block::sys_chunk_array.
The root cause is, we have the following bad loop of creating tons of
system chunks:
1. The only SYSTEM chunk is being scrubbed
It's very common to have only one SYSTEM chunk.
2. New SYSTEM bg will be allocated
As btrfs_inc_block_group_ro() will check if we have enough space
after marking current bg RO. If not, then allocate a new chunk.
3. New SYSTEM bg is still empty, will be reclaimed
During the reclaim, we will mark it RO again.
4. That newly allocated empty SYSTEM bg get scrubbed
We go back to step 2, as the bg is already mark RO but still not
cleaned up yet.
If the cleaner kthread doesn't get executed fast enough (e.g. only one
CPU), then we will get more and more empty SYSTEM chunks, using up all
the space of btrfs_super_block::sys_chunk_array.
[FIX]
Since scrub/dev-replace doesn't always need to allocate new extent,
especially chunk tree extent, so we don't really need to do chunk
pre-allocation.
To break above spiral, here we introduce a new parameter to
btrfs_inc_block_group(), @do_chunk_alloc, which indicates whether we
need extra chunk pre-allocation.
For relocation, we pass @do_chunk_alloc=true, while for scrub, we pass
@do_chunk_alloc=false.
This should keep unnecessary empty chunks from popping up for scrub.
Also, since there are two parameters for btrfs_inc_block_group_ro(),
add more comment for it.
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2019-11-15 10:09:00 +08:00
|
|
|
*/
|
btrfs: scrub: Require mandatory block group RO for dev-replace
[BUG]
For dev-replace test cases with fsstress, like btrfs/06[45] btrfs/071,
looped runs can lead to random failure, where scrub finds csum error.
The possibility is not high, around 1/20 to 1/100, but it's causing data
corruption.
The bug is observable after commit b12de52896c0 ("btrfs: scrub: Don't
check free space before marking a block group RO")
[CAUSE]
Dev-replace has two source of writes:
- Write duplication
All writes to source device will also be duplicated to target device.
Content: Not yet persisted data/meta
- Scrub copy
Dev-replace reused scrub code to iterate through existing extents, and
copy the verified data to target device.
Content: Previously persisted data and metadata
The difference in contents makes the following race possible:
Regular Writer | Dev-replace
-----------------------------------------------------------------
^ |
| Preallocate one data extent |
| at bytenr X, len 1M |
v |
^ Commit transaction |
| Now extent [X, X+1M) is in |
v commit root |
================== Dev replace starts =========================
| ^
| | Scrub extent [X, X+1M)
| | Read [X, X+1M)
| | (The content are mostly garbage
| | since it's preallocated)
^ | v
| Write back happens for |
| extent [X, X+512K) |
| New data writes to both |
| source and target dev. |
v |
| ^
| | Scrub writes back extent [X, X+1M)
| | to target device.
| | This will over write the new data in
| | [X, X+512K)
| v
This race can only happen for nocow writes. Thus metadata and data cow
writes are safe, as COW will never overwrite extents of previous
transaction (in commit root).
This behavior can be confirmed by disabling all fallocate related calls
in fsstress (*), then all related tests can pass a 2000 run loop.
*: FSSTRESS_AVOID="-f fallocate=0 -f allocsp=0 -f zero=0 -f insert=0 \
-f collapse=0 -f punch=0 -f resvsp=0"
I didn't expect resvsp ioctl will fallback to fallocate in VFS...
[FIX]
Make dev-replace to require mandatory block group RO, and wait for current
nocow writes before calling scrub_chunk().
This patch will mostly revert commit 76a8efa171bf ("btrfs: Continue replace
when set_block_ro failed") for dev-replace path.
The side effect is, dev-replace can be more strict on avaialble space, but
definitely worth to avoid data corruption.
Reported-by: Filipe Manana <fdmanana@suse.com>
Fixes: 76a8efa171bf ("btrfs: Continue replace when set_block_ro failed")
Fixes: b12de52896c0 ("btrfs: scrub: Don't check free space before marking a block group RO")
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-01-24 07:58:20 +08:00
|
|
|
ret = btrfs_inc_block_group_ro(cache, sctx->is_dev_replace);
|
2021-02-04 18:22:13 +08:00
|
|
|
if (!ret && sctx->is_dev_replace) {
|
|
|
|
ret = finish_extent_writes_for_zoned(root, cache);
|
|
|
|
if (ret) {
|
|
|
|
btrfs_dec_block_group_ro(cache);
|
|
|
|
scrub_pause_off(fs_info);
|
|
|
|
btrfs_put_block_group(cache);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
btrfs: Continue replace when set_block_ro failed
xfstests/011 failed in node with small_size filesystem.
Can be reproduced by following script:
DEV_LIST="/dev/vdd /dev/vde"
DEV_REPLACE="/dev/vdf"
do_test()
{
local mkfs_opt="$1"
local size="$2"
dmesg -c >/dev/null
umount $SCRATCH_MNT &>/dev/null
echo mkfs.btrfs -f $mkfs_opt "${DEV_LIST[*]}"
mkfs.btrfs -f $mkfs_opt "${DEV_LIST[@]}" || return 1
mount "${DEV_LIST[0]}" $SCRATCH_MNT
echo -n "Writing big files"
dd if=/dev/urandom of=$SCRATCH_MNT/t0 bs=1M count=1 >/dev/null 2>&1
for ((i = 1; i <= size; i++)); do
echo -n .
/bin/cp $SCRATCH_MNT/t0 $SCRATCH_MNT/t$i || return 1
done
echo
echo Start replace
btrfs replace start -Bf "${DEV_LIST[0]}" "$DEV_REPLACE" $SCRATCH_MNT || {
dmesg
return 1
}
return 0
}
# Set size to value near fs size
# for example, 1897 can trigger this bug in 2.6G device.
#
./do_test "-d raid1 -m raid1" 1897
System will report replace fail with following warning in dmesg:
[ 134.710853] BTRFS: dev_replace from /dev/vdd (devid 1) to /dev/vdf started
[ 135.542390] BTRFS: btrfs_scrub_dev(/dev/vdd, 1, /dev/vdf) failed -28
[ 135.543505] ------------[ cut here ]------------
[ 135.544127] WARNING: CPU: 0 PID: 4080 at fs/btrfs/dev-replace.c:428 btrfs_dev_replace_start+0x398/0x440()
[ 135.545276] Modules linked in:
[ 135.545681] CPU: 0 PID: 4080 Comm: btrfs Not tainted 4.3.0 #256
[ 135.546439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
[ 135.547798] ffffffff81c5bfcf ffff88003cbb3d28 ffffffff817fe7b5 0000000000000000
[ 135.548774] ffff88003cbb3d60 ffffffff810a88f1 ffff88002b030000 00000000ffffffe4
[ 135.549774] ffff88003c080000 ffff88003c082588 ffff88003c28ab60 ffff88003cbb3d70
[ 135.550758] Call Trace:
[ 135.551086] [<ffffffff817fe7b5>] dump_stack+0x44/0x55
[ 135.551737] [<ffffffff810a88f1>] warn_slowpath_common+0x81/0xc0
[ 135.552487] [<ffffffff810a89e5>] warn_slowpath_null+0x15/0x20
[ 135.553211] [<ffffffff81448c88>] btrfs_dev_replace_start+0x398/0x440
[ 135.554051] [<ffffffff81412c3e>] btrfs_ioctl+0x1d2e/0x25c0
[ 135.554722] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.555506] [<ffffffff8111ab36>] ? current_kernel_time64+0x56/0xa0
[ 135.556304] [<ffffffff81201e3d>] do_vfs_ioctl+0x30d/0x580
[ 135.557009] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.557855] [<ffffffff810011d1>] ? do_audit_syscall_entry+0x61/0x70
[ 135.558669] [<ffffffff8120d1c1>] ? __fget_light+0x61/0x90
[ 135.559374] [<ffffffff81202124>] SyS_ioctl+0x74/0x80
[ 135.559987] [<ffffffff81809857>] entry_SYSCALL_64_fastpath+0x12/0x6f
[ 135.560842] ---[ end trace 2a5c1fc3205abbdd ]---
Reason:
When big data writen to fs, the whole free space will be allocated
for data chunk.
And operation as scrub need to set_block_ro(), and when there is
only one metadata chunk in system(or other metadata chunks
are all full), the function will try to allocate a new chunk,
and failed because no space in device.
Fix:
When set_block_ro failed for metadata chunk, it is not a problem
because scrub_lock paused commit_trancaction in same time, and
metadata are always cowed, so the on-the-fly writepages will not
write data into same place with scrub/replace.
Let replace continue in this case is no problem.
Tested by above script, and xfstests/011, plus 100 times xfstests/070.
Changelog v1->v2:
1: Add detail comments in source and commit-message.
2: Add dmesg detail into commit-message.
3: Limit return value of -ENOSPC to be passed.
All suggested by: Filipe Manana <fdmanana@gmail.com>
Suggested-by: Filipe Manana <fdmanana@gmail.com>
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-11-17 18:46:17 +08:00
|
|
|
if (ret == 0) {
|
|
|
|
ro_set = 1;
|
btrfs: scrub: Require mandatory block group RO for dev-replace
[BUG]
For dev-replace test cases with fsstress, like btrfs/06[45] btrfs/071,
looped runs can lead to random failure, where scrub finds csum error.
The possibility is not high, around 1/20 to 1/100, but it's causing data
corruption.
The bug is observable after commit b12de52896c0 ("btrfs: scrub: Don't
check free space before marking a block group RO")
[CAUSE]
Dev-replace has two source of writes:
- Write duplication
All writes to source device will also be duplicated to target device.
Content: Not yet persisted data/meta
- Scrub copy
Dev-replace reused scrub code to iterate through existing extents, and
copy the verified data to target device.
Content: Previously persisted data and metadata
The difference in contents makes the following race possible:
Regular Writer | Dev-replace
-----------------------------------------------------------------
^ |
| Preallocate one data extent |
| at bytenr X, len 1M |
v |
^ Commit transaction |
| Now extent [X, X+1M) is in |
v commit root |
================== Dev replace starts =========================
| ^
| | Scrub extent [X, X+1M)
| | Read [X, X+1M)
| | (The content are mostly garbage
| | since it's preallocated)
^ | v
| Write back happens for |
| extent [X, X+512K) |
| New data writes to both |
| source and target dev. |
v |
| ^
| | Scrub writes back extent [X, X+1M)
| | to target device.
| | This will over write the new data in
| | [X, X+512K)
| v
This race can only happen for nocow writes. Thus metadata and data cow
writes are safe, as COW will never overwrite extents of previous
transaction (in commit root).
This behavior can be confirmed by disabling all fallocate related calls
in fsstress (*), then all related tests can pass a 2000 run loop.
*: FSSTRESS_AVOID="-f fallocate=0 -f allocsp=0 -f zero=0 -f insert=0 \
-f collapse=0 -f punch=0 -f resvsp=0"
I didn't expect resvsp ioctl will fallback to fallocate in VFS...
[FIX]
Make dev-replace to require mandatory block group RO, and wait for current
nocow writes before calling scrub_chunk().
This patch will mostly revert commit 76a8efa171bf ("btrfs: Continue replace
when set_block_ro failed") for dev-replace path.
The side effect is, dev-replace can be more strict on avaialble space, but
definitely worth to avoid data corruption.
Reported-by: Filipe Manana <fdmanana@suse.com>
Fixes: 76a8efa171bf ("btrfs: Continue replace when set_block_ro failed")
Fixes: b12de52896c0 ("btrfs: scrub: Don't check free space before marking a block group RO")
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-01-24 07:58:20 +08:00
|
|
|
} else if (ret == -ENOSPC && !sctx->is_dev_replace) {
|
btrfs: Continue replace when set_block_ro failed
xfstests/011 failed in node with small_size filesystem.
Can be reproduced by following script:
DEV_LIST="/dev/vdd /dev/vde"
DEV_REPLACE="/dev/vdf"
do_test()
{
local mkfs_opt="$1"
local size="$2"
dmesg -c >/dev/null
umount $SCRATCH_MNT &>/dev/null
echo mkfs.btrfs -f $mkfs_opt "${DEV_LIST[*]}"
mkfs.btrfs -f $mkfs_opt "${DEV_LIST[@]}" || return 1
mount "${DEV_LIST[0]}" $SCRATCH_MNT
echo -n "Writing big files"
dd if=/dev/urandom of=$SCRATCH_MNT/t0 bs=1M count=1 >/dev/null 2>&1
for ((i = 1; i <= size; i++)); do
echo -n .
/bin/cp $SCRATCH_MNT/t0 $SCRATCH_MNT/t$i || return 1
done
echo
echo Start replace
btrfs replace start -Bf "${DEV_LIST[0]}" "$DEV_REPLACE" $SCRATCH_MNT || {
dmesg
return 1
}
return 0
}
# Set size to value near fs size
# for example, 1897 can trigger this bug in 2.6G device.
#
./do_test "-d raid1 -m raid1" 1897
System will report replace fail with following warning in dmesg:
[ 134.710853] BTRFS: dev_replace from /dev/vdd (devid 1) to /dev/vdf started
[ 135.542390] BTRFS: btrfs_scrub_dev(/dev/vdd, 1, /dev/vdf) failed -28
[ 135.543505] ------------[ cut here ]------------
[ 135.544127] WARNING: CPU: 0 PID: 4080 at fs/btrfs/dev-replace.c:428 btrfs_dev_replace_start+0x398/0x440()
[ 135.545276] Modules linked in:
[ 135.545681] CPU: 0 PID: 4080 Comm: btrfs Not tainted 4.3.0 #256
[ 135.546439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
[ 135.547798] ffffffff81c5bfcf ffff88003cbb3d28 ffffffff817fe7b5 0000000000000000
[ 135.548774] ffff88003cbb3d60 ffffffff810a88f1 ffff88002b030000 00000000ffffffe4
[ 135.549774] ffff88003c080000 ffff88003c082588 ffff88003c28ab60 ffff88003cbb3d70
[ 135.550758] Call Trace:
[ 135.551086] [<ffffffff817fe7b5>] dump_stack+0x44/0x55
[ 135.551737] [<ffffffff810a88f1>] warn_slowpath_common+0x81/0xc0
[ 135.552487] [<ffffffff810a89e5>] warn_slowpath_null+0x15/0x20
[ 135.553211] [<ffffffff81448c88>] btrfs_dev_replace_start+0x398/0x440
[ 135.554051] [<ffffffff81412c3e>] btrfs_ioctl+0x1d2e/0x25c0
[ 135.554722] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.555506] [<ffffffff8111ab36>] ? current_kernel_time64+0x56/0xa0
[ 135.556304] [<ffffffff81201e3d>] do_vfs_ioctl+0x30d/0x580
[ 135.557009] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.557855] [<ffffffff810011d1>] ? do_audit_syscall_entry+0x61/0x70
[ 135.558669] [<ffffffff8120d1c1>] ? __fget_light+0x61/0x90
[ 135.559374] [<ffffffff81202124>] SyS_ioctl+0x74/0x80
[ 135.559987] [<ffffffff81809857>] entry_SYSCALL_64_fastpath+0x12/0x6f
[ 135.560842] ---[ end trace 2a5c1fc3205abbdd ]---
Reason:
When big data writen to fs, the whole free space will be allocated
for data chunk.
And operation as scrub need to set_block_ro(), and when there is
only one metadata chunk in system(or other metadata chunks
are all full), the function will try to allocate a new chunk,
and failed because no space in device.
Fix:
When set_block_ro failed for metadata chunk, it is not a problem
because scrub_lock paused commit_trancaction in same time, and
metadata are always cowed, so the on-the-fly writepages will not
write data into same place with scrub/replace.
Let replace continue in this case is no problem.
Tested by above script, and xfstests/011, plus 100 times xfstests/070.
Changelog v1->v2:
1: Add detail comments in source and commit-message.
2: Add dmesg detail into commit-message.
3: Limit return value of -ENOSPC to be passed.
All suggested by: Filipe Manana <fdmanana@gmail.com>
Suggested-by: Filipe Manana <fdmanana@gmail.com>
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-11-17 18:46:17 +08:00
|
|
|
/*
|
|
|
|
* btrfs_inc_block_group_ro return -ENOSPC when it
|
|
|
|
* failed in creating new chunk for metadata.
|
btrfs: scrub: Require mandatory block group RO for dev-replace
[BUG]
For dev-replace test cases with fsstress, like btrfs/06[45] btrfs/071,
looped runs can lead to random failure, where scrub finds csum error.
The possibility is not high, around 1/20 to 1/100, but it's causing data
corruption.
The bug is observable after commit b12de52896c0 ("btrfs: scrub: Don't
check free space before marking a block group RO")
[CAUSE]
Dev-replace has two source of writes:
- Write duplication
All writes to source device will also be duplicated to target device.
Content: Not yet persisted data/meta
- Scrub copy
Dev-replace reused scrub code to iterate through existing extents, and
copy the verified data to target device.
Content: Previously persisted data and metadata
The difference in contents makes the following race possible:
Regular Writer | Dev-replace
-----------------------------------------------------------------
^ |
| Preallocate one data extent |
| at bytenr X, len 1M |
v |
^ Commit transaction |
| Now extent [X, X+1M) is in |
v commit root |
================== Dev replace starts =========================
| ^
| | Scrub extent [X, X+1M)
| | Read [X, X+1M)
| | (The content are mostly garbage
| | since it's preallocated)
^ | v
| Write back happens for |
| extent [X, X+512K) |
| New data writes to both |
| source and target dev. |
v |
| ^
| | Scrub writes back extent [X, X+1M)
| | to target device.
| | This will over write the new data in
| | [X, X+512K)
| v
This race can only happen for nocow writes. Thus metadata and data cow
writes are safe, as COW will never overwrite extents of previous
transaction (in commit root).
This behavior can be confirmed by disabling all fallocate related calls
in fsstress (*), then all related tests can pass a 2000 run loop.
*: FSSTRESS_AVOID="-f fallocate=0 -f allocsp=0 -f zero=0 -f insert=0 \
-f collapse=0 -f punch=0 -f resvsp=0"
I didn't expect resvsp ioctl will fallback to fallocate in VFS...
[FIX]
Make dev-replace to require mandatory block group RO, and wait for current
nocow writes before calling scrub_chunk().
This patch will mostly revert commit 76a8efa171bf ("btrfs: Continue replace
when set_block_ro failed") for dev-replace path.
The side effect is, dev-replace can be more strict on avaialble space, but
definitely worth to avoid data corruption.
Reported-by: Filipe Manana <fdmanana@suse.com>
Fixes: 76a8efa171bf ("btrfs: Continue replace when set_block_ro failed")
Fixes: b12de52896c0 ("btrfs: scrub: Don't check free space before marking a block group RO")
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-01-24 07:58:20 +08:00
|
|
|
* It is not a problem for scrub, because
|
btrfs: Continue replace when set_block_ro failed
xfstests/011 failed in node with small_size filesystem.
Can be reproduced by following script:
DEV_LIST="/dev/vdd /dev/vde"
DEV_REPLACE="/dev/vdf"
do_test()
{
local mkfs_opt="$1"
local size="$2"
dmesg -c >/dev/null
umount $SCRATCH_MNT &>/dev/null
echo mkfs.btrfs -f $mkfs_opt "${DEV_LIST[*]}"
mkfs.btrfs -f $mkfs_opt "${DEV_LIST[@]}" || return 1
mount "${DEV_LIST[0]}" $SCRATCH_MNT
echo -n "Writing big files"
dd if=/dev/urandom of=$SCRATCH_MNT/t0 bs=1M count=1 >/dev/null 2>&1
for ((i = 1; i <= size; i++)); do
echo -n .
/bin/cp $SCRATCH_MNT/t0 $SCRATCH_MNT/t$i || return 1
done
echo
echo Start replace
btrfs replace start -Bf "${DEV_LIST[0]}" "$DEV_REPLACE" $SCRATCH_MNT || {
dmesg
return 1
}
return 0
}
# Set size to value near fs size
# for example, 1897 can trigger this bug in 2.6G device.
#
./do_test "-d raid1 -m raid1" 1897
System will report replace fail with following warning in dmesg:
[ 134.710853] BTRFS: dev_replace from /dev/vdd (devid 1) to /dev/vdf started
[ 135.542390] BTRFS: btrfs_scrub_dev(/dev/vdd, 1, /dev/vdf) failed -28
[ 135.543505] ------------[ cut here ]------------
[ 135.544127] WARNING: CPU: 0 PID: 4080 at fs/btrfs/dev-replace.c:428 btrfs_dev_replace_start+0x398/0x440()
[ 135.545276] Modules linked in:
[ 135.545681] CPU: 0 PID: 4080 Comm: btrfs Not tainted 4.3.0 #256
[ 135.546439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
[ 135.547798] ffffffff81c5bfcf ffff88003cbb3d28 ffffffff817fe7b5 0000000000000000
[ 135.548774] ffff88003cbb3d60 ffffffff810a88f1 ffff88002b030000 00000000ffffffe4
[ 135.549774] ffff88003c080000 ffff88003c082588 ffff88003c28ab60 ffff88003cbb3d70
[ 135.550758] Call Trace:
[ 135.551086] [<ffffffff817fe7b5>] dump_stack+0x44/0x55
[ 135.551737] [<ffffffff810a88f1>] warn_slowpath_common+0x81/0xc0
[ 135.552487] [<ffffffff810a89e5>] warn_slowpath_null+0x15/0x20
[ 135.553211] [<ffffffff81448c88>] btrfs_dev_replace_start+0x398/0x440
[ 135.554051] [<ffffffff81412c3e>] btrfs_ioctl+0x1d2e/0x25c0
[ 135.554722] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.555506] [<ffffffff8111ab36>] ? current_kernel_time64+0x56/0xa0
[ 135.556304] [<ffffffff81201e3d>] do_vfs_ioctl+0x30d/0x580
[ 135.557009] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.557855] [<ffffffff810011d1>] ? do_audit_syscall_entry+0x61/0x70
[ 135.558669] [<ffffffff8120d1c1>] ? __fget_light+0x61/0x90
[ 135.559374] [<ffffffff81202124>] SyS_ioctl+0x74/0x80
[ 135.559987] [<ffffffff81809857>] entry_SYSCALL_64_fastpath+0x12/0x6f
[ 135.560842] ---[ end trace 2a5c1fc3205abbdd ]---
Reason:
When big data writen to fs, the whole free space will be allocated
for data chunk.
And operation as scrub need to set_block_ro(), and when there is
only one metadata chunk in system(or other metadata chunks
are all full), the function will try to allocate a new chunk,
and failed because no space in device.
Fix:
When set_block_ro failed for metadata chunk, it is not a problem
because scrub_lock paused commit_trancaction in same time, and
metadata are always cowed, so the on-the-fly writepages will not
write data into same place with scrub/replace.
Let replace continue in this case is no problem.
Tested by above script, and xfstests/011, plus 100 times xfstests/070.
Changelog v1->v2:
1: Add detail comments in source and commit-message.
2: Add dmesg detail into commit-message.
3: Limit return value of -ENOSPC to be passed.
All suggested by: Filipe Manana <fdmanana@gmail.com>
Suggested-by: Filipe Manana <fdmanana@gmail.com>
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-11-17 18:46:17 +08:00
|
|
|
* metadata are always cowed, and our scrub paused
|
|
|
|
* commit_transactions.
|
|
|
|
*/
|
|
|
|
ro_set = 0;
|
btrfs: fix race between writes to swap files and scrub
When we active a swap file, at btrfs_swap_activate(), we acquire the
exclusive operation lock to prevent the physical location of the swap
file extents to be changed by operations such as balance and device
replace/resize/remove. We also call there can_nocow_extent() which,
among other things, checks if the block group of a swap file extent is
currently RO, and if it is we can not use the extent, since a write
into it would result in COWing the extent.
However we have no protection against a scrub operation running after we
activate the swap file, which can result in the swap file extents to be
COWed while the scrub is running and operating on the respective block
group, because scrub turns a block group into RO before it processes it
and then back again to RW mode after processing it. That means an attempt
to write into a swap file extent while scrub is processing the respective
block group, will result in COWing the extent, changing its physical
location on disk.
Fix this by making sure that block groups that have extents that are used
by active swap files can not be turned into RO mode, therefore making it
not possible for a scrub to turn them into RO mode. When a scrub finds a
block group that can not be turned to RO due to the existence of extents
used by swap files, it proceeds to the next block group and logs a warning
message that mentions the block group was skipped due to active swap
files - this is the same approach we currently use for balance.
Fixes: ed46ff3d42378 ("Btrfs: support swap files")
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-02-05 20:55:37 +08:00
|
|
|
} else if (ret == -ETXTBSY) {
|
|
|
|
btrfs_warn(fs_info,
|
|
|
|
"skipping scrub of block group %llu due to active swapfile",
|
|
|
|
cache->start);
|
|
|
|
scrub_pause_off(fs_info);
|
|
|
|
ret = 0;
|
|
|
|
goto skip_unfreeze;
|
btrfs: Continue replace when set_block_ro failed
xfstests/011 failed in node with small_size filesystem.
Can be reproduced by following script:
DEV_LIST="/dev/vdd /dev/vde"
DEV_REPLACE="/dev/vdf"
do_test()
{
local mkfs_opt="$1"
local size="$2"
dmesg -c >/dev/null
umount $SCRATCH_MNT &>/dev/null
echo mkfs.btrfs -f $mkfs_opt "${DEV_LIST[*]}"
mkfs.btrfs -f $mkfs_opt "${DEV_LIST[@]}" || return 1
mount "${DEV_LIST[0]}" $SCRATCH_MNT
echo -n "Writing big files"
dd if=/dev/urandom of=$SCRATCH_MNT/t0 bs=1M count=1 >/dev/null 2>&1
for ((i = 1; i <= size; i++)); do
echo -n .
/bin/cp $SCRATCH_MNT/t0 $SCRATCH_MNT/t$i || return 1
done
echo
echo Start replace
btrfs replace start -Bf "${DEV_LIST[0]}" "$DEV_REPLACE" $SCRATCH_MNT || {
dmesg
return 1
}
return 0
}
# Set size to value near fs size
# for example, 1897 can trigger this bug in 2.6G device.
#
./do_test "-d raid1 -m raid1" 1897
System will report replace fail with following warning in dmesg:
[ 134.710853] BTRFS: dev_replace from /dev/vdd (devid 1) to /dev/vdf started
[ 135.542390] BTRFS: btrfs_scrub_dev(/dev/vdd, 1, /dev/vdf) failed -28
[ 135.543505] ------------[ cut here ]------------
[ 135.544127] WARNING: CPU: 0 PID: 4080 at fs/btrfs/dev-replace.c:428 btrfs_dev_replace_start+0x398/0x440()
[ 135.545276] Modules linked in:
[ 135.545681] CPU: 0 PID: 4080 Comm: btrfs Not tainted 4.3.0 #256
[ 135.546439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
[ 135.547798] ffffffff81c5bfcf ffff88003cbb3d28 ffffffff817fe7b5 0000000000000000
[ 135.548774] ffff88003cbb3d60 ffffffff810a88f1 ffff88002b030000 00000000ffffffe4
[ 135.549774] ffff88003c080000 ffff88003c082588 ffff88003c28ab60 ffff88003cbb3d70
[ 135.550758] Call Trace:
[ 135.551086] [<ffffffff817fe7b5>] dump_stack+0x44/0x55
[ 135.551737] [<ffffffff810a88f1>] warn_slowpath_common+0x81/0xc0
[ 135.552487] [<ffffffff810a89e5>] warn_slowpath_null+0x15/0x20
[ 135.553211] [<ffffffff81448c88>] btrfs_dev_replace_start+0x398/0x440
[ 135.554051] [<ffffffff81412c3e>] btrfs_ioctl+0x1d2e/0x25c0
[ 135.554722] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.555506] [<ffffffff8111ab36>] ? current_kernel_time64+0x56/0xa0
[ 135.556304] [<ffffffff81201e3d>] do_vfs_ioctl+0x30d/0x580
[ 135.557009] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.557855] [<ffffffff810011d1>] ? do_audit_syscall_entry+0x61/0x70
[ 135.558669] [<ffffffff8120d1c1>] ? __fget_light+0x61/0x90
[ 135.559374] [<ffffffff81202124>] SyS_ioctl+0x74/0x80
[ 135.559987] [<ffffffff81809857>] entry_SYSCALL_64_fastpath+0x12/0x6f
[ 135.560842] ---[ end trace 2a5c1fc3205abbdd ]---
Reason:
When big data writen to fs, the whole free space will be allocated
for data chunk.
And operation as scrub need to set_block_ro(), and when there is
only one metadata chunk in system(or other metadata chunks
are all full), the function will try to allocate a new chunk,
and failed because no space in device.
Fix:
When set_block_ro failed for metadata chunk, it is not a problem
because scrub_lock paused commit_trancaction in same time, and
metadata are always cowed, so the on-the-fly writepages will not
write data into same place with scrub/replace.
Let replace continue in this case is no problem.
Tested by above script, and xfstests/011, plus 100 times xfstests/070.
Changelog v1->v2:
1: Add detail comments in source and commit-message.
2: Add dmesg detail into commit-message.
3: Limit return value of -ENOSPC to be passed.
All suggested by: Filipe Manana <fdmanana@gmail.com>
Suggested-by: Filipe Manana <fdmanana@gmail.com>
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-11-17 18:46:17 +08:00
|
|
|
} else {
|
2016-09-20 22:05:00 +08:00
|
|
|
btrfs_warn(fs_info,
|
2017-07-13 21:32:18 +08:00
|
|
|
"failed setting block group ro: %d", ret);
|
2020-05-08 18:01:47 +08:00
|
|
|
btrfs_unfreeze_block_group(cache);
|
2015-08-05 16:43:30 +08:00
|
|
|
btrfs_put_block_group(cache);
|
btrfs: scrub: Require mandatory block group RO for dev-replace
[BUG]
For dev-replace test cases with fsstress, like btrfs/06[45] btrfs/071,
looped runs can lead to random failure, where scrub finds csum error.
The possibility is not high, around 1/20 to 1/100, but it's causing data
corruption.
The bug is observable after commit b12de52896c0 ("btrfs: scrub: Don't
check free space before marking a block group RO")
[CAUSE]
Dev-replace has two source of writes:
- Write duplication
All writes to source device will also be duplicated to target device.
Content: Not yet persisted data/meta
- Scrub copy
Dev-replace reused scrub code to iterate through existing extents, and
copy the verified data to target device.
Content: Previously persisted data and metadata
The difference in contents makes the following race possible:
Regular Writer | Dev-replace
-----------------------------------------------------------------
^ |
| Preallocate one data extent |
| at bytenr X, len 1M |
v |
^ Commit transaction |
| Now extent [X, X+1M) is in |
v commit root |
================== Dev replace starts =========================
| ^
| | Scrub extent [X, X+1M)
| | Read [X, X+1M)
| | (The content are mostly garbage
| | since it's preallocated)
^ | v
| Write back happens for |
| extent [X, X+512K) |
| New data writes to both |
| source and target dev. |
v |
| ^
| | Scrub writes back extent [X, X+1M)
| | to target device.
| | This will over write the new data in
| | [X, X+512K)
| v
This race can only happen for nocow writes. Thus metadata and data cow
writes are safe, as COW will never overwrite extents of previous
transaction (in commit root).
This behavior can be confirmed by disabling all fallocate related calls
in fsstress (*), then all related tests can pass a 2000 run loop.
*: FSSTRESS_AVOID="-f fallocate=0 -f allocsp=0 -f zero=0 -f insert=0 \
-f collapse=0 -f punch=0 -f resvsp=0"
I didn't expect resvsp ioctl will fallback to fallocate in VFS...
[FIX]
Make dev-replace to require mandatory block group RO, and wait for current
nocow writes before calling scrub_chunk().
This patch will mostly revert commit 76a8efa171bf ("btrfs: Continue replace
when set_block_ro failed") for dev-replace path.
The side effect is, dev-replace can be more strict on avaialble space, but
definitely worth to avoid data corruption.
Reported-by: Filipe Manana <fdmanana@suse.com>
Fixes: 76a8efa171bf ("btrfs: Continue replace when set_block_ro failed")
Fixes: b12de52896c0 ("btrfs: scrub: Don't check free space before marking a block group RO")
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-01-24 07:58:20 +08:00
|
|
|
scrub_pause_off(fs_info);
|
2015-08-05 16:43:30 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
btrfs: scrub: Require mandatory block group RO for dev-replace
[BUG]
For dev-replace test cases with fsstress, like btrfs/06[45] btrfs/071,
looped runs can lead to random failure, where scrub finds csum error.
The possibility is not high, around 1/20 to 1/100, but it's causing data
corruption.
The bug is observable after commit b12de52896c0 ("btrfs: scrub: Don't
check free space before marking a block group RO")
[CAUSE]
Dev-replace has two source of writes:
- Write duplication
All writes to source device will also be duplicated to target device.
Content: Not yet persisted data/meta
- Scrub copy
Dev-replace reused scrub code to iterate through existing extents, and
copy the verified data to target device.
