2023-06-06 18:41:03 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2022 Fujitsu. All Rights Reserved.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "xfs.h"
|
|
|
|
|
#include "xfs_shared.h"
|
|
|
|
|
#include "xfs_format.h"
|
|
|
|
|
#include "xfs_log_format.h"
|
|
|
|
|
#include "xfs_trans_resv.h"
|
|
|
|
|
#include "xfs_mount.h"
|
|
|
|
|
#include "xfs_alloc.h"
|
|
|
|
|
#include "xfs_bit.h"
|
|
|
|
|
#include "xfs_btree.h"
|
|
|
|
|
#include "xfs_inode.h"
|
|
|
|
|
#include "xfs_icache.h"
|
|
|
|
|
#include "xfs_rmap.h"
|
|
|
|
|
#include "xfs_rmap_btree.h"
|
|
|
|
|
#include "xfs_rtalloc.h"
|
|
|
|
|
#include "xfs_trans.h"
|
|
|
|
|
#include "xfs_ag.h"
|
|
|
|
|
|
|
|
|
|
#include <linux/mm.h>
|
|
|
|
|
#include <linux/dax.h>
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
#include <linux/fs.h>
|
2023-06-06 18:41:03 +00:00
|
|
|
|
2023-06-06 18:41:06 +00:00
|
|
|
struct xfs_failure_info {
|
2023-06-06 18:41:03 +00:00
|
|
|
xfs_agblock_t startblock;
|
|
|
|
|
xfs_extlen_t blockcount;
|
|
|
|
|
int mf_flags;
|
2023-06-06 18:41:06 +00:00
|
|
|
bool want_shutdown;
|
2023-06-06 18:41:03 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static pgoff_t
|
|
|
|
|
xfs_failure_pgoff(
|
|
|
|
|
struct xfs_mount *mp,
|
|
|
|
|
const struct xfs_rmap_irec *rec,
|
2023-06-06 18:41:06 +00:00
|
|
|
const struct xfs_failure_info *notify)
|
2023-06-06 18:41:03 +00:00
|
|
|
{
|
|
|
|
|
loff_t pos = XFS_FSB_TO_B(mp, rec->rm_offset);
|
|
|
|
|
|
|
|
|
|
if (notify->startblock > rec->rm_startblock)
|
|
|
|
|
pos += XFS_FSB_TO_B(mp,
|
|
|
|
|
notify->startblock - rec->rm_startblock);
|
|
|
|
|
return pos >> PAGE_SHIFT;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static unsigned long
|
|
|
|
|
xfs_failure_pgcnt(
|
|
|
|
|
struct xfs_mount *mp,
|
|
|
|
|
const struct xfs_rmap_irec *rec,
|
2023-06-06 18:41:06 +00:00
|
|
|
const struct xfs_failure_info *notify)
|
2023-06-06 18:41:03 +00:00
|
|
|
{
|
|
|
|
|
xfs_agblock_t end_rec;
|
|
|
|
|
xfs_agblock_t end_notify;
|
|
|
|
|
xfs_agblock_t start_cross;
|
|
|
|
|
xfs_agblock_t end_cross;
|
|
|
|
|
|
|
|
|
|
start_cross = max(rec->rm_startblock, notify->startblock);
|
|
|
|
|
|
|
|
|
|
end_rec = rec->rm_startblock + rec->rm_blockcount;
|
|
|
|
|
end_notify = notify->startblock + notify->blockcount;
|
|
|
|
|
end_cross = min(end_rec, end_notify);
|
|
|
|
|
|
|
|
|
|
return XFS_FSB_TO_B(mp, end_cross - start_cross) >> PAGE_SHIFT;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
xfs_dax_failure_fn(
|
|
|
|
|
struct xfs_btree_cur *cur,
|
|
|
|
|
const struct xfs_rmap_irec *rec,
|
|
|
|
|
void *data)
|
|
|
|
|
{
|
|
|
|
|
struct xfs_mount *mp = cur->bc_mp;
|
|
|
|
|
struct xfs_inode *ip;
|
2023-06-06 18:41:06 +00:00
|
|
|
struct xfs_failure_info *notify = data;
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
struct address_space *mapping;
|
|
|
|
|
pgoff_t pgoff;
|
|
|
|
|
unsigned long pgcnt;
|
2023-06-06 18:41:03 +00:00
|
|
|
int error = 0;
|
|
|
|
|
|
|
|
|
|
if (XFS_RMAP_NON_INODE_OWNER(rec->rm_owner) ||
|
|
|
|
|
(rec->rm_flags & (XFS_RMAP_ATTR_FORK | XFS_RMAP_BMBT_BLOCK))) {
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
/* Continue the query because this isn't a failure. */
|
|
|
|
|
if (notify->mf_flags & MF_MEM_PRE_REMOVE)
|
|
|
|
|
return 0;
|
2023-06-06 18:41:06 +00:00
|
|
|
notify->want_shutdown = true;
|
|
|
|
|
return 0;
|
2023-06-06 18:41:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Get files that incore, filter out others that are not in use. */
|
|
|
|
|
error = xfs_iget(mp, cur->bc_tp, rec->rm_owner, XFS_IGET_INCORE,
|
|
|
|
|
0, &ip);
|
|
|
|
|
/* Continue the rmap query if the inode isn't incore */
|
|
|
|
|
if (error == -ENODATA)
|
|
|
|
|
return 0;
|
2023-06-06 18:41:06 +00:00
|
|
|
if (error) {
|
|
|
|
|
notify->want_shutdown = true;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2023-06-06 18:41:03 +00:00
|
|
|
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
mapping = VFS_I(ip)->i_mapping;
|
|
|
|
|
pgoff = xfs_failure_pgoff(mp, rec, notify);
|
|
|
|
|
pgcnt = xfs_failure_pgcnt(mp, rec, notify);
|
|
|
|
|
|
|
|
|
|
/* Continue the rmap query if the inode isn't a dax file. */
|
|
|
|
|
if (dax_mapping(mapping))
|
|
|
|
|
error = mf_dax_kill_procs(mapping, pgoff, pgcnt,
|
|
|
|
|
notify->mf_flags);
|
|
|
|
|
|
|
|
|
|
/* Invalidate the cache in dax pages. */
|
|
|
|
|
if (notify->mf_flags & MF_MEM_PRE_REMOVE)
|
|
|
|
|
invalidate_inode_pages2_range(mapping, pgoff,
|
|
|
|
|
pgoff + pgcnt - 1);
|
|
|
|
|
|
2023-06-06 18:41:03 +00:00
|
|
|
xfs_irele(ip);
|
|
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
static int
|
|
|
|
|
xfs_dax_notify_failure_freeze(
|
|
|
|
|
struct xfs_mount *mp)
|
|
|
|
|
{
|
|
|
|
|
struct super_block *sb = mp->m_super;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
error = freeze_super(sb, FREEZE_HOLDER_KERNEL);
|
|
|
|
|
if (error)
|
|
|
|
|
xfs_emerg(mp, "already frozen by kernel, err=%d", error);
|
|
|
|
|
|
|
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
xfs_dax_notify_failure_thaw(
|
|
|
|
|
struct xfs_mount *mp,
|
|
|
|
|
bool kernel_frozen)
|
|
|
|
|
{
|
|
|
|
|
struct super_block *sb = mp->m_super;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
if (kernel_frozen) {
|
|
|
|
|
error = thaw_super(sb, FREEZE_HOLDER_KERNEL);
|
|
|
|
|
if (error)
|
|
|
|
|
xfs_emerg(mp, "still frozen after notify failure, err=%d",
|
|
|
|
|
error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Also thaw userspace call anyway because the device is about to be
|
|
|
|
|
* removed immediately.
