1. 26 Sep, 2017 13 commits
  2. 22 Aug, 2017 1 commit
  3. 21 Aug, 2017 24 commits
    • Nikolay Borisov's avatar
      btrfs: remove unnecessary memory barrier in btrfs_direct_IO · dc59215d
      Nikolay Borisov authored
      Commit 38851cc1 ("Btrfs: implement unlocked dio write") implemented
      unlocked dio write, allowing multiple dio writers to write to
      non-overlapping, and non-eof-extending regions. In doing so it also
      introduced a broken memory barrier. It is broken due to 2 things:
      
      1. Memory barriers _MUST_ always be paired, this is clearly not the case
         here
      
      2. Checkpatch actually produces a warning if a memory barrier is
         introduced that doesn't have a comment explaining how it's being
         paired.
      
      Specifically for inode::i_dio_count that's wrapped inside
      inode_dio_begin, there is no explicit barrier semantics attached, so
      removing is fine as the atomic is used in common the waiter/wakeup
      pattern.
      Signed-off-by: default avatarNikolay Borisov <nborisov@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      [ enhance changelog ]
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      dc59215d
    • Nikolay Borisov's avatar
      btrfs: remove superfluous chunk_tree argument from btrfs_alloc_dev_extent · b5d9071c
      Nikolay Borisov authored
      Currently this function is always called with the object id of the root
      key of the chunk_tree, which is always BTRFS_CHUNK_TREE_OBJECTID. So
      let's subsume it straight into the function itself. No functional
      change.
      Signed-off-by: default avatarNikolay Borisov <nborisov@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      b5d9071c
    • Nikolay Borisov's avatar
      btrfs: Remove chunk_objectid parameter of btrfs_alloc_dev_extent · 0ca00afb
      Nikolay Borisov authored
      THe function is always called with chunk_objectid set to
      BTRFS_FIRST_CHUNK_TREE_OBJECTID. Let's collapse the parameter in the
      function itself. No functional changes.
      Signed-off-by: default avatarNikolay Borisov <nborisov@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      0ca00afb
    • Jeff Mahoney's avatar
      btrfs: pass fs_info to btrfs_del_root instead of tree_root · 1cd5447e
      Jeff Mahoney authored
      btrfs_del_roots always uses the tree_root.  Let's pass fs_info instead.
      Signed-off-by: default avatarJeff Mahoney <jeffm@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      1cd5447e
    • Liu Bo's avatar
      Btrfs: add one more sanity check for shared ref type · 64ecdb64
      Liu Bo authored
      Every shared ref has a parent tree block, which can be get from
      btrfs_extent_inline_ref_offset().  And the tree block must be aligned
      to the nodesize, so we'd know this inline ref is not valid if this
      block's bytenr is not aligned to the nodesize, in which case, most
      likely the ref type has been misused.
      
      This adds the above mentioned check and also updates
      print_extent_item() called by btrfs_print_leaf() to point out the
      invalid ref while printing the tree structure.
      Signed-off-by: default avatarLiu Bo <bo.li.liu@oracle.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      64ecdb64
    • Liu Bo's avatar
      Btrfs: remove BUG_ON in __add_tree_block · cdccee99
      Liu Bo authored
      The BUG_ON() can be triggered when the caller is processing an invalid
      extent inline ref, e.g.
      
      a shared data ref is offered instead of an extent data ref, such that
      it tries to find a non-existent tree block and then btrfs_search_slot
      returns 1 for no such item.
      
      This replaces the BUG_ON() with a WARN() followed by calling
      btrfs_print_leaf() to show more details about what's going on and
      returning -EINVAL to upper callers.
      Signed-off-by: default avatarLiu Bo <bo.li.liu@oracle.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      cdccee99
    • Liu Bo's avatar
      Btrfs: remove BUG() in add_data_reference · b14c55a1
      Liu Bo authored
      Now that we have a helper to report invalid value of extent inline ref
      type, we need to quit gracefully instead of throwing out a kernel panic.
      Signed-off-by: default avatarLiu Bo <bo.li.liu@oracle.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      b14c55a1
    • Liu Bo's avatar
      Btrfs: remove BUG() in print_extent_item · 07638ea5
      Liu Bo authored
      btrfs_print_leaf() is used in btrfs_get_extent_inline_ref_type, so
      here we really want to print the invalid value of ref type instead of
      causing a kernel panic.
      Signed-off-by: default avatarLiu Bo <bo.li.liu@oracle.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      07638ea5
    • Liu Bo's avatar
      Btrfs: remove BUG() in btrfs_extent_inline_ref_size · 4335958d
      Liu Bo authored
      Now that btrfs_get_extent_inline_ref_type() can report if type is a
      valid one and all callers can gracefully deal with that, we don't need
      to crash here.
      Signed-off-by: default avatarLiu Bo <bo.li.liu@oracle.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      4335958d
    • Liu Bo's avatar
      Btrfs: convert to use btrfs_get_extent_inline_ref_type · 3de28d57
      Liu Bo authored
      Since we have a helper which can do sanity check, this converts all
      btrfs_extent_inline_ref_type to it.
      Signed-off-by: default avatarLiu Bo <bo.li.liu@oracle.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      3de28d57
    • Liu Bo's avatar
      Btrfs: add a helper to retrive extent inline ref type · 167ce953
      Liu Bo authored
      An invalid value of extent inline ref type may be read from a
      malicious image which may force btrfs to crash.
      
      This adds a helper which does sanity check for the ref type, so we can
      know if it's sane, return he type, otherwise return an error.
      Signed-off-by: default avatarLiu Bo <bo.li.liu@oracle.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      [ minimal tweak const types, causing warnings due to other cleanup patches ]
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      167ce953
    • David Sterba's avatar
      btrfs: scrub: simplify scrub worker initialization · af1cbe0a
      David Sterba authored
      Minor simplification, merge calls to one.
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      af1cbe0a
    • David Sterba's avatar
      btrfs: scrub: clean up division in scrub_find_csum · 1d1bf92d
      David Sterba authored
      Use proper helpers for 64bit division.
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      1d1bf92d
    • David Sterba's avatar
      btrfs: scrub: clean up division in __scrub_mark_bitmap · 7736b0a4
      David Sterba authored
      Use proper helpers for 64bit division and then cast to narrower type.
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      7736b0a4
    • David Sterba's avatar
      btrfs: scrub: use bool for flush_all_writes · 2073c4c2
      David Sterba authored
      flush_all_writes is an atomic but does not use the semantics at all,
      it's just on/off indicator, we can use bool.
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      2073c4c2
    • Ernesto A. Fernández's avatar
      btrfs: preserve i_mode if __btrfs_set_acl() fails · d7d82496
      Ernesto A. Fernández authored
      When changing a file's acl mask, btrfs_set_acl() will first set the
      group bits of i_mode to the value of the mask, and only then set the
      actual extended attribute representing the new acl.
      
      If the second part fails (due to lack of space, for example) and the
      file had no acl attribute to begin with, the system will from now on
      assume that the mask permission bits are actual group permission bits,
      potentially granting access to the wrong users.
      
      Prevent this by restoring the original mode bits if __btrfs_set_acl
      fails.
      Signed-off-by: default avatarErnesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      d7d82496
    • Nikolay Borisov's avatar
      btrfs: Remove extraneous chunk_objectid variable · 408fbf19
      Nikolay Borisov authored
      BTRFS_FIRST_CHUNK_TREE_OBJECTIS id the only objectid being used in the
      chunk_tree. So remove a variable which is always set to that value and collapse
      its usage in callees which are passed this variable. No functional changes
      Signed-off-by: default avatarNikolay Borisov <nborisov@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      408fbf19
    • Nikolay Borisov's avatar
      btrfs: Remove chunk_objectid argument from btrfs_make_block_group · 0174484d
      Nikolay Borisov authored
      btrfs_make_block_group is always called with chunk_objectid set to
      BTRFS_FIRST_CHUNK_TREE_OBJECTID. There's no reason why this behavior will
      change anytime soon, so let's remove the argument and decrease the cognitive
      load when reading the code path. No functional change
      Signed-off-by: default avatarNikolay Borisov <nborisov@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      0174484d
    • Matthias Kaehlcke's avatar
      btrfs: Remove extra parentheses from condition in copy_items() · 0dde10be
      Matthias Kaehlcke authored
      There is no need for the extra pair of parentheses, remove it. This
      fixes the following warning when building with clang:
      
      fs/btrfs/tree-log.c:3694:10: warning: equality comparison with extraneous
        parentheses [-Wparentheses-equality]
                      if ((i == (nr - 1)))
                           ~~^~~~~~~~~~~
      
      Also remove the unnecessary parentheses around the substraction.
      Signed-off-by: default avatarMatthias Kaehlcke <mka@chromium.org>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      0dde10be
    • Nikolay Borisov's avatar
      btrfs: Remove redundant setting of uuid in btrfs_block_header · 0ce1dd2a
      Nikolay Borisov authored
      btrfs_alloc_dev_extent currently unconditionally sets the uuid in the
      leaf block header the function is working with. This is unnecessary
      since this operation is peformed by the core btree handling code
      (splitting a node, allocating a new btree block etc). So let's remove
      it.
      Signed-off-by: default avatarNikolay Borisov <nborisov@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      0ce1dd2a
    • Hans van Kranenburg's avatar
      btrfs: Do not use data_alloc_cluster in ssd mode · 583b7231
      Hans van Kranenburg authored
          This patch provides a band aid to improve the 'out of the box'
      behaviour of btrfs for disks that are detected as being an ssd.  In a
      general purpose mixed workload scenario, the current ssd mode causes
      overallocation of available raw disk space for data, while leaving
      behind increasing amounts of unused fragmented free space. This
      situation leads to early ENOSPC problems which are harming user
      experience and adoption of btrfs as a general purpose filesystem.
      
      This patch modifies the data extent allocation behaviour of the ssd mode
      to make it behave identical to nossd mode.  The metadata behaviour and
      additional ssd_spread option stay untouched so far.
      
      Recommendations for future development are to reconsider the current
      oversimplified nossd / ssd distinction and the broken detection
      mechanism based on the rotational attribute in sysfs and provide
      experienced users with a more flexible way to choose allocator behaviour
      for data and metadata, optimized for certain use cases, while keeping
      sane 'out of the box' default settings.  The internals of the current
      btrfs code have more potential than what currently gets exposed to the
      user to choose from.
      
          The SSD story...
      
          In the first year of btrfs development, around early 2008, btrfs
      gained a mount option which enables specific functionality for
      filesystems on solid state devices. The first occurance of this
      functionality is in commit e18e4809, labeled "Add mount -o ssd, which
      includes optimizations for seek free storage".
      
      The effect on allocating free space for doing (data) writes is to
      'cluster' writes together, writing them out in contiguous space, as
      opposed to a 'tetris' way of putting all separate writes into any free
      space fragment that fits (which is what the -o nossd behaviour does).
      
      A somewhat simplified explanation of what happens is that, when for
      example, the 'cluster' size is set to 2MiB, when we do some writes, the
      data allocator will search for a free space block that is 2MiB big, and
      put the writes in there. The ssd mode itself might allow a 2MiB cluster
      to be composed of multiple free space extents with some existing data in
      between, while the additional ssd_spread mount option kills off this
      option and requires fully free space.
      
      The idea behind this is (commit 536ac8ae): "The [...] clusters make it
      more likely a given IO will completely overwrite the ssd block, so it
      doesn't have to do an internal rwm cycle."; ssd block meaning nand erase
      block. So, effectively this means applying a "locality based algorithm"
      and trying to outsmart the actual ssd.
      
      Since then, various changes have been made to the involved code, but the
      basic idea is still present, and gets activated whenever the ssd mount
      option is active. This also happens by default, when the rotational flag
      as seen at /sys/block/<device>/queue/rotational is set to 0.
      
          However, there's a number of problems with this approach.
      
          First, what the optimization is trying to do is outsmart the ssd by
      assuming there is a relation between the physical address space of the
      block device as seen by btrfs and the actual physical storage of the
      ssd, and then adjusting data placement. However, since the introduction
      of the Flash Translation Layer (FTL) which is a part of the internal
      controller of an ssd, these attempts are futile. The use of good quality
      FTL in consumer ssd products might have been limited in 2008, but this
      situation has changed drastically soon after that time. Today, even the
      flash memory in your automatic cat feeding machine or your grandma's
      wheelchair has a full featured one.
      
      Second, the behaviour as described above results in the filesystem being
      filled up with badly fragmented free space extents because of relatively
      small pieces of space that are freed up by deletes, but not selected
      again as part of a 'cluster'. Since the algorithm prefers allocating a
      new chunk over going back to tetris mode, the end result is a filesystem
      in which all raw space is allocated, but which is composed of
      underutilized chunks with a 'shotgun blast' pattern of fragmented free
      space. Usually, the next problematic thing that happens is the
      filesystem wanting to allocate new space for metadata, which causes the
      filesystem to fail in spectacular ways.
      
      Third, the default mount options you get for an ssd ('ssd' mode enabled,
      'discard' not enabled), in combination with spreading out writes over
      the full address space and ignoring freed up space leads to worst case
      behaviour in providing information to the ssd itself, since it will
      never learn that all the free space left behind is actually free.  There
      are two ways to let an ssd know previously written data does not have to
      be preserved, which are sending explicit signals using discard or
      fstrim, or by simply overwriting the space with new data.  The worst
      case behaviour is the btrfs ssd_spread mount option in combination with
      not having discard enabled. It has a side effect of minimizing the reuse
      of free space previously written in.
      
      Fourth, the rotational flag in /sys/ does not reliably indicate if the
      device is a locally attached ssd. For example, iSCSI or NBD displays as
      non-rotational, while a loop device on an ssd shows up as rotational.
      
      The combination of the second and third problem effectively means that
      despite all the good intentions, the btrfs ssd mode reliably causes the
      ssd hardware and the filesystem structures and performance to be choked
      to death. The clickbait version of the title of this story would have
      been "Btrfs ssd optimizations considered harmful for ssds".
      
      The current nossd 'tetris' mode (even still without discard) allows a
      pattern of overwriting much more previously used space, causing many
      more implicit discards to happen because of the overwrite information
      the ssd gets. The actual location in the physical address space, as seen
      from the point of view of btrfs is irrelevant, because the actual writes
      to the low level flash are reordered anyway thanks to the FTL.
      
          Changes made in the code
      
      1. Make ssd mode data allocation identical to tetris mode, like nossd.
      2. Adjust and clean up filesystem mount messages so that we can easily
      identify if a kernel has this patch applied or not, when providing
      support to end users. Also, make better use of the *_and_info helpers to
      only trigger messages on actual state changes.
      
          Backporting notes
      
      Notes for whoever wants to backport this patch to their 4.9 LTS kernel:
      * First apply commit 951e7966 "btrfs: drop the nossd flag when
        remounting with -o ssd", or fixup the differences manually.
      * The rest of the conflicts are because of the fs_info refactoring. So,
        for example, instead of using fs_info, it's root->fs_info in
        extent-tree.c
      Signed-off-by: default avatarHans van Kranenburg <hans.van.kranenburg@mendix.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      583b7231
    • Lu Fengqi's avatar
      btrfs: use btrfsic_submit_bio instead of submit_bio in write_dev_flush · 43a01111
      Lu Fengqi authored
      Although this bio has no data attached, it will reach this condition
      (bio->bi_opf & REQ_PREFLUSH) and then update the flush_gen of dev_state
      in __btrfsic_submit_bio. So we should still submit it through integrity
      checker. Otherwise, the integrity checker will throw the following warning
      when I mount a newly created btrfs filesystem.
      
      [10264.755497] btrfs: attempt to write superblock which references block M @29523968 (sdb1/1111654400/0) which is not flushed out of disk's write cache (block flush_gen=1, dev->flush_gen=0)!
      [10264.755498] btrfs: attempt to write superblock which references block M @29523968 (sdb1/37912576/0) which is not flushed out of disk's write cache (block flush_gen=1, dev->flush_gen=0)!
      Signed-off-by: default avatarLu Fengqi <lufq.fnst@cn.fujitsu.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      43a01111
    • Filipe Manana's avatar
      Btrfs: incremental send, fix emission of invalid clone operations · 72610b1b
      Filipe Manana authored
      When doing an incremental send it's possible that the computed send stream
      contains clone operations that will fail on the receiver if the receiver
      has compression enabled and the clone operations target a sector sized
      extent that starts at a zero file offset, is not compressed on the source
      filesystem but ends up being compressed and inlined at the destination
      filesystem.
      
      Example scenario:
      
        $ mkfs.btrfs -f /dev/sdb
        $ mount -o compress /dev/sdb /mnt
      
        # By doing a direct IO write, the data is not compressed.
        $ xfs_io -f -d -c "pwrite -S 0xab 0 4K" /mnt/foobar
        $ btrfs subvolume snapshot -r /mnt /mnt/mysnap1
      
        $ xfs_io -c "reflink /mnt/foobar 0 8K 4K" /mnt/foobar
        $ btrfs subvolume snapshot -r /mnt /mnt/mysnap2
      
        $ btrfs send -f /tmp/1.snap /mnt/mysnap1
        $ btrfs send -f /tmp/2.snap -p /mnt/mysnap1 /mnt/mysnap2
        $ umount /mnt
      
        $ mkfs.btrfs -f /dev/sdc
        $ mount -o compress /dev/sdc /mnt
        $ btrfs receive -f /tmp/1.snap /mnt
        $ btrfs receive -f /tmp/2.snap /mnt
        ERROR: failed to clone extents to foobar
        Operation not supported
      
      The same could be achieved by mounting the source filesystem without
      compression and doing a buffered IO write instead of a direct IO one,
      and mounting the destination filesystem with compression enabled.
      
      So fix this by issuing regular write operations in the send stream
      instead of clone operations when the source offset is zero and the
      range has a length matching the sector size.
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Reviewed-by: default avatarLiu Bo <bo.li.liu@oracle.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      72610b1b
    • Liu Bo's avatar
      Btrfs: fix out of bounds array access while reading extent buffer · f716abd5
      Liu Bo authored
      There is a corner case that slips through the checkers in functions
      reading extent buffer, ie.
      
      if (start < eb->len) and (start + len > eb->len),
      then
      
      a) map_private_extent_buffer() returns immediately because
      it's thinking the range spans across two pages,
      
      b) and the checkers in read_extent_buffer(), WARN_ON(start > eb->len)
      and WARN_ON(start + len > eb->start + eb->len), both are OK in this
      corner case, but it'd actually try to access the eb->pages out of
      bounds because of (start + len > eb->len).
      
      The case is found by switching extent inline ref type from shared data
      ref to non-shared data ref, which is a kind of metadata corruption.
      
      It'd use the wrong helper to access the eb,
      eg. btrfs_extent_data_ref_root(eb, ref) is used but the %ref passing
      here is "struct btrfs_shared_data_ref".  And if the extent item
      happens to be the first item in the eb, then offset/length will get
      over eb->len which ends up an invalid memory access.
      
      This is adding proper checks in order to avoid invalid memory access,
      ie. 'general protection fault', before it's too late.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarLiu Bo <bo.li.liu@oracle.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      f716abd5
  4. 18 Aug, 2017 2 commits