Content: Previously persisted data and metadata
The difference in contents makes the following race possible:
Regular Writer | Dev-replace
-----------------------------------------------------------------
^ |
| Preallocate one data extent |
| at bytenr X, len 1M |
v |
^ Commit transaction |
| Now extent [X, X+1M) is in |
v commit root |
================== Dev replace starts =========================
| ^
| | Scrub extent [X, X+1M)
| | Read [X, X+1M)
| | (The content are mostly garbage
| | since it's preallocated)
^ | v
| Write back happens for |
| extent [X, X+512K) |
| New data writes to both |
| source and target dev. |
v |
| ^
| | Scrub writes back extent [X, X+1M)
| | to target device.
| | This will over write the new data in
| | [X, X+512K)
| v
This race can only happen for nocow writes. Thus metadata and data cow
writes are safe, as COW will never overwrite extents of previous
transaction (in commit root).
This behavior can be confirmed by disabling all fallocate related calls
in fsstress (*), then all related tests can pass a 2000 run loop.
*: FSSTRESS_AVOID="-f fallocate=0 -f allocsp=0 -f zero=0 -f insert=0 \
-f collapse=0 -f punch=0 -f resvsp=0"
I didn't expect resvsp ioctl will fallback to fallocate in VFS...
[FIX]
Make dev-replace to require mandatory block group RO, and wait for current
nocow writes before calling scrub_chunk().
This patch will mostly revert commit 76a8efa171bf ("btrfs: Continue replace
when set_block_ro failed") for dev-replace path.
The side effect is, dev-replace can be more strict on avaialble space, but
definitely worth to avoid data corruption.
Reported-by: Filipe Manana <fdmanana@suse.com>
Fixes: 76a8efa171bf ("btrfs: Continue replace when set_block_ro failed")
Fixes: b12de52896c0 ("btrfs: scrub: Don't check free space before marking a block group RO")
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-01-24 07:58:20 +08:00
|
|
|
/*
|
|
|
|
* Now the target block is marked RO, wait for nocow writes to
|
|
|
|
* finish before dev-replace.
|
|
|
|
* COW is fine, as COW never overwrites extents in commit tree.
|
|
|
|
*/
|
|
|
|
if (sctx->is_dev_replace) {
|
|
|
|
btrfs_wait_nocow_writers(cache);
|
|
|
|
btrfs_wait_ordered_roots(fs_info, U64_MAX, cache->start,
|
|
|
|
cache->length);
|
|
|
|
}
|
|
|
|
|
|
|
|
scrub_pause_off(fs_info);
|
2019-10-31 18:55:01 +08:00
|
|
|
down_write(&dev_replace->rwsem);
|
2012-11-06 18:43:11 +08:00
|
|
|
dev_replace->cursor_right = found_key.offset + length;
|
|
|
|
dev_replace->cursor_left = found_key.offset;
|
|
|
|
dev_replace->item_needs_writeback = 1;
|
2018-09-07 22:11:23 +08:00
|
|
|
up_write(&dev_replace->rwsem);
|
|
|
|
|
2015-08-19 15:02:40 +08:00
|
|
|
ret = scrub_chunk(sctx, scrub_dev, chunk_offset, length,
|
2018-08-15 02:09:52 +08:00
|
|
|
found_key.offset, cache);
|
2012-11-06 18:43:11 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* flush, submit all pending read and write bios, afterwards
|
|
|
|
* wait for them.
|
|
|
|
* Note that in the dev replace case, a read request causes
|
|
|
|
* write requests that are submitted in the read completion
|
|
|
|
* worker. Therefore in the current situation, it is required
|
|
|
|
* that all write requests are flushed, so that all read and
|
|
|
|
* write requests are really completed when bios_in_flight
|
|
|
|
* changes to 0.
|
|
|
|
*/
|
2017-03-31 23:12:51 +08:00
|
|
|
sctx->flush_all_writes = true;
|
2012-11-06 18:43:11 +08:00
|
|
|
scrub_submit(sctx);
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_lock(&sctx->wr_lock);
|
2012-11-06 18:43:11 +08:00
|
|
|
scrub_wr_submit(sctx);
|
2017-05-17 01:10:32 +08:00
|
|
|
mutex_unlock(&sctx->wr_lock);
|
2012-11-06 18:43:11 +08:00
|
|
|
|
|
|
|
wait_event(sctx->list_wait,
|
|
|
|
atomic_read(&sctx->bios_in_flight) == 0);
|
2015-08-05 16:43:29 +08:00
|
|
|
|
|
|
|
scrub_pause_on(fs_info);
|
2014-02-19 19:24:17 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* must be called before we decrease @scrub_paused.
|
|
|
|
* make sure we don't block transaction commit while
|
|
|
|
* we are waiting pending workers finished.
|
|
|
|
*/
|
2012-11-06 18:43:11 +08:00
|
|
|
wait_event(sctx->list_wait,
|
|
|
|
atomic_read(&sctx->workers_pending) == 0);
|
2017-03-31 23:12:51 +08:00
|
|
|
sctx->flush_all_writes = false;
|
2014-02-19 19:24:17 +08:00
|
|
|
|
2015-08-05 16:43:29 +08:00
|
|
|
scrub_pause_off(fs_info);
|
2012-11-06 18:43:11 +08:00
|
|
|
|
2021-02-04 18:22:11 +08:00
|
|
|
if (sctx->is_dev_replace &&
|
|
|
|
!btrfs_finish_block_group_to_copy(dev_replace->srcdev,
|
|
|
|
cache, found_key.offset))
|
|
|
|
ro_set = 0;
|
|
|
|
|
2019-10-31 18:55:01 +08:00
|
|
|
down_write(&dev_replace->rwsem);
|
2016-05-15 02:44:40 +08:00
|
|
|
dev_replace->cursor_left = dev_replace->cursor_right;
|
|
|
|
dev_replace->item_needs_writeback = 1;
|
2019-10-31 18:55:01 +08:00
|
|
|
up_write(&dev_replace->rwsem);
|
2016-05-15 02:44:40 +08:00
|
|
|
|
btrfs: Continue replace when set_block_ro failed
xfstests/011 failed in node with small_size filesystem.
Can be reproduced by following script:
DEV_LIST="/dev/vdd /dev/vde"
DEV_REPLACE="/dev/vdf"
do_test()
{
local mkfs_opt="$1"
local size="$2"
dmesg -c >/dev/null
umount $SCRATCH_MNT &>/dev/null
echo mkfs.btrfs -f $mkfs_opt "${DEV_LIST[*]}"
mkfs.btrfs -f $mkfs_opt "${DEV_LIST[@]}" || return 1
mount "${DEV_LIST[0]}" $SCRATCH_MNT
echo -n "Writing big files"
dd if=/dev/urandom of=$SCRATCH_MNT/t0 bs=1M count=1 >/dev/null 2>&1
for ((i = 1; i <= size; i++)); do
echo -n .
/bin/cp $SCRATCH_MNT/t0 $SCRATCH_MNT/t$i || return 1
done
echo
echo Start replace
btrfs replace start -Bf "${DEV_LIST[0]}" "$DEV_REPLACE" $SCRATCH_MNT || {
dmesg
return 1
}
return 0
}
# Set size to value near fs size
# for example, 1897 can trigger this bug in 2.6G device.
#
./do_test "-d raid1 -m raid1" 1897
System will report replace fail with following warning in dmesg:
[ 134.710853] BTRFS: dev_replace from /dev/vdd (devid 1) to /dev/vdf started
[ 135.542390] BTRFS: btrfs_scrub_dev(/dev/vdd, 1, /dev/vdf) failed -28
[ 135.543505] ------------[ cut here ]------------
[ 135.544127] WARNING: CPU: 0 PID: 4080 at fs/btrfs/dev-replace.c:428 btrfs_dev_replace_start+0x398/0x440()
[ 135.545276] Modules linked in:
[ 135.545681] CPU: 0 PID: 4080 Comm: btrfs Not tainted 4.3.0 #256
[ 135.546439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
[ 135.547798] ffffffff81c5bfcf ffff88003cbb3d28 ffffffff817fe7b5 0000000000000000
[ 135.548774] ffff88003cbb3d60 ffffffff810a88f1 ffff88002b030000 00000000ffffffe4
[ 135.549774] ffff88003c080000 ffff88003c082588 ffff88003c28ab60 ffff88003cbb3d70
[ 135.550758] Call Trace:
[ 135.551086] [<ffffffff817fe7b5>] dump_stack+0x44/0x55
[ 135.551737] [<ffffffff810a88f1>] warn_slowpath_common+0x81/0xc0
[ 135.552487] [<ffffffff810a89e5>] warn_slowpath_null+0x15/0x20
[ 135.553211] [<ffffffff81448c88>] btrfs_dev_replace_start+0x398/0x440
[ 135.554051] [<ffffffff81412c3e>] btrfs_ioctl+0x1d2e/0x25c0
[ 135.554722] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.555506] [<ffffffff8111ab36>] ? current_kernel_time64+0x56/0xa0
[ 135.556304] [<ffffffff81201e3d>] do_vfs_ioctl+0x30d/0x580
[ 135.557009] [<ffffffff8114c7ba>] ? __audit_syscall_entry+0xaa/0xf0
[ 135.557855] [<ffffffff810011d1>] ? do_audit_syscall_entry+0x61/0x70
[ 135.558669] [<ffffffff8120d1c1>] ? __fget_light+0x61/0x90
[ 135.559374] [<ffffffff81202124>] SyS_ioctl+0x74/0x80
[ 135.559987] [<ffffffff81809857>] entry_SYSCALL_64_fastpath+0x12/0x6f
[ 135.560842] ---[ end trace 2a5c1fc3205abbdd ]---
Reason:
When big data writen to fs, the whole free space will be allocated
for data chunk.
And operation as scrub need to set_block_ro(), and when there is
only one metadata chunk in system(or other metadata chunks
are all full), the function will try to allocate a new chunk,
and failed because no space in device.
Fix:
When set_block_ro failed for metadata chunk, it is not a problem
because scrub_lock paused commit_trancaction in same time, and
metadata are always cowed, so the on-the-fly writepages will not
write data into same place with scrub/replace.
Let replace continue in this case is no problem.
Tested by above script, and xfstests/011, plus 100 times xfstests/070.
Changelog v1->v2:
1: Add detail comments in source and commit-message.
2: Add dmesg detail into commit-message.
3: Limit return value of -ENOSPC to be passed.
All suggested by: Filipe Manana <fdmanana@gmail.com>
Suggested-by: Filipe Manana <fdmanana@gmail.com>
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-11-17 18:46:17 +08:00
|
|
|
if (ro_set)
|
2016-06-23 06:54:24 +08:00
|
|
|
btrfs_dec_block_group_ro(cache);
|
2012-11-06 18:43:11 +08:00
|
|
|
|
2015-11-19 19:45:48 +08:00
|
|
|
/*
|
|
|
|
* We might have prevented the cleaner kthread from deleting
|
|
|
|
* this block group if it was already unused because we raced
|
|
|
|
* and set it to RO mode first. So add it back to the unused
|
|
|
|
* list, otherwise it might not ever be deleted unless a manual
|
|
|
|
* balance is triggered or it becomes used and unused again.
|
|
|
|
*/
|
|
|
|
spin_lock(&cache->lock);
|
|
|
|
if (!cache->removed && !cache->ro && cache->reserved == 0 &&
|
2019-10-24 00:48:11 +08:00
|
|
|
cache->used == 0) {
|
2015-11-19 19:45:48 +08:00
|
|
|
spin_unlock(&cache->lock);
|
btrfs: handle empty block_group removal for async discard
block_group removal is a little tricky. It can race with the extent
allocator, the cleaner thread, and balancing. The current path is for a
block_group to be added to the unused_bgs list. Then, when the cleaner
thread comes around, it starts a transaction and then proceeds with
removing the block_group. Extents that are pinned are subsequently
removed from the pinned trees and then eventually a discard is issued
for the entire block_group.