|
|
|
|
|
*/
|
|
|
|
|
thaw_super(sb, FREEZE_HOLDER_USERSPACE);
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-06 18:41:03 +00:00
|
|
|
static int
|
|
|
|
|
xfs_dax_notify_ddev_failure(
|
|
|
|
|
struct xfs_mount *mp,
|
|
|
|
|
xfs_daddr_t daddr,
|
|
|
|
|
xfs_daddr_t bblen,
|
|
|
|
|
int mf_flags)
|
|
|
|
|
{
|
2023-06-06 18:41:06 +00:00
|
|
|
struct xfs_failure_info notify = { .mf_flags = mf_flags };
|
2023-06-06 18:41:03 +00:00
|
|
|
struct xfs_trans *tp = NULL;
|
|
|
|
|
struct xfs_btree_cur *cur = NULL;
|
|
|
|
|
struct xfs_buf *agf_bp = NULL;
|
|
|
|
|
int error = 0;
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
bool kernel_frozen = false;
|
2023-06-06 18:41:03 +00:00
|
|
|
xfs_fsblock_t fsbno = XFS_DADDR_TO_FSB(mp, daddr);
|
|
|
|
|
xfs_agnumber_t agno = XFS_FSB_TO_AGNO(mp, fsbno);
|
2024-04-05 16:45:50 +00:00
|
|
|
xfs_fsblock_t end_fsbno = XFS_DADDR_TO_FSB(mp,
|
|
|
|
|
daddr + bblen - 1);
|
2023-06-06 18:41:03 +00:00
|
|
|
xfs_agnumber_t end_agno = XFS_FSB_TO_AGNO(mp, end_fsbno);
|
|
|
|
|
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
if (mf_flags & MF_MEM_PRE_REMOVE) {
|
|
|
|
|
xfs_info(mp, "Device is about to be removed!");
|
|
|
|
|
/*
|
|
|
|
|
* Freeze fs to prevent new mappings from being created.
|
|
|
|
|
* - Keep going on if others already hold the kernel forzen.
|
|
|
|
|
* - Keep going on if other errors too because this device is
|
|
|
|
|
* starting to fail.
|
|
|
|
|
* - If kernel frozen state is hold successfully here, thaw it
|
|
|
|
|
* here as well at the end.
|
|
|
|
|
*/
|
|
|
|
|
kernel_frozen = xfs_dax_notify_failure_freeze(mp) == 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-06 18:41:03 +00:00
|
|
|
error = xfs_trans_alloc_empty(mp, &tp);
|
|
|
|
|
if (error)
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
goto out;
|
2023-06-06 18:41:03 +00:00
|
|
|
|
|
|
|
|
for (; agno <= end_agno; agno++) {
|
|
|
|
|
struct xfs_rmap_irec ri_low = { };
|
|
|
|
|
struct xfs_rmap_irec ri_high;
|
|
|
|
|
struct xfs_agf *agf;
|
|
|
|
|
struct xfs_perag *pag;
|
2024-04-05 16:58:48 +00:00
|
|
|
xfs_agblock_t range_agend;
|
2023-06-06 18:41:03 +00:00
|
|
|
|
|
|
|
|
pag = xfs_perag_get(mp, agno);
|
|
|
|
|
error = xfs_alloc_read_agf(pag, tp, 0, &agf_bp);
|
|
|
|
|
if (error) {
|
|
|
|
|
xfs_perag_put(pag);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-05 20:34:25 +00:00
|
|
|
cur = xfs_rmapbt_init_cursor(mp, tp, agf_bp, pag);
|
2023-06-06 18:41:03 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set the rmap range from ri_low to ri_high, which represents
|
|
|
|
|
* a [start, end] where we looking for the files or metadata.
|
|
|
|
|
*/
|
|
|
|
|
memset(&ri_high, 0xFF, sizeof(ri_high));
|
|
|
|
|
ri_low.rm_startblock = XFS_FSB_TO_AGBNO(mp, fsbno);
|
|
|
|
|
if (agno == end_agno)
|
|
|
|
|
ri_high.rm_startblock = XFS_FSB_TO_AGBNO(mp, end_fsbno);
|
|
|
|
|
|
|
|
|
|
agf = agf_bp->b_addr;
|
2024-04-05 16:58:48 +00:00
|
|
|
range_agend = min(be32_to_cpu(agf->agf_length) - 1,
|
2023-06-06 18:41:03 +00:00
|
|
|
ri_high.rm_startblock);
|
|
|
|
|
notify.startblock = ri_low.rm_startblock;
|
2024-04-05 16:58:48 +00:00
|
|
|
notify.blockcount = range_agend + 1 - ri_low.rm_startblock;
|
2023-06-06 18:41:03 +00:00
|
|
|
|
|
|
|
|
error = xfs_rmap_query_range(cur, &ri_low, &ri_high,
|
|
|
|
|
xfs_dax_failure_fn, ¬ify);
|
|
|
|
|
xfs_btree_del_cursor(cur, error);
|
|
|
|
|
xfs_trans_brelse(tp, agf_bp);
|
|
|
|
|
xfs_perag_put(pag);
|
|
|
|
|
if (error)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
fsbno = XFS_AGB_TO_FSB(mp, agno + 1, 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
xfs_trans_cancel(tp);
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Shutdown fs from a force umount in pre-remove case which won't fail,
|
|
|
|
|
* so errors can be ignored. Otherwise, shutdown the filesystem with
|
|
|
|
|
* CORRUPT flag if error occured or notify.want_shutdown was set during
|
|
|
|
|
* RMAP querying.
|
|
|
|
|
*/
|
|
|
|
|
if (mf_flags & MF_MEM_PRE_REMOVE)
|
|
|
|
|
xfs_force_shutdown(mp, SHUTDOWN_FORCE_UMOUNT);
|
|
|
|
|
else if (error || notify.want_shutdown) {
|
2023-06-06 18:41:06 +00:00
|
|
|
xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_ONDISK);
|
|
|
|
|
if (!error)
|
|
|
|
|
error = -EFSCORRUPTED;
|
|
|
|
|
}
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
/* Thaw the fs if it has been frozen before. */
|
|
|
|
|
if (mf_flags & MF_MEM_PRE_REMOVE)
|
|
|
|
|
xfs_dax_notify_failure_thaw(mp, kernel_frozen);
|
|
|
|
|
|
2023-06-06 18:41:03 +00:00
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
xfs_dax_notify_failure(
|
|
|
|
|
struct dax_device *dax_dev,
|
|
|
|
|
u64 offset,
|
|
|
|
|
u64 len,
|
|
|
|
|
int mf_flags)
|
|
|
|
|
{
|
|
|
|
|
struct xfs_mount *mp = dax_holder(dax_dev);
|
|
|
|
|
u64 ddev_start;
|
|
|
|
|
u64 ddev_end;
|
|
|
|
|
|
2023-06-06 18:41:06 +00:00
|
|
|
if (!(mp->m_super->s_flags & SB_BORN)) {
|
2023-06-06 18:41:03 +00:00
|
|
|
xfs_warn(mp, "filesystem is not ready for notify_failure()!");
|
|
|
|
|
return -EIO;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mp->m_rtdev_targp && mp->m_rtdev_targp->bt_daxdev == dax_dev) {
|
2023-06-06 18:41:05 +00:00
|
|
|
xfs_debug(mp,
|
2023-06-06 18:41:03 +00:00
|
|
|
"notify_failure() not supported on realtime device!");
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mp->m_logdev_targp && mp->m_logdev_targp->bt_daxdev == dax_dev &&
|
|
|
|
|
mp->m_logdev_targp != mp->m_ddev_targp) {
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
/*
|
|
|
|
|
* In the pre-remove case the failure notification is attempting
|
|
|
|
|
* to trigger a force unmount. The expectation is that the
|
|
|
|
|
* device is still present, but its removal is in progress and
|
|
|
|
|
* can not be cancelled, proceed with accessing the log device.
|
|
|
|
|
*/
|
|
|
|
|
if (mf_flags & MF_MEM_PRE_REMOVE)
|
|
|
|
|
return 0;
|
2023-06-06 18:41:03 +00:00
|
|
|
xfs_err(mp, "ondisk log corrupt, shutting down fs!");
|
|
|
|
|
xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_ONDISK);
|
|
|
|
|
return -EFSCORRUPTED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!xfs_has_rmapbt(mp)) {
|
2023-06-06 18:41:05 +00:00
|
|
|
xfs_debug(mp, "notify_failure() needs rmapbt enabled!");
|
2023-06-06 18:41:03 +00:00
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ddev_start = mp->m_ddev_targp->bt_dax_part_off;
|
|
|
|
|
ddev_end = ddev_start + bdev_nr_bytes(mp->m_ddev_targp->bt_bdev) - 1;
|
|
|
|
|
|
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
JIRA: https://issues.redhat.com/browse/RHEL-12888
Conflicts: difference from upstream mm/memory-failure.c
commit fa422b353d212373fb2b2857a5ea5a6fa4876f9c
Author: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Date: Mon Oct 23 15:20:46 2023 +0800
mm, pmem, xfs: Introduce MF_MEM_PRE_REMOVE for unbind
Now, if we suddenly remove a PMEM device(by calling unbind) which
contains FSDAX while programs are still accessing data in this device,
e.g.:
```
$FSSTRESS_PROG -d $SCRATCH_MNT -n 99999 -p 4 &
# $FSX_PROG -N 1000000 -o 8192 -l 500000 $SCRATCH_MNT/t001 &
echo "pfn1.1" > /sys/bus/nd/drivers/nd_pmem/unbind
```
it could come into an unacceptable state:
1. device has gone but mount point still exists, and umount will fail
with "target is busy"
2. programs will hang and cannot be killed
3. may crash with NULL pointer dereference
To fix this, we introduce a MF_MEM_PRE_REMOVE flag to let it know that we
are going to remove the whole device, and make sure all related processes
could be notified so that they could end up gracefully.
