[Top] [All Lists]

Re: [PATCH 1/6] Extend completions to provide XFS object flush requireme

To: Matthew Wilcox <matthew@xxxxxx>
Subject: Re: [PATCH 1/6] Extend completions to provide XFS object flush requirements
From: Dave Chinner <david@xxxxxxxxxxxxx>
Date: Thu, 26 Jun 2008 22:21:12 +1000
Cc: xfs@xxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
In-reply-to: <20080626114242.GX4392@xxxxxxxxxxxxxxxx>
Mail-followup-to: Matthew Wilcox <matthew@xxxxxx>, xfs@xxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
References: <1214455277-6387-1-git-send-email-david@xxxxxxxxxxxxx> <1214455277-6387-2-git-send-email-david@xxxxxxxxxxxxx> <20080626112612.GW4392@xxxxxxxxxxxxxxxx> <20080626113209.GK11558@disturbed> <20080626114242.GX4392@xxxxxxxxxxxxxxxx>
Sender: xfs-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.17+20080114 (2008-01-14)
On Thu, Jun 26, 2008 at 05:42:42AM -0600, Matthew Wilcox wrote:
> On Thu, Jun 26, 2008 at 09:32:09PM +1000, Dave Chinner wrote:
> > On Thu, Jun 26, 2008 at 05:26:12AM -0600, Matthew Wilcox wrote:
> > > On Thu, Jun 26, 2008 at 02:41:12PM +1000, Dave Chinner wrote:
> > > > XFS object flushing doesn't quite match existing completion semantics.  
> > > > It
> > > > mixