1. 07 Jan, 2022 28 commits
    • Josef Bacik's avatar
      btrfs: make should_throttle loop local in btrfs_truncate_inode_items · e48dac7f
      Josef Bacik authored
      We reset this bool on every loop through the truncate loop, make this
      variable local to the loop.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      e48dac7f
    • Josef Bacik's avatar
      btrfs: combine extra if statements in btrfs_truncate_inode_items · 0adbc619
      Josef Bacik authored
      We have
      
          if (del_item)
      	    // do something
          else
      	    // something else
          if (del_item)
      	    // do yet another thing
          else
      	    // something else entirely
      
      back to back in btrfs_truncate_inode_items, collapse these two sets of
      if statements into one.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      0adbc619
    • Josef Bacik's avatar
      btrfs: convert BUG() for pending_del_nr into an ASSERT · 376b91d5
      Josef Bacik authored
      This is a logic correctness check, convert it into an ASSERT() instead
      of a BUG().
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      376b91d5
    • Josef Bacik's avatar
      btrfs: convert BUG_ON() in btrfs_truncate_inode_items to ASSERT · 56e1edb0
      Josef Bacik authored
      We have a correctness BUG_ON() in btrfs_truncate_inode_items to make
      sure that we're always using min_type == BTRFS_EXTENT_DATA_KEY if
      new_size is > 0.  Convert this to an ASSERT.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      56e1edb0
    • Josef Bacik's avatar
      btrfs: add inode to truncate control · 71d18b53
      Josef Bacik authored
      In the future we're going to want to use btrfs_truncate_inode_items
      without looking up the associated inode.  In order to accommodate this
      add the inode to btrfs_truncate_control and handle the case where
      control->inode is NULL appropriately.  This is fairly straightforward,
      we simply need to add a helper for the trace points, as the file extent
      map update is controlled by a flag on btrfs_truncate_control.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      71d18b53
    • Josef Bacik's avatar
      btrfs: pass the ino via truncate control · 487e81d2
      Josef Bacik authored
      In the future we are going to want to truncate inode items without
      needing to have an btrfs_inode to pass in, so add ino to the
      btrfs_truncate_control and use that to look up the inode items to
      truncate.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      487e81d2
    • Josef Bacik's avatar
      btrfs: use a flag to control when to clear the file extent range · 655807b8
      Josef Bacik authored
      We only care about updating the file extent range when we are doing a
      normal truncation.  We skip this for tree logging currently, but we can
      also skip this for eviction as well.  Using a flag makes it more
      explicit when we want to do this work.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      655807b8
    • Josef Bacik's avatar
      btrfs: control extent reference updates with a control flag for truncate · 5caa490e
      Josef Bacik authored
      We've had weird bugs in the past where we forgot to adjust the truncate
      path to deal with the fact that we can be called by the tree log path.
      Instead of checking if our root is a LOG_ROOT use a flag on the
      btrfs_truncate_control to indicate that we don't want to do extent
      reference updates during this truncate.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      5caa490e
    • Josef Bacik's avatar
      btrfs: only call inode_sub_bytes in truncate paths that care · 462b728e
      Josef Bacik authored
      We currently have a bunch of awkward checks to make sure we only update
      the inode i_bytes if we're truncating the real inode.  Instead keep
      track of the number of bytes we need to sub in the
      btrfs_truncate_control, and then do the appropriate adjustment in the
      truncate paths that care.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      462b728e
    • Josef Bacik's avatar
      btrfs: only update i_size in truncate paths that care · c2ddb612
      Josef Bacik authored
      We currently will update the i_size of the inode as we truncate it down,
      however we skip this if we're calling btrfs_truncate_inode_items from
      the tree log code.  However we also don't care about this in the case of
      evict.  Instead keep track of this value in the btrfs_truncate_control
      and then have btrfs_truncate() and the free space cache truncate path
      both do the i_size update themselves.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      c2ddb612
    • Josef Bacik's avatar
      btrfs: add truncate control struct · d9ac19c3
      Josef Bacik authored
      I'm going to be adding more arguments and counters to
      btrfs_truncate_inode_items, so add a control struct to handle all of the
      extra arguments to make it easier to follow.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      d9ac19c3
    • Josef Bacik's avatar
      btrfs: remove found_extent from btrfs_truncate_inode_items · 7097a941
      Josef Bacik authored
      We only set this if we find a normal file extent, del_item == 1, and the
      file extent points to a real extent and isn't a hole extent.  We can use
      del_item == 1 && extent_start != 0 to get the same information that
      found_extent provides, so remove this variable and use the other
      variables instead.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      7097a941
    • Josef Bacik's avatar
      btrfs: move btrfs_kill_delayed_inode_items into evict · 2adc75d6
      Josef Bacik authored
      We have a special case in btrfs_truncate_inode_items() to call
      btrfs_kill_delayed_inode_items() if min_type == 0, which is only called
      during evict.
      