This patch is inspired by Dan's "mm, dax, pmem: Introduce
dev_pagemap_failure()"[1]. With the help of dax_holder and
->notify_failure() mechanism, the pmem driver is able to ask filesystem
on it to unmap all files in use, and notify processes who are using
those files.
Call trace:
trigger unbind
-> unbind_store()
-> ... (skip)
-> devres_release_all()
-> kill_dax()
-> dax_holder_notify_failure(dax_dev, 0, U64_MAX, MF_MEM_PRE_REMOVE)
-> xfs_dax_notify_failure()
`-> freeze_super() // freeze (kernel call)
`-> do xfs rmap
` -> mf_dax_kill_procs()
` -> collect_procs_fsdax() // all associated processes
` -> unmap_and_kill()
` -> invalidate_inode_pages2_range() // drop file's cache
`-> thaw_super() // thaw (both kernel & user call)
Introduce MF_MEM_PRE_REMOVE to let filesystem know this is a remove
event. Use the exclusive freeze/thaw[2] to lock the filesystem to prevent
new dax mapping from being created. Do not shutdown filesystem directly
if configuration is not supported, or if failure range includes metadata
area. Make sure all files and processes(not only the current progress)
are handled correctly. Also drop the cache of associated files before
pmem is removed.
[1]: https://lore.kernel.org/linux-mm/161604050314.1463742.14151665140035795571.stgit@dwillia2-desk3.amr.corp.intel.com/
[2]: https://lore.kernel.org/linux-xfs/169116275623.3187159.16862410128731457358.stg-ugh@frogsfrogsfrogs/
Signed-off-by: Shiyang Ruan <ruansy.fnst@fujitsu.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
2024-04-05 16:58:49 +00:00
|
|
|
/* Notify failure on the whole device. */
|
|
|
|
|
if (offset == 0 && len == U64_MAX) {
|
|
|
|
|
offset = ddev_start;
|
|
|
|
|
len = bdev_nr_bytes(mp->m_ddev_targp->bt_bdev);
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-06 18:41:03 +00:00
|
|
|
/* Ignore the range out of filesystem area */
|
2024-04-05 16:45:50 +00:00
|
|
|
if (offset + len - 1 < ddev_start)
|
2023-06-06 18:41:03 +00:00
|
|
|
return -ENXIO;
|
|
|
|
|
if (offset > ddev_end)
|
|
|
|
|
return -ENXIO;
|
|
|
|
|
|
|
|
|
|
/* Calculate the real range when it touches the boundary */
|
|
|
|
|
if (offset > ddev_start)
|
|
|
|
|
offset -= ddev_start;
|
|
|
|
|
else {
|
|
|
|
|
len -= ddev_start - offset;
|
|
|
|
|
offset = 0;
|
|
|
|
|
}
|
2024-04-05 16:45:50 +00:00
|
|
|
if (offset + len - 1 > ddev_end)
|
|
|
|
|
len = ddev_end - offset + 1;
|
2023-06-06 18:41:03 +00:00
|
|
|
|
|
|
|
|
return xfs_dax_notify_ddev_failure(mp, BTOBB(offset), BTOBB(len),
|
|
|
|
|
mf_flags);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const struct dax_holder_operations xfs_dax_holder_operations = {
|
|
|
|
|
.notify_failure = xfs_dax_notify_failure,
|
|
|
|
|
};
|