Async discard introduces another player into the game, the discard
workqueue. While it has none of the racing issues, the new problem is
ensuring we don't leave free space untrimmed prior to forgetting the
block_group. This is handled by placing fully free block_groups on a
separate discard queue. This is necessary to maintain discarding order
as in the future we will slowly trim even fully free block_groups. The
ordering helps us make progress on the same block_group rather than say
the last fully freed block_group or needing to search through the fully
freed block groups at the beginning of a list and insert after.
The new order of events is a fully freed block group gets placed on the
unused discard queue first. Once it's processed, it will be placed on
the unusued_bgs list and then the original sequence of events will
happen, just without the final whole block_group discard.
The mount flags can change when processing unused_bgs, so when flipping
from DISCARD to DISCARD_ASYNC, the unused_bgs must be punted to the
discard_list to be trimmed. If we flip off DISCARD_ASYNC, we punt
free block groups on the discard_list to the unused_bg queue which will
do the final discard for us.
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Dennis Zhou <dennis@kernel.org>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2019-12-14 08:22:15 +08:00
|
|
|
if (btrfs_test_opt(fs_info, DISCARD_ASYNC))
|
|
|
|
btrfs_discard_queue_work(&fs_info->discard_ctl,
|
|
|
|
cache);
|
|
|
|
else
|
|
|
|
btrfs_mark_bg_unused(cache);
|
2015-11-19 19:45:48 +08:00
|
|
|
} else {
|
|
|
|
spin_unlock(&cache->lock);
|
|
|
|
}
|
btrfs: fix race between writes to swap files and scrub
When we active a swap file, at btrfs_swap_activate(), we acquire the
exclusive operation lock to prevent the physical location of the swap
file extents to be changed by operations such as balance and device
replace/resize/remove. We also call there can_nocow_extent() which,
among other things, checks if the block group of a swap file extent is
currently RO, and if it is we can not use the extent, since a write
into it would result in COWing the extent.
However we have no protection against a scrub operation running after we
activate the swap file, which can result in the swap file extents to be
COWed while the scrub is running and operating on the respective block
group, because scrub turns a block group into RO before it processes it
and then back again to RW mode after processing it. That means an attempt
to write into a swap file extent while scrub is processing the respective
block group, will result in COWing the extent, changing its physical
location on disk.
Fix this by making sure that block groups that have extents that are used
by active swap files can not be turned into RO mode, therefore making it
not possible for a scrub to turn them into RO mode. When a scrub finds a
block group that can not be turned to RO due to the existence of extents
used by swap files, it proceeds to the next block group and logs a warning
message that mentions the block group was skipped due to active swap
files - this is the same approach we currently use for balance.
Fixes: ed46ff3d42378 ("Btrfs: support swap files")
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2021-02-05 20:55:37 +08:00
|
|
|
skip_unfreeze:
|
2020-05-08 18:01:47 +08:00
|
|
|
btrfs_unfreeze_block_group(cache);
|
2011-03-08 21:14:00 +08:00
|
|
|
btrfs_put_block_group(cache);
|
|
|
|
if (ret)
|
|
|
|
break;
|
2018-08-15 02:09:52 +08:00
|
|
|
if (sctx->is_dev_replace &&
|
2012-11-28 01:39:51 +08:00
|
|
|
atomic64_read(&dev_replace->num_write_errors) > 0) {
|
2012-11-06 18:43:11 +08:00
|
|
|
ret = -EIO;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (sctx->stat.malloc_errors > 0) {
|
|
|
|
ret = -ENOMEM;
|
|
|
|
break;
|
|
|
|
}
|
2014-06-19 10:42:51 +08:00
|
|
|
skip:
|
2011-03-08 21:14:00 +08:00
|
|
|
key.offset = found_key.offset + length;
|
2011-05-23 18:30:52 +08:00
|
|
|
btrfs_release_path(path);
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
btrfs_free_path(path);
|
2011-06-03 16:09:26 +08:00
|
|
|
|
2015-08-05 16:43:30 +08:00
|
|
|
return ret;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-11-02 20:26:57 +08:00
|
|
|
static noinline_for_stack int scrub_supers(struct scrub_ctx *sctx,
|
|
|
|
struct btrfs_device *scrub_dev)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
u64 bytenr;
|
|
|
|
u64 gen;
|
|
|
|
int ret;
|
2016-06-23 06:54:23 +08:00
|
|
|
struct btrfs_fs_info *fs_info = sctx->fs_info;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2021-10-06 04:35:25 +08:00
|
|
|
if (BTRFS_FS_ERROR(fs_info))
|
btrfs: return EROFS for BTRFS_FS_STATE_ERROR cases
Eric reported seeing this message while running generic/475
BTRFS: error (device dm-3) in btrfs_sync_log:3084: errno=-117 Filesystem corrupted
Full stack trace:
BTRFS: error (device dm-0) in btrfs_commit_transaction:2323: errno=-5 IO failure (Error while writing out transaction)
BTRFS info (device dm-0): forced readonly
BTRFS warning (device dm-0): Skipping commit of aborted transaction.
------------[ cut here ]------------
BTRFS: error (device dm-0) in cleanup_transaction:1894: errno=-5 IO failure
BTRFS: Transaction aborted (error -117)
BTRFS warning (device dm-0): direct IO failed ino 3555 rw 0,0 sector 0x1c6480 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3555 rw 0,0 sector 0x1c6488 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3555 rw 0,0 sector 0x1c6490 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3555 rw 0,0 sector 0x1c6498 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3555 rw 0,0 sector 0x1c64a0 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3555 rw 0,0 sector 0x1c64a8 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3555 rw 0,0 sector 0x1c64b0 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3555 rw 0,0 sector 0x1c64b8 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3555 rw 0,0 sector 0x1c64c0 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3572 rw 0,0 sector 0x1b85e8 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3572 rw 0,0 sector 0x1b85f0 len 4096 err no 10
WARNING: CPU: 3 PID: 23985 at fs/btrfs/tree-log.c:3084 btrfs_sync_log+0xbc8/0xd60 [btrfs]
BTRFS warning (device dm-0): direct IO failed ino 3548 rw 0,0 sector 0x1d4288 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3548 rw 0,0 sector 0x1d4290 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3548 rw 0,0 sector 0x1d4298 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3548 rw 0,0 sector 0x1d42a0 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3548 rw 0,0 sector 0x1d42a8 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3548 rw 0,0 sector 0x1d42b0 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3548 rw 0,0 sector 0x1d42b8 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3548 rw 0,0 sector 0x1d42c0 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3548 rw 0,0 sector 0x1d42c8 len 4096 err no 10
BTRFS warning (device dm-0): direct IO failed ino 3548 rw 0,0 sector 0x1d42d0 len 4096 err no 10
CPU: 3 PID: 23985 Comm: fsstress Tainted: G W L 5.8.0-rc4-default+ #1181
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014
RIP: 0010:btrfs_sync_log+0xbc8/0xd60 [btrfs]
RSP: 0018:ffff909a44d17bd0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001
RDX: ffff8f3be41cb940 RSI: ffffffffb0108d2b RDI: ffffffffb0108ff7
RBP: ffff909a44d17e70 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000037988 R12: ffff8f3bd20e4000
R13: ffff8f3bd20e4428 R14: 00000000ffffff8b R15: ffff909a44d17c70
FS: 00007f6a6ed3fb80(0000) GS:ffff8f3c3dc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6a6ed3e000 CR3: 00000000525c0003 CR4: 0000000000160ee0
Call Trace:
? finish_wait+0x90/0x90
? __mutex_unlock_slowpath+0x45/0x2a0
? lock_acquire+0xa3/0x440
? lockref_put_or_lock+0x9/0x30
? dput+0x20/0x4a0
? dput+0x20/0x4a0
? do_raw_spin_unlock+0x4b/0xc0
? _raw_spin_unlock+0x1f/0x30
btrfs_sync_file+0x335/0x490 [btrfs]
do_fsync+0x38/0x70
__x64_sys_fsync+0x10/0x20
do_syscall_64+0x50/0xe0
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f6a6ef1b6e3
Code: Bad RIP value.
RSP: 002b:00007ffd01e20038 EFLAGS: 00000246 ORIG_RAX: 000000000000004a
RAX: ffffffffffffffda RBX: 000000000007a120 RCX: 00007f6a6ef1b6e3
RDX: 00007ffd01e1ffa0 RSI: 00007ffd01e1ffa0 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000001 R09: 00007ffd01e2004c
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000009f
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
irq event stamp: 0
hardirqs last enabled at (0): [<0000000000000000>] 0x0
hardirqs last disabled at (0): [<ffffffffb007fe0b>] copy_process+0x67b/0x1b00
softirqs last enabled at (0): [<ffffffffb007fe0b>] copy_process+0x67b/0x1b00
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace af146e0e38433456 ]---
BTRFS: error (device dm-0) in btrfs_sync_log:3084: errno=-117 Filesystem corrupted
This ret came from btrfs_write_marked_extents(). If we get an aborted
transaction via EIO before, we'll see it in btree_write_cache_pages()
and return EUCLEAN, which gets printed as "Filesystem corrupted".
Except we shouldn't be returning EUCLEAN here, we need to be returning
EROFS because EUCLEAN is reserved for actual corruption, not IO errors.
We are inconsistent about our handling of BTRFS_FS_STATE_ERROR
elsewhere, but we want to use EROFS for this particular case. The
original transaction abort has the real error code for why we ended up
with an aborted transaction, all subsequent actions just need to return
EROFS because they may not have a trans handle and have no idea about
the original cause of the abort.
After patch "btrfs: don't WARN if we abort a transaction with EROFS" the
stacktrace will not be dumped either.
Reported-by: Eric Sandeen <esandeen@redhat.com>
CC: stable@vger.kernel.org # 5.4+
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ add full test stacktrace ]
Signed-off-by: David Sterba <dsterba@suse.com>
2020-07-21 22:38:37 +08:00
|
|
|
return -EROFS;
|
2012-03-12 23:03:00 +08:00
|
|
|
|
2014-07-24 11:37:09 +08:00
|
|
|
/* Seed devices of a new filesystem has their own generation. */
|
2016-06-23 06:54:23 +08:00
|
|
|
if (scrub_dev->fs_devices != fs_info->fs_devices)
|
2014-07-24 11:37:09 +08:00
|
|
|
gen = scrub_dev->generation;
|
|
|
|
else
|
2016-06-23 06:54:23 +08:00
|
|
|
gen = fs_info->last_trans_committed;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
for (i = 0; i < BTRFS_SUPER_MIRROR_MAX; i++) {
|
|
|
|
bytenr = btrfs_sb_offset(i);
|
2014-09-03 21:35:33 +08:00
|
|
|
if (bytenr + BTRFS_SUPER_INFO_SIZE >
|
|
|
|
scrub_dev->commit_total_bytes)
|
2011-03-08 21:14:00 +08:00
|
|
|
break;
|
btrfs: implement log-structured superblock for ZONED mode
Superblock (and its copies) is the only data structure in btrfs which
has a fixed location on a device. Since we cannot overwrite in a
sequential write required zone, we cannot place superblock in the zone.
One easy solution is limiting superblock and copies to be placed only in
conventional zones. However, this method has two downsides: one is
reduced number of superblock copies. The location of the second copy of
superblock is 256GB, which is in a sequential write required zone on
typical devices in the market today. So, the number of superblock and
copies is limited to be two. Second downside is that we cannot support
devices which have no conventional zones at all.
To solve these two problems, we employ superblock log writing. It uses
two adjacent zones as a circular buffer to write updated superblocks.
Once the first zone is filled up, start writing into the second one.
Then, when both zones are filled up and before starting to write to the
first zone again, it reset the first zone.
We can determine the position of the latest superblock by reading write
pointer information from a device. One corner case is when both zones
are full. For this situation, we read out the last superblock of each
zone, and compare them to determine which zone is older.
The following zones are reserved as the circular buffer on ZONED btrfs.
- The primary superblock: zones 0 and 1
- The first copy: zones 16 and 17
- The second copy: zones 1024 or zone at 256GB which is minimum, and
next to it
If these reserved zones are conventional, superblock is written fixed at
the start of the zone without logging.
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-11-10 19:26:14 +08:00
|
|
|
if (!btrfs_check_super_location(scrub_dev, bytenr))
|
|
|
|
continue;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
ret = scrub_pages(sctx, bytenr, BTRFS_SUPER_INFO_SIZE, bytenr,
|
2012-11-02 20:26:57 +08:00
|
|
|
scrub_dev, BTRFS_EXTENT_FLAG_SUPER, gen, i,
|
2020-11-03 21:31:02 +08:00
|
|
|
NULL, bytenr);
|
2011-03-08 21:14:00 +08:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
}
|
2012-11-02 23:44:58 +08:00
|
|
|
wait_event(sctx->list_wait, atomic_read(&sctx->bios_in_flight) == 0);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
static void scrub_workers_put(struct btrfs_fs_info *fs_info)
|
|
|
|
{
|
|
|
|
if (refcount_dec_and_mutex_lock(&fs_info->scrub_workers_refcnt,
|
|
|
|
&fs_info->scrub_lock)) {
|
|
|
|
struct btrfs_workqueue *scrub_workers = NULL;
|
|
|
|
struct btrfs_workqueue *scrub_wr_comp = NULL;
|
|
|
|
struct btrfs_workqueue *scrub_parity = NULL;
|
|
|
|
|
|
|
|
scrub_workers = fs_info->scrub_workers;
|
|
|
|
scrub_wr_comp = fs_info->scrub_wr_completion_workers;
|
|
|
|
scrub_parity = fs_info->scrub_parity_workers;
|
|
|
|
|
|
|
|
fs_info->scrub_workers = NULL;
|
|
|
|
fs_info->scrub_wr_completion_workers = NULL;
|
|
|
|
fs_info->scrub_parity_workers = NULL;
|
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
|
|
|
|
btrfs_destroy_workqueue(scrub_workers);
|
|
|
|
btrfs_destroy_workqueue(scrub_wr_comp);
|
|
|
|
btrfs_destroy_workqueue(scrub_parity);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
/*
|
|
|
|
* get a reference count on fs_info->scrub_workers. start worker if necessary
|
|
|
|
*/
|
2012-11-06 18:43:11 +08:00
|
|
|
static noinline_for_stack int scrub_workers_get(struct btrfs_fs_info *fs_info,
|
|
|
|
int is_dev_replace)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
struct btrfs_workqueue *scrub_workers = NULL;
|
|
|
|
struct btrfs_workqueue *scrub_wr_comp = NULL;
|
|
|
|
struct btrfs_workqueue *scrub_parity = NULL;
|
2015-02-17 01:34:01 +08:00
|
|
|
unsigned int flags = WQ_FREEZABLE | WQ_UNBOUND;
|
2014-02-28 10:46:17 +08:00
|
|
|
int max_active = fs_info->thread_pool_size;
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
int ret = -ENOMEM;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
if (refcount_inc_not_zero(&fs_info->scrub_workers_refcnt))
|
|
|
|
return 0;
|
2019-01-30 14:45:01 +08:00
|
|
|
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
scrub_workers = btrfs_alloc_workqueue(fs_info, "scrub", flags,
|
|
|
|
is_dev_replace ? 1 : max_active, 4);
|
|
|
|
if (!scrub_workers)
|
|
|
|
goto fail_scrub_workers;
|
2015-06-12 20:36:58 +08:00
|
|
|
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
scrub_wr_comp = btrfs_alloc_workqueue(fs_info, "scrubwrc", flags,
|
2015-06-04 20:09:15 +08:00
|
|
|
max_active, 2);
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
if (!scrub_wr_comp)
|
|
|
|
goto fail_scrub_wr_completion_workers;
|
2019-01-30 14:45:02 +08:00
|
|
|
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
scrub_parity = btrfs_alloc_workqueue(fs_info, "scrubparity", flags,
|
|
|
|
max_active, 2);
|
|
|
|
if (!scrub_parity)
|
|
|
|
goto fail_scrub_parity_workers;
|
|
|
|
|
|
|
|
mutex_lock(&fs_info->scrub_lock);
|
|
|
|
if (refcount_read(&fs_info->scrub_workers_refcnt) == 0) {
|
|
|
|
ASSERT(fs_info->scrub_workers == NULL &&
|
|
|
|
fs_info->scrub_wr_completion_workers == NULL &&
|
|
|
|
fs_info->scrub_parity_workers == NULL);
|
|
|
|
fs_info->scrub_workers = scrub_workers;
|
|
|
|
fs_info->scrub_wr_completion_workers = scrub_wr_comp;
|
|
|
|
fs_info->scrub_parity_workers = scrub_parity;
|
2019-01-30 14:45:02 +08:00
|
|
|
refcount_set(&fs_info->scrub_workers_refcnt, 1);
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
return 0;
|
2011-06-10 18:07:07 +08:00
|
|
|
}
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
/* Other thread raced in and created the workers for us */
|
|
|
|
refcount_inc(&fs_info->scrub_workers_refcnt);
|
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
2015-06-12 20:36:58 +08:00
|
|
|
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
ret = 0;
|
|
|
|
btrfs_destroy_workqueue(scrub_parity);
|
2015-06-12 20:36:58 +08:00
|
|
|
fail_scrub_parity_workers:
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
btrfs_destroy_workqueue(scrub_wr_comp);
|
2015-06-12 20:36:58 +08:00
|
|
|
fail_scrub_wr_completion_workers:
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
btrfs_destroy_workqueue(scrub_workers);
|
2015-06-12 20:36:58 +08:00
|
|
|
fail_scrub_workers:
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
return ret;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2012-11-06 00:03:39 +08:00
|
|
|
int btrfs_scrub_dev(struct btrfs_fs_info *fs_info, u64 devid, u64 start,
|
|
|
|
u64 end, struct btrfs_scrub_progress *progress,
|
2012-11-06 01:29:28 +08:00
|
|
|
int readonly, int is_dev_replace)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
2021-10-06 04:12:42 +08:00
|
|
|
struct btrfs_dev_lookup_args args = { .devid = devid };
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx *sctx;
|
2011-03-08 21:14:00 +08:00
|
|
|
int ret;
|
|
|
|
struct btrfs_device *dev;
|
Btrfs: fix deadlock with memory reclaim during scrub
When a transaction commit starts, it attempts to pause scrub and it blocks
until the scrub is paused. So while the transaction is blocked waiting for
scrub to pause, we can not do memory allocation with GFP_KERNEL from scrub,
otherwise we risk getting into a deadlock with reclaim.
Checking for scrub pause requests is done early at the beginning of the
while loop of scrub_stripe() and later in the loop, scrub_extent() and
scrub_raid56_parity() are called, which in turn call scrub_pages() and
scrub_pages_for_parity() respectively. These last two functions do memory
allocations using GFP_KERNEL. Same problem could happen while scrubbing
the super blocks, since it calls scrub_pages().
We also can not have any of the worker tasks, created by the scrub task,
doing GFP_KERNEL allocations, because before pausing, the scrub task waits
for all the worker tasks to complete (also done at scrub_stripe()).
So make sure GFP_NOFS is used for the memory allocations because at any
time a scrub pause request can happen from another task that started to
commit a transaction.
Fixes: 58c4e173847a ("btrfs: scrub: use GFP_KERNEL on the submission path")
CC: stable@vger.kernel.org # 4.6+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-11-27 04:07:17 +08:00
|
|
|
unsigned int nofs_flag;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-11-06 00:03:39 +08:00
|
|
|
if (btrfs_fs_closing(fs_info))
|
2019-02-26 02:57:41 +08:00
|
|
|
return -EAGAIN;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2016-06-15 21:22:56 +08:00
|
|
|
if (fs_info->nodesize > BTRFS_STRIPE_LEN) {
|
2012-03-28 02:21:27 +08:00
|
|
|
/*
|
|
|
|
* in this case scrub is unable to calculate the checksum
|
|
|
|
* the way scrub is implemented. Do not handle this
|
|
|
|
* situation at all because it won't ever happen.
|
|
|
|
*/
|
2013-12-21 00:37:06 +08:00
|
|
|
btrfs_err(fs_info,
|
|
|
|
"scrub: size assumption nodesize <= BTRFS_STRIPE_LEN (%d <= %d) fails",
|
2016-06-15 21:22:56 +08:00
|
|
|
fs_info->nodesize,
|
|
|
|
BTRFS_STRIPE_LEN);
|
2012-03-28 02:21:27 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2016-06-15 21:22:56 +08:00
|
|
|
if (fs_info->nodesize >
|
2012-11-02 21:58:04 +08:00
|
|
|
PAGE_SIZE * SCRUB_MAX_PAGES_PER_BLOCK ||
|
2016-06-15 21:22:56 +08:00
|
|
|
fs_info->sectorsize > PAGE_SIZE * SCRUB_MAX_PAGES_PER_BLOCK) {
|
2012-11-02 21:58:04 +08:00
|
|
|
/*
|
|
|
|
* would exhaust the array bounds of pagev member in
|
|
|
|
* struct scrub_block
|
|
|
|
*/
|
2016-09-20 22:05:00 +08:00
|
|
|
btrfs_err(fs_info,
|
|
|
|
"scrub: size assumption nodesize and sectorsize <= SCRUB_MAX_PAGES_PER_BLOCK (%d <= %d && %d <= %d) fails",
|
2016-06-15 21:22:56 +08:00
|
|
|
fs_info->nodesize,
|
2012-11-02 21:58:04 +08:00
|
|
|
SCRUB_MAX_PAGES_PER_BLOCK,
|
2016-06-15 21:22:56 +08:00
|
|
|
fs_info->sectorsize,
|
2012-11-02 21:58:04 +08:00
|
|
|
SCRUB_MAX_PAGES_PER_BLOCK);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2018-12-04 23:11:56 +08:00
|
|
|
/* Allocate outside of device_list_mutex */
|
|
|
|
sctx = scrub_setup_ctx(fs_info, is_dev_replace);
|
|
|
|
if (IS_ERR(sctx))
|
|
|
|
return PTR_ERR(sctx);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
ret = scrub_workers_get(fs_info, is_dev_replace);
|
|
|
|
if (ret)
|
|
|
|
goto out_free_ctx;
|
|
|
|
|
2012-11-06 00:03:39 +08:00
|
|
|
mutex_lock(&fs_info->fs_devices->device_list_mutex);
|
2021-10-06 04:12:42 +08:00
|
|
|
dev = btrfs_find_device(fs_info->fs_devices, &args);
|
2017-12-04 12:54:54 +08:00
|
|
|
if (!dev || (test_bit(BTRFS_DEV_STATE_MISSING, &dev->dev_state) &&
|
|
|
|
!is_dev_replace)) {
|
2012-11-06 00:03:39 +08:00
|
|
|
mutex_unlock(&fs_info->fs_devices->device_list_mutex);
|
2018-12-04 23:11:56 +08:00
|
|
|
ret = -ENODEV;
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
goto out;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2017-12-04 12:54:52 +08:00
|
|
|
if (!is_dev_replace && !readonly &&
|
|
|
|
!test_bit(BTRFS_DEV_STATE_WRITEABLE, &dev->dev_state)) {
|
2014-07-24 11:37:07 +08:00
|
|
|
mutex_unlock(&fs_info->fs_devices->device_list_mutex);
|
2020-07-09 17:25:40 +08:00
|
|
|
btrfs_err_in_rcu(fs_info,
|
|
|
|
"scrub on devid %llu: filesystem on %s is not writable",
|
|
|
|
devid, rcu_str_deref(dev->name));
|
2018-12-04 23:11:56 +08:00
|
|
|
ret = -EROFS;
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
goto out;
|
2014-07-24 11:37:07 +08:00
|
|
|
}
|
|
|
|
|
2013-10-12 02:11:12 +08:00
|
|
|
mutex_lock(&fs_info->scrub_lock);
|
2017-12-04 12:54:53 +08:00
|
|
|
if (!test_bit(BTRFS_DEV_STATE_IN_FS_METADATA, &dev->dev_state) ||
|
2017-12-04 12:54:55 +08:00
|
|
|
test_bit(BTRFS_DEV_STATE_REPLACE_TGT, &dev->dev_state)) {
|
2011-03-08 21:14:00 +08:00
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
2012-11-06 00:03:39 +08:00
|
|
|
mutex_unlock(&fs_info->fs_devices->device_list_mutex);
|
2018-12-04 23:11:56 +08:00
|
|
|
ret = -EIO;
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
goto out;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
|
|
|
|
2018-09-07 22:11:23 +08:00
|
|
|
down_read(&fs_info->dev_replace.rwsem);
|
2018-01-03 16:08:30 +08:00
|
|
|
if (dev->scrub_ctx ||
|
2012-11-06 20:15:27 +08:00
|
|
|
(!is_dev_replace &&
|
|
|
|
btrfs_dev_replace_is_ongoing(&fs_info->dev_replace))) {
|
2018-09-07 22:11:23 +08:00
|
|
|
up_read(&fs_info->dev_replace.rwsem);
|
2011-03-08 21:14:00 +08:00
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
2012-11-06 00:03:39 +08:00
|
|
|
mutex_unlock(&fs_info->fs_devices->device_list_mutex);
|
2018-12-04 23:11:56 +08:00
|
|
|
ret = -EINPROGRESS;
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
goto out;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
2018-09-07 22:11:23 +08:00
|
|
|
up_read(&fs_info->dev_replace.rwsem);
|
2013-10-12 02:11:12 +08:00
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
sctx->readonly = readonly;
|
2018-01-03 16:08:30 +08:00
|
|
|
dev->scrub_ctx = sctx;
|
2013-12-04 21:15:19 +08:00
|
|
|
mutex_unlock(&fs_info->fs_devices->device_list_mutex);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2013-12-04 21:15:19 +08:00
|
|
|
/*
|
|
|
|
* checking @scrub_pause_req here, we can avoid
|
|
|
|
* race between committing transaction and scrubbing.
|
|
|
|
*/
|
2013-12-04 21:16:53 +08:00
|
|
|
__scrub_blocked_if_needed(fs_info);
|
2011-03-08 21:14:00 +08:00
|
|
|
atomic_inc(&fs_info->scrubs_running);
|
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
|
Btrfs: fix deadlock with memory reclaim during scrub
When a transaction commit starts, it attempts to pause scrub and it blocks
until the scrub is paused. So while the transaction is blocked waiting for
scrub to pause, we can not do memory allocation with GFP_KERNEL from scrub,
otherwise we risk getting into a deadlock with reclaim.
Checking for scrub pause requests is done early at the beginning of the
while loop of scrub_stripe() and later in the loop, scrub_extent() and
scrub_raid56_parity() are called, which in turn call scrub_pages() and
scrub_pages_for_parity() respectively. These last two functions do memory
allocations using GFP_KERNEL. Same problem could happen while scrubbing
the super blocks, since it calls scrub_pages().
We also can not have any of the worker tasks, created by the scrub task,
doing GFP_KERNEL allocations, because before pausing, the scrub task waits
for all the worker tasks to complete (also done at scrub_stripe()).
So make sure GFP_NOFS is used for the memory allocations because at any
time a scrub pause request can happen from another task that started to
commit a transaction.
Fixes: 58c4e173847a ("btrfs: scrub: use GFP_KERNEL on the submission path")
CC: stable@vger.kernel.org # 4.6+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-11-27 04:07:17 +08:00
|
|
|
/*
|
|
|
|
* In order to avoid deadlock with reclaim when there is a transaction
|
|
|
|
* trying to pause scrub, make sure we use GFP_NOFS for all the
|
|
|
|
* allocations done at btrfs_scrub_pages() and scrub_pages_for_parity()
|
|
|
|
* invoked by our callees. The pausing request is done when the
|
|
|
|
* transaction commit starts, and it blocks the transaction until scrub
|
|
|
|
* is paused (done at specific points at scrub_stripe() or right above
|
|
|
|
* before incrementing fs_info->scrubs_running).
|
|
|
|
*/
|
|
|
|
nofs_flag = memalloc_nofs_save();
|
2012-11-06 18:43:11 +08:00
|
|
|
if (!is_dev_replace) {
|
2019-01-03 16:17:40 +08:00
|
|
|
btrfs_info(fs_info, "scrub: started on devid %llu", devid);
|
2013-10-25 19:12:02 +08:00
|
|
|
/*
|
|
|
|
* by holding device list mutex, we can
|
|
|
|
* kick off writing super in log tree sync.
|
|
|
|
*/
|
2013-12-04 21:15:19 +08:00
|
|
|
mutex_lock(&fs_info->fs_devices->device_list_mutex);
|
2012-11-06 18:43:11 +08:00
|
|
|
ret = scrub_supers(sctx, dev);
|
2013-12-04 21:15:19 +08:00
|
|
|
mutex_unlock(&fs_info->fs_devices->device_list_mutex);
|
2012-11-06 18:43:11 +08:00
|
|
|
}
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
if (!ret)
|
2018-08-15 02:09:52 +08:00
|
|
|
ret = scrub_enumerate_chunks(sctx, dev, start, end);
|
Btrfs: fix deadlock with memory reclaim during scrub
When a transaction commit starts, it attempts to pause scrub and it blocks
until the scrub is paused. So while the transaction is blocked waiting for
scrub to pause, we can not do memory allocation with GFP_KERNEL from scrub,
otherwise we risk getting into a deadlock with reclaim.
Checking for scrub pause requests is done early at the beginning of the
while loop of scrub_stripe() and later in the loop, scrub_extent() and
scrub_raid56_parity() are called, which in turn call scrub_pages() and
scrub_pages_for_parity() respectively. These last two functions do memory
allocations using GFP_KERNEL. Same problem could happen while scrubbing
the super blocks, since it calls scrub_pages().
We also can not have any of the worker tasks, created by the scrub task,
doing GFP_KERNEL allocations, because before pausing, the scrub task waits
for all the worker tasks to complete (also done at scrub_stripe()).
So make sure GFP_NOFS is used for the memory allocations because at any
time a scrub pause request can happen from another task that started to
commit a transaction.
Fixes: 58c4e173847a ("btrfs: scrub: use GFP_KERNEL on the submission path")
CC: stable@vger.kernel.org # 4.6+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-11-27 04:07:17 +08:00
|
|
|
memalloc_nofs_restore(nofs_flag);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2012-11-02 23:44:58 +08:00
|
|
|
wait_event(sctx->list_wait, atomic_read(&sctx->bios_in_flight) == 0);
|
2011-03-08 21:14:00 +08:00
|
|
|
atomic_dec(&fs_info->scrubs_running);
|
|
|
|
wake_up(&fs_info->scrub_pause_wait);
|
|
|
|
|
2012-11-02 23:44:58 +08:00
|
|
|
wait_event(sctx->list_wait, atomic_read(&sctx->workers_pending) == 0);
|
2011-06-14 02:04:15 +08:00
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
if (progress)
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
memcpy(progress, &sctx->stat, sizeof(*progress));
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2019-01-03 16:17:40 +08:00
|
|
|
if (!is_dev_replace)
|
|
|
|
btrfs_info(fs_info, "scrub: %s on devid %llu with status: %d",
|
|
|
|
ret ? "not finished" : "finished", devid, ret);
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
mutex_lock(&fs_info->scrub_lock);
|
2018-01-03 16:08:30 +08:00
|
|
|
dev->scrub_ctx = NULL;
|
2011-03-08 21:14:00 +08:00
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
scrub_workers_put(fs_info);
|
2015-02-10 05:14:24 +08:00
|
|
|
scrub_put_ctx(sctx);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2018-12-04 23:11:56 +08:00
|
|
|
return ret;
|
btrfs: allocate scrub workqueues outside of locks
I got the following lockdep splat while testing:
======================================================
WARNING: possible circular locking dependency detected
5.8.0-rc7-00172-g021118712e59 #932 Not tainted
------------------------------------------------------
btrfs/229626 is trying to acquire lock:
ffffffff828513f0 (cpu_hotplug_lock){++++}-{0:0}, at: alloc_workqueue+0x378/0x450
but task is already holding lock:
ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&fs_info->scrub_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_scrub_dev+0x11c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #6 (&fs_devs->device_list_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_run_dev_stats+0x49/0x480
commit_cowonly_roots+0xb5/0x2a0
btrfs_commit_transaction+0x516/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #5 (&fs_info->tree_log_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_commit_transaction+0x4bb/0xa60
sync_filesystem+0x6b/0x90
generic_shutdown_super+0x22/0x100
kill_anon_super+0xe/0x30
btrfs_kill_super+0x12/0x20
deactivate_locked_super+0x29/0x60
cleanup_mnt+0xb8/0x140
task_work_run+0x6d/0xb0
__prepare_exit_to_usermode+0x1cc/0x1e0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #4 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
btrfs_record_root_in_trans+0x43/0x70
start_transaction+0xd1/0x5d0
btrfs_dirty_inode+0x42/0xd0
touch_atime+0xa1/0xd0
btrfs_file_mmap+0x3f/0x60
mmap_region+0x3a4/0x640
do_mmap+0x376/0x580
vm_mmap_pgoff+0xd5/0x120
ksys_mmap_pgoff+0x193/0x230
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
__might_fault+0x68/0x90
_copy_to_user+0x1e/0x80
perf_read+0x141/0x2c0
vfs_read+0xad/0x1b0
ksys_read+0x5f/0xe0
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
-> #2 (&cpuctx_mutex){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x88/0x150
perf_event_init+0x1db/0x20b
start_kernel+0x3ae/0x53c
secondary_startup_64+0xa4/0xb0
-> #1 (pmus_lock){+.+.}-{3:3}:
__mutex_lock+0x9f/0x930
perf_event_init_cpu+0x4f/0x150
cpuhp_invoke_callback+0xb1/0x900
_cpu_up.constprop.26+0x9f/0x130
cpu_up+0x7b/0xc0
bringup_nonboot_cpus+0x4f/0x60
smp_init+0x26/0x71
kernel_init_freeable+0x110/0x258
kernel_init+0xa/0x103
ret_from_fork+0x1f/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
cpus_read_lock+0x39/0xb0
alloc_workqueue+0x378/0x450
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
other info that might help us debug this:
Chain exists of:
cpu_hotplug_lock --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
2 locks held by btrfs/229626:
#0: ffff88bfe8bb86e0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_scrub_dev+0xbd/0x630
#1: ffff889dd3889518 (&fs_info->scrub_lock){+.+.}-{3:3}, at: btrfs_scrub_dev+0x11c/0x630
stack backtrace:
CPU: 15 PID: 229626 Comm: btrfs Kdump: loaded Not tainted 5.8.0-rc7-00172-g021118712e59 #932
Hardware name: Quanta Tioga Pass Single Side 01-0030993006/Tioga Pass Single Side, BIOS F08_3A18 12/20/2018
Call Trace:
dump_stack+0x78/0xa0
check_noncircular+0x165/0x180
__lock_acquire+0x1272/0x2310
lock_acquire+0x9e/0x360
? alloc_workqueue+0x378/0x450
cpus_read_lock+0x39/0xb0
? alloc_workqueue+0x378/0x450
alloc_workqueue+0x378/0x450
? rcu_read_lock_sched_held+0x52/0x80
__btrfs_alloc_workqueue+0x15d/0x200
btrfs_alloc_workqueue+0x51/0x160
scrub_workers_get+0x5a/0x170
btrfs_scrub_dev+0x18c/0x630
? start_transaction+0xd1/0x5d0
btrfs_dev_replace_by_ioctl.cold.21+0x10a/0x1d4
btrfs_ioctl+0x2799/0x30a0
? do_sigaction+0x102/0x250
? lockdep_hardirqs_on_prepare+0xca/0x160
? _raw_spin_unlock_irq+0x24/0x30
? trace_hardirqs_on+0x1c/0xe0
? _raw_spin_unlock_irq+0x24/0x30
? do_sigaction+0x102/0x250
? ksys_ioctl+0x83/0xc0
ksys_ioctl+0x83/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x50/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This happens because we're allocating the scrub workqueues under the
scrub and device list mutex, which brings in a whole host of other
dependencies.
Because the work queue allocation is done with GFP_KERNEL, it can
trigger reclaim, which can lead to a transaction commit, which in turns
needs the device_list_mutex, it can lead to a deadlock. A different
problem for which this fix is a solution.
Fix this by moving the actual allocation outside of the
scrub lock, and then only take the lock once we're ready to actually
assign them to the fs_info. We'll now have to cleanup the workqueues in
a few more places, so I've added a helper to do the refcount dance to
safely free the workqueues.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-08-10 23:42:29 +08:00
|
|
|
out:
|
|
|
|
scrub_workers_put(fs_info);
|
2018-12-04 23:11:56 +08:00
|
|
|
out_free_ctx:
|
|
|
|
scrub_free_ctx(sctx);
|
|
|
|
|
2011-03-08 21:14:00 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2016-06-23 06:54:24 +08:00
|
|
|
void btrfs_scrub_pause(struct btrfs_fs_info *fs_info)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
|
|
|
mutex_lock(&fs_info->scrub_lock);
|
|
|
|
atomic_inc(&fs_info->scrub_pause_req);
|
|
|
|
while (atomic_read(&fs_info->scrubs_paused) !=
|
|
|
|
atomic_read(&fs_info->scrubs_running)) {
|
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
wait_event(fs_info->scrub_pause_wait,
|
|
|
|
atomic_read(&fs_info->scrubs_paused) ==
|
|
|
|
atomic_read(&fs_info->scrubs_running));
|
|
|
|
mutex_lock(&fs_info->scrub_lock);
|
|
|
|
}
|
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
}
|
|
|
|
|
2016-06-23 06:54:24 +08:00
|
|
|
void btrfs_scrub_continue(struct btrfs_fs_info *fs_info)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
|
|
|
atomic_dec(&fs_info->scrub_pause_req);
|
|
|
|
wake_up(&fs_info->scrub_pause_wait);
|
|
|
|
}
|
|
|
|
|
2012-11-06 00:03:39 +08:00
|
|
|
int btrfs_scrub_cancel(struct btrfs_fs_info *fs_info)
|
2011-03-08 21:14:00 +08:00
|
|
|
{
|
|
|
|
mutex_lock(&fs_info->scrub_lock);
|
|
|
|
if (!atomic_read(&fs_info->scrubs_running)) {
|
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
return -ENOTCONN;
|
|
|
|
}
|
|
|
|
|
|
|
|
atomic_inc(&fs_info->scrub_cancel_req);
|
|
|
|
while (atomic_read(&fs_info->scrubs_running)) {
|
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
wait_event(fs_info->scrub_pause_wait,
|
|
|
|
atomic_read(&fs_info->scrubs_running) == 0);
|
|
|
|
mutex_lock(&fs_info->scrub_lock);
|
|
|
|
}
|
|
|
|
atomic_dec(&fs_info->scrub_cancel_req);
|
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-03-20 23:32:55 +08:00
|
|
|
int btrfs_scrub_cancel_dev(struct btrfs_device *dev)
|
2012-03-02 00:24:58 +08:00
|
|
|
{
|
2019-03-20 23:32:55 +08:00
|
|
|
struct btrfs_fs_info *fs_info = dev->fs_info;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx *sctx;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
|
|
|
mutex_lock(&fs_info->scrub_lock);
|
2018-01-03 16:08:30 +08:00
|
|
|
sctx = dev->scrub_ctx;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
if (!sctx) {
|
2011-03-08 21:14:00 +08:00
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
return -ENOTCONN;
|
|
|
|
}
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
atomic_inc(&sctx->cancel_req);
|
2018-01-03 16:08:30 +08:00
|
|
|
while (dev->scrub_ctx) {
|
2011-03-08 21:14:00 +08:00
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
wait_event(fs_info->scrub_pause_wait,
|
2018-01-03 16:08:30 +08:00
|
|
|
dev->scrub_ctx == NULL);
|
2011-03-08 21:14:00 +08:00
|
|
|
mutex_lock(&fs_info->scrub_lock);
|
|
|
|
}
|
|
|
|
mutex_unlock(&fs_info->scrub_lock);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2012-03-28 02:21:26 +08:00
|
|
|
|
2016-06-23 06:54:24 +08:00
|
|
|
int btrfs_scrub_progress(struct btrfs_fs_info *fs_info, u64 devid,
|
2011-03-08 21:14:00 +08:00
|
|
|
struct btrfs_scrub_progress *progress)
|
|
|
|
{
|
2021-10-06 04:12:42 +08:00
|
|
|
struct btrfs_dev_lookup_args args = { .devid = devid };
|
2011-03-08 21:14:00 +08:00
|
|
|
struct btrfs_device *dev;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
struct scrub_ctx *sctx = NULL;
|
2011-03-08 21:14:00 +08:00
|
|
|
|
2016-06-23 06:54:23 +08:00
|
|
|
mutex_lock(&fs_info->fs_devices->device_list_mutex);
|
2021-10-06 04:12:42 +08:00
|
|
|
dev = btrfs_find_device(fs_info->fs_devices, &args);
|
2011-03-08 21:14:00 +08:00
|
|
|
if (dev)
|
2018-01-03 16:08:30 +08:00
|
|
|
sctx = dev->scrub_ctx;
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
if (sctx)
|
|
|
|
memcpy(progress, &sctx->stat, sizeof(*progress));
|
2016-06-23 06:54:23 +08:00
|
|
|
mutex_unlock(&fs_info->fs_devices->device_list_mutex);
|
2011-03-08 21:14:00 +08:00
|
|
|
|
Btrfs: rename the scrub context structure
The device replace procedure makes use of the scrub code. The scrub
code is the most efficient code to read the allocated data of a disk,
i.e. it reads sequentially in order to avoid disk head movements, it
skips unallocated blocks, it uses read ahead mechanisms, and it
contains all the code to detect and repair defects.
This commit is a first preparation step to adapt the scrub code to
be shareable for the device replace procedure.
The block device will be removed from the scrub context state
structure in a later step. It used to be the source block device.
The scrub code as it is used for the device replace procedure reads
the source data from whereever it is optimal. The source device might
even be gone (disconnected, for instance due to a hardware failure).
Or the drive can be so faulty so that the device replace procedure
tries to avoid access to the faulty source drive as much as possible,
and only if all other mirrors are damaged, as a last resort, the
source disk is accessed.
The modified scrub code operates as if it would handle the source
drive and thereby generates an exact copy of the source disk on the
target disk, even if the source disk is not present at all. Therefore
the block device pointer to the source disk is removed in a later
patch, and therefore the context structure is renamed (this is the
goal of the current patch) to reflect that no source block device
scope is there anymore.
Summary:
This first preparation step consists of a textual substitution of the
term "dev" to the term "ctx" whereever the scrub context is used.
Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-11-02 16:58:09 +08:00
|
|
|
return dev ? (sctx ? 0 : -ENOTCONN) : -ENODEV;
|
2011-03-08 21:14:00 +08:00
|
|
|
}
|
2012-11-06 18:43:11 +08:00
|
|
|
|
|
|
|
static void scrub_remap_extent(struct btrfs_fs_info *fs_info,
|
2020-12-02 14:48:07 +08:00
|
|
|
u64 extent_logical, u32 extent_len,
|
2012-11-06 18:43:11 +08:00
|
|
|
u64 *extent_physical,
|
|
|
|
struct btrfs_device **extent_dev,
|
|
|
|
int *extent_mirror_num)
|
|
|
|
{
|
|
|
|
u64 mapped_length;
|
2021-09-15 15:17:16 +08:00
|
|
|
struct btrfs_io_context *bioc = NULL;
|
2012-11-06 18:43:11 +08:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
mapped_length = extent_len;
|
2016-10-27 15:27:36 +08:00
|
|
|
ret = btrfs_map_block(fs_info, BTRFS_MAP_READ, extent_logical,
|
2021-09-15 15:17:16 +08:00
|
|
|
&mapped_length, &bioc, 0);
|
|
|
|
if (ret || !bioc || mapped_length < extent_len ||
|
|
|
|
!bioc->stripes[0].dev->bdev) {
|
|
|
|
btrfs_put_bioc(bioc);
|
2012-11-06 18:43:11 +08:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-09-15 15:17:16 +08:00
|
|
|
*extent_physical = bioc->stripes[0].physical;
|
|
|
|
*extent_mirror_num = bioc->mirror_num;
|
|
|
|
*extent_dev = bioc->stripes[0].dev;
|
|
|
|
btrfs_put_bioc(bioc);
|
2012-11-06 18:43:11 +08:00
|
|
|
}
|