      Instead move this out into evict proper, and add some comments because I
      erroneously attempted to remove this code altogether without
      understanding what we were doing.
      
      Evict is updating the inode only because we only care about making sure
      the i_nlink count has hit disk.  If we had pending deletions we don't
      want to process those via the delayed inode updates, we simply want to
      drop all of them and reclaim the reserved metadata space.  Then from
      there the btrfs_truncate_inode_items() will do the work to remove all of
      the items as appropriate.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      2adc75d6
    • Josef Bacik's avatar
      btrfs: remove free space cache inode check in btrfs_truncate_inode_items · 275312a0
      Josef Bacik authored
      We no longer have inode cache feature, so this check is extraneous as
      the only inode cache is in the tree_root, which is not marked as
      SHAREABLE.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      275312a0
    • Josef Bacik's avatar
      btrfs: move extent locking outside of btrfs_truncate_inode_items · 9a4a1429
      Josef Bacik authored
      Currently we are locking the extent and dropping the extent cache for
      any inodes we truncate, unless they're in the tree log.  We call this
      helper from:
      
      - truncate
      - evict
      - tree log
      - free space cache truncation
      
      For evict we've already dropped all of the extent cache for this inode
      once we've gotten here, and we're the only one accessing this inode, so
      this step is unnecessary.
      
      For the tree log code we already skip this part.
      
      Pull this work into the truncate path and the free space cache
      truncation path.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      9a4a1429
    • Josef Bacik's avatar
      btrfs: move btrfs_truncate_inode_items to inode-item.c · 54f03ab1
      Josef Bacik authored
      This is an inode item related manipulation with a few vfs related
      adjustments.  I'm going to remove the vfs related code from this helper
      and simplify it a lot, but I want those changes to be easily seen via
      git blame, so move this function now and then the simplification work
      can be done.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      54f03ab1
    • Josef Bacik's avatar
      btrfs: add an inode-item.h · 26c2c454
      Josef Bacik authored
      We have a few helpers in inode-item.c, and I'm going to make a few
      changes to how we do truncate in the future, so break out these
      definitions into their own header file to trim down ctree.h some and
      make it easier to do the work on truncate in the future.
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      26c2c454
    • Filipe Manana's avatar
      btrfs: remove stale comment about locking at btrfs_search_slot() · 727e6060
      Filipe Manana authored
      The comment refers to the old extent buffer locking code, where we used to
      have custom locks that had blocking and spinning behaviour modes. That is
      not the case anymore, since we have transitioned to rw semaphores, so the
      comment does not offer any value anymore. Remove it.
      Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      727e6060
    • Filipe Manana's avatar
      btrfs: remove BUG_ON() after splitting leaf · bb8e9a60
      Filipe Manana authored
      After calling split_leaf() we BUG_ON() if the returned value is greater
      than zero. However split_leaf() only returns 0, in case of success, or a
      negative value in case of an error.
      
      The reason for the BUG_ON() is that if we ever get a positive return
      value from split_leaf(), we can not simply propagate it to the callers
      of btrfs_search_slot(), as that would be interpreted as "key not found"
      and not as an error. That means it could result in callers ending up
      causing some potential silent corruption.
      
      So change the BUG_ON() to an ASSERT(), and in case assertions are
      disabled, produce a warning and set the return value to an error, to make
      it not possible to get into a silent corruption and having the error not
      noticed.
      Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      bb8e9a60
    • Filipe Manana's avatar
      btrfs: move leaf search logic out of btrfs_search_slot() · 109324cf
      Filipe Manana authored
      There's quite a significant amount of code for doing the key search for a
      leaf at btrfs_search_slot(), with a couple labels and gotos in it, plus
      btrfs_search_slot() is already big enough.
      
      So move the logic that does the key search on a leaf into a new helper
      function. This makes it better organized, removing the need for the labels
      and the gotos, as well as reducing the indentation level and the size of
      btrfs_search_slot().
      Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      109324cf
    • Filipe Manana's avatar
      btrfs: remove useless condition check before splitting leaf · e5e1c174
      Filipe Manana authored
      When inserting a key, we check if the write_lock_level is less than 1,
      and if so we set it to 1, release the path and retry the tree traversal.
      
      However that is unnecessary, because when ins_len is greater than 0, we
      know that write_lock_level can never be less than 1.
      
      The logic to retry is also buggy, because in case ins_len was decremented,
      due to an exact key match and the search is not meant for item extension
      (path->search_for_extension is 0), we retry without incrementing ins_len,
      which would make the next retry decrement it again by the same amount.
      
      So remove the check for write_lock_level being less than 1 and add an
      assertion to assert it's always >= 1.
      Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      e5e1c174
    • Filipe Manana's avatar
      btrfs: try to unlock parent nodes earlier when inserting a key · e2e58d0f
      Filipe Manana authored
      When inserting a new key, we release the write lock on the leaf's parent
      only after doing the binary search on the leaf. This is because if the
      key ends up at slot 0, we will have to update the key at slot 0 of the
      parent node. The same reasoning applies to any other upper level nodes
      when their slot is 0. We also need to keep the parent locked in case the
      leaf does not have enough free space to insert the new key/item, because
      in that case we will split the leaf and we will need to add a new key to
      the parent due to a new leaf resulting from the split operation.
      
      However if the leaf has enough space for the new key and the key does not
      end up at slot 0 of the leaf we could release our write lock on the parent
      before doing the binary search on the leaf to figure out the destination
      slot. That leads to reducing the amount of time other tasks are blocked
      waiting to lock the parent, therefore increasing parallelism when there
      are other tasks that are trying to access other leaves accessible through
      the same parent. This also applies to other upper nodes besides the
      immediate parent, when their slot is 0, since we keep locks on them until
      we figure out if the leaf slot is slot 0 or not.
      
      In fact, having the key ending at up slot 0 when is rare. Typically it
      only happens when the key is less than or equals to the smallest, the
      "left most", key of the entire btree, during a split attempt when we try
      to push to the right sibling leaf or when the caller just wants to update
      the item of an existing key. It's also very common that a leaf has enough
      space to insert a new key, since after a split we move about half of the
      keys from one into the new leaf.
      
      So unlock the parent, and any other upper level nodes, when during a key
      insertion we notice the key is greater then the first key in the leaf and
      the leaf has enough free space. After unlocking the upper level nodes, do
      the binary search using a low boundary of slot 1 and not slot 0, to figure
      out the slot where the key will be inserted (or where the key already is
      in case it exists and the caller wants to modify its item data).
      This extra comparison, with the first key, is cheap and the key is very
      likely already in a cache line because it immediately follows the header
      of the extent buffer and we have recently read the level field of the
      header (which in fact is the last field of the header).
      
      The following fs_mark test was run on a non-debug kernel (debian's default
      kernel config), with a 12 cores intel CPU, and using a NVMe device:
      
        $ cat run-fsmark.sh
        #!/bin/bash
      
        DEV=/dev/nvme0n1
        MNT=/mnt/nvme0n1
        MOUNT_OPTIONS="-o ssd"
        MKFS_OPTIONS="-O no-holes -R free-space-tree"
        FILES=100000
        THREADS=$(nproc --all)
        FILE_SIZE=0
      
        echo "performance" | \
      	tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
      
        mkfs.btrfs -f $MKFS_OPTIONS $DEV
        mount $MOUNT_OPTIONS $DEV $MNT
      
        OPTS="-S 0 -L 10 -n $FILES -s $FILE_SIZE -t $THREADS -k"
        for ((i = 1; i <= $THREADS; i++)); do
            OPTS="$OPTS -d $MNT/d$i"
        done
      
        fs_mark $OPTS
      
        umount $MNT
      
      Before this change:
      
      FSUse%        Count         Size    Files/sec     App Overhead
           0      1200000            0     165273.6          5958381
           0      2400000            0     190938.3          6284477
           0      3600000            0     181429.1          6044059
           0      4800000            0     173979.2          6223418
           0      6000000            0     139288.0          6384560
           0      7200000            0     163000.4          6520083
           1      8400000            0      57799.2          5388544
           1      9600000            0      66461.6          5552969
           2     10800000            0      49593.5          5163675
           2     12000000            0      57672.1          4889398
      
      After this change:
      
      FSUse%        Count         Size    Files/sec            App Overhead
           0      1200000            0     167987.3 (+1.6%)         6272730
           0      2400000            0     198563.9 (+4.0%)         6048847
           0      3600000            0     197436.6 (+8.8%)         6163637
           0      4800000            0     202880.7 (+16.6%)        6371771
           1      6000000            0     167275.9 (+20.1%)        6556733
           1      7200000            0     204051.2 (+25.2%)        6817091
           1      8400000            0      69622.8 (+20.5%)        5525675
           1      9600000            0      69384.5 (+4.4%)         5700723
           1     10800000            0      61454.1 (+23.9%)        5363754
           3     12000000            0      61908.7 (+7.3%)         5370196
      Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      e2e58d0f
    • Filipe Manana's avatar
      btrfs: allow generic_bin_search() to take low boundary as an argument · fb81212c
      Filipe Manana authored
      Right now generic_bin_search() always uses a low boundary slot of 0, but
      in the next patch we'll want to often skip slot 0 when searching for a
      key. So make generic_bin_search() have the low boundary slot specified
      as an argument, and move the check for the extent buffer level from
      btrfs_bin_search() to generic_bin_search() to avoid adding another
      wrapper around generic_bin_search().
      Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      fb81212c
    • Josef Bacik's avatar
      btrfs: check the root node for uptodate before returning it · 120de408
      Josef Bacik authored
      Now that we clear the extent buffer uptodate if we fail to write it out
      we need to check to see if our root node is uptodate before we search
      down it.  Otherwise we could return stale data (or potentially corrupt
      data that was caught by the write verification step) and think that the
      path is OK to search down.
      
      CC: stable@vger.kernel.org # 5.4+
      Reviewed-by: default avatarNikolay Borisov <nborisov@suse.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      120de408
    • Nikolay Borisov's avatar
      btrfs: allow device add if balance is paused · a174c0a2
      Nikolay Borisov authored
      Currently paused balance precludes adding a device since they are both
      considered exclusive ops and we can have at most one running at a time.
      This is problematic in case a filesystem encounters an ENOSPC situation
      while balance is running, in this case the only thing the user can do
      is mount the fs with "skip_balance" which pauses balance and delete some
      data to free up space for balance. However, it should be possible to add
      a new device when balance is paused.
      
      Fix this by allowing device add to proceed when balance is paused.
      Signed-off-by: default avatarNikolay Borisov <nborisov@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      a174c0a2
    • Nikolay Borisov's avatar
      btrfs: make device add compatible with paused balance in btrfs_exclop_start_try_lock · 621a1ee1
      Nikolay Borisov authored
      This is needed to enable device add to work in cases when a file system
      has been mounted with 'skip_balance' mount option.
      Signed-off-by: default avatarNikolay Borisov <nborisov@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      621a1ee1
    • Nikolay Borisov's avatar
      btrfs: introduce exclusive operation BALANCE_PAUSED state · efc0e69c
      Nikolay Borisov authored
      Current set of exclusive operation states is not sufficient to handle
      all practical use cases. In particular there is a need to be able to add
      a device to a filesystem that have paused balance. Currently there is no
      way to distinguish between a running and a paused balance. Fix this by
      introducing BTRFS_EXCLOP_BALANCE_PAUSED which is going to be set in 2
      occasions:
      
      1. When a filesystem is mounted with skip_balance and there is an
         unfinished balance it will now be into BALANCE_PAUSED instead of
         simply BALANCE state.
      
