1. 04 May, 2022 10 commits
    • Dave Chinner's avatar
      xfs: intent item whiteouts · 0d227466
      Dave Chinner authored
      When we log modifications based on intents, we add both intent
      and intent done items to the modification being made. These get
      written to the log to ensure that the operation is re-run if the
      intent done is not found in the log.
      
      However, for operations that complete wholly within a single
      checkpoint, the change in the checkpoint is atomic and will never
      need replay. In this case, we don't need to actually write the
      intent and intent done items to the journal because log recovery
      will never need to manually restart this modification.
      
      Log recovery currently handles intent/intent done matching by
      inserting the intent into the AIL, then removing it when a matching
      intent done item is found. Hence for all the intent-based operations
      that complete within a checkpoint, we spend all that time parsing
      the intent/intent done items just to cancel them and do nothing with
      them.
      
      Hence it follows that the only time we actually need intents in the
      log is when the modification crosses checkpoint boundaries in the
      log and so may only be partially complete in the journal. Hence if
      we commit and intent done item to the CIL and the intent item is in
      the same checkpoint, we don't actually have to write them to the
      journal because log recovery will always cancel the intents.
      
      We've never really worried about the overhead of logging intents
      unnecessarily like this because the intents we log are generally
      very much smaller than the change being made. e.g. freeing an extent
      involves modifying at lease two freespace btree blocks and the AGF,
      so the EFI/EFD overhead is only a small increase in space and
      processing time compared to the overall cost of freeing an extent.
      
      However, delayed attributes change this cost equation dramatically,
      especially for inline attributes. In the case of adding an inline
      attribute, we only log the inode core and attribute fork at present.
      With delayed attributes, we now log the attr intent which includes
      the name and value, the inode core adn attr fork, and finally the
      attr intent done item. We increase the number of items we log from 1
      to 3, and the number of log vectors (regions) goes up from 3 to 7.
      Hence we tripple the number of objects that the CIL has to process,
      and more than double the number of log vectors that need to be
      written to the journal.
      
      At scale, this means delayed attributes cause a non-pipelined CIL to
      become CPU bound processing all the extra items, resulting in a > 40%
      performance degradation on 16-way file+xattr create worklaods.
      Pipelining the CIL (as per 5.15) reduces the performance degradation
      to 20%, but now the limitation is the rate at which the log items
      can be written to the iclogs and iclogs be dispatched for IO and
      completed.
      
      Even log IO completion is slowed down by these intents, because it
      now has to process 3x the number of items in the checkpoint.
      Processing completed intents is especially inefficient here, because
      we first insert the intent into the AIL, then remove it from the AIL
      when the intent done is processed. IOWs, we are also doing expensive
      operations in log IO completion we could completely avoid if we
      didn't log completed intent/intent done pairs.
      
      Enter log item whiteouts.
      
      When an intent done is committed, we can check to see if the
      associated intent is in the same checkpoint as we are currently
      committing the intent done to. If so, we can mark the intent log
      item with a whiteout and immediately free the intent done item
      rather than committing it to the CIL. We can basically skip the
      entire formatting and CIL insertion steps for the intent done item.
      
      However, we cannot remove the intent item from the CIL at this point
      because the unlocked per-cpu CIL item lists do not permit removal
      without holding the CIL context lock exclusively. Transaction commit
      only holds the context lock shared, hence the best we can do is mark
      the intent item with a whiteout so that the CIL push can release it
      rather than writing it to the log.
      
      This means we never write the intent to the log if the intent done
      has also been committed to the same checkpoint, but we'll always
      write the intent if the intent done has not been committed or has
      been committed to a different checkpoint. This will result in
      correct log recovery behaviour in all cases, without the overhead of
      logging unnecessary intents.
      
      This intent whiteout concept is generic - we can apply it to all
      intent/intent done pairs that have a direct 1:1 relationship. The
      way deferred ops iterate and relog intents mean that all intents
      currently have a 1:1 relationship with their done intent, and hence
      we can apply this cancellation to all existing intent/intent done
      implementations.
      
      For delayed attributes with a 16-way 64kB xattr create workload,
      whiteouts reduce the amount of journalled metadata from ~2.5GB/s
      down to ~600MB/s and improve the creation rate from 9000/s to
      14000/s.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      0d227466
    • Dave Chinner's avatar
      xfs: whiteouts release intents that are not in the AIL · 3512fc1e
      Dave Chinner authored
      When we release an intent that a whiteout applies to, it will not
      have been committed to the journal and so won't be in the AIL. Hence
      when we drop the last reference to the intent, we do not want to try
      to remove it from the AIL as that will trigger a filesystem
      shutdown. Hence make the removal of intents from the AIL conditional
      on them actually being in the AIL so we do the correct thing.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      3512fc1e
    • Dave Chinner's avatar
      xfs: add log item method to return related intents · c23ab603
      Dave Chinner authored
      To apply a whiteout to an intent item when an intent done item is
      committed, we need to be able to retrieve the intent item from the
      the intent done item. Add a log item op method for doing this, and
      wire all the intent done items up to it.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      c23ab603
    • Dave Chinner's avatar
      xfs: factor and move some code in xfs_log_cil.c · 22b1afc5
      Dave Chinner authored
      In preparation for adding support for intent item whiteouts.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      22b1afc5
    • Dave Chinner's avatar
      xfs: tag transactions that contain intent done items · bb7b1c9c
      Dave Chinner authored
      Intent whiteouts will require extra work to be done during
      transaction commit if the transaction contains an intent done item.
      
      To determine if a transaction contains an intent done item, we want
      to avoid having to walk all the items in the transaction to check if
      they are intent done items. Hence when we add an intent done item to
      a transaction, tag the transaction to indicate that it contains such
      an item.
      
      We don't tag the transaction when the defer ops is relogging an
      intent to move it forward in the log. Whiteouts will never apply to
      these cases, so we don't need to bother looking for them.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      bb7b1c9c
    • Dave Chinner's avatar
      xfs: add log item flags to indicate intents · f5b81200
      Dave Chinner authored
      We currently have a couple of helper functions that try to infer
      whether the log item is an intent or intent done item from the
      combinations of operations it supports.  This is incredibly fragile
      and not very efficient as it requires checking specific combinations
      of ops.
      
      We need to be able to identify intent and intent done items quickly
      and easily in upcoming patches, so simply add intent and intent done
      type flags to the log item ops flags. These are static flags to
      begin with, so intent items should have been typed like this from
      the start.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      f5b81200
    • Dave Chinner's avatar
      xfs: don't commit the first deferred transaction without intents · 5ddd658e
      Dave Chinner authored
      If the first operation in a string of defer ops has no intents,
      then there is no reason to commit it before running the first call
      to xfs_defer_finish_one(). This allows the defer ops to be used
      effectively for non-intent based operations without requiring an
      unnecessary extra transaction commit when first called.
      
      This fixes a regression in per-attribute modification transaction
      count when delayed attributes are not being used.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      5ddd658e
    • Dave Chinner's avatar
      xfs: hide log iovec alignment constraints · b2c28035
      Dave Chinner authored
      Callers currently have to round out the size of buffers to match the
      aligment constraints of log iovecs and xlog_write(). They should not
      need to know this detail, so introduce a new function to calculate
      the iovec length (for use in ->iop_size implementations). Also
      modify xlog_finish_iovec() to round up the length to the correct
      alignment so the callers don't need to do this, either.
      
      Convert the only user - inode forks - of this alignment rounding to
      use the new interface.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      b2c28035
    • Dave Chinner's avatar
      xfs: fix potential log item leak · c230a4a8
      Dave Chinner authored
      Ever since we added shadown format buffers to the log items, log
      items need to handle the item being released with shadow buffers
      attached. Due to the fact this requirement was added at the same
      time we added new rmap/reflink intents, we missed the cleanup of
      those items.
      
      In theory, this means shadow buffers can be leaked in a very small
      window when a shutdown is initiated. Testing with KASAN shows this
      leak does not happen in practice - we haven't identified a single
      leak in several years of shutdown testing since ~v4.8 kernels.
      
      However, the intent whiteout cleanup mechanism results in every
      cancelled intent in exactly the same state as this tiny race window
      creates and so if intents down clean up shadow buffers on final
      release we will leak the shadow buffer for just about every intent
      we create.
      
      Hence we start with this patch to close this condition off and
      ensure that when whiteouts start to be used we don't leak lots of
      memory.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      c230a4a8
    • Dave Chinner's avatar
      xfs: zero inode fork buffer at allocation · cb512c92
      Dave Chinner authored
      When we first allocate or resize an inline inode fork, we round up
      the allocation to 4 byte alingment to make journal alignment
      constraints. We don't clear the unused bytes, so we can copy up to
      three uninitialised bytes into the journal. Zero those bytes so we
      only ever copy zeros into the journal.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
      Reviewed-by: default avatarAllison Henderson <allison.henderson@oracle.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      cb512c92
  2. 21 Apr, 2022 30 commits