      2. When a running balance is paused.
      Signed-off-by: default avatarNikolay Borisov <nborisov@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      efc0e69c
    • Filipe Manana's avatar
      btrfs: make send work with concurrent block group relocation · d96b3424
      Filipe Manana authored
      We don't allow send and balance/relocation to run in parallel in order
      to prevent send failing or silently producing some bad stream. This is
      because while send is using an extent (specially metadata) or about to
      read a metadata extent and expecting it belongs to a specific parent
      node, relocation can run, the transaction used for the relocation is
      committed and the extent gets reallocated while send is still using the
      extent, so it ends up with a different content than expected. This can
      result in just failing to read a metadata extent due to failure of the
      validation checks (parent transid, level, etc), failure to find a
      backreference for a data extent, and other unexpected failures. Besides
      reallocation, there's also a similar problem of an extent getting
      discarded when it's unpinned after the transaction used for block group
      relocation is committed.
      
      The restriction between balance and send was added in commit 9e967495
      ("Btrfs: prevent send failures and crashes due to concurrent relocation"),
      kernel 5.3, while the more general restriction between send and relocation
      was added in commit 1cea5cf0 ("btrfs: ensure relocation never runs
      while we have send operations running"), kernel 5.14.
      
      Both send and relocation can be very long running operations. Relocation
      because it has to do a lot of IO and expensive backreference lookups in
      case there are many snapshots, and send due to read IO when operating on
      very large trees. This makes it inconvenient for users and tools to deal
      with scheduling both operations.
      
      For zoned filesystem we also have automatic block group relocation, so
      send can fail with -EAGAIN when users least expect it or send can end up
      delaying the block group relocation for too long. In the future we might
      also get the automatic block group relocation for non zoned filesystems.
      
      This change makes it possible for send and relocation to run in parallel.
      This is achieved the following way:
      
      1) For all tree searches, send acquires a read lock on the commit root
         semaphore;
      
      2) After each tree search, and before releasing the commit root semaphore,
         the leaf is cloned and placed in the search path (struct btrfs_path);
      
      3) After releasing the commit root semaphore, the changed_cb() callback
         is invoked, which operates on the leaf and writes commands to the pipe
         (or file in case send/receive is not used with a pipe). It's important
         here to not hold a lock on the commit root semaphore, because if we did
         we could deadlock when sending and receiving to the same filesystem
         using a pipe - the send task blocks on the pipe because it's full, the
         receive task, which is the only consumer of the pipe, triggers a
         transaction commit when attempting to create a subvolume or reserve
         space for a write operation for example, but the transaction commit
         blocks trying to write lock the commit root semaphore, resulting in a
         deadlock;
      
      4) Before moving to the next key, or advancing to the next change in case
         of an incremental send, check if a transaction used for relocation was
         committed (or is about to finish its commit). If so, release the search
         path(s) and restart the search, to where we were before, so that we
         don't operate on stale extent buffers. The search restarts are always
         possible because both the send and parent roots are RO, and no one can
         add, remove of update keys (change their offset) in RO trees - the
         only exception is deduplication, but that is still not allowed to run
         in parallel with send;
      
      5) Periodically check if there is contention on the commit root semaphore,
         which means there is a transaction commit trying to write lock it, and
         release the semaphore and reschedule if there is contention, so as to
         avoid causing any significant delays to transaction commits.
      
      This leaves some room for optimizations for send to have less path
      releases and re searching the trees when there's relocation running, but
      for now it's kept simple as it performs quite well (on very large trees
      with resulting send streams in the order of a few hundred gigabytes).
      
      Test case btrfs/187, from fstests, stresses relocation, send and
      deduplication attempting to run in parallel, but without verifying if send
      succeeds and if it produces correct streams. A new test case will be added
      that exercises relocation happening in parallel with send and then checks
      that send succeeds and the resulting streams are correct.
      
      A final note is that for now this still leaves the mutual exclusion
      between send operations and deduplication on files belonging to a root
      used by send operations. A solution for that will be slightly more complex
      but it will eventually be built on top of this change.
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      d96b3424
  2. 03 Jan, 2022 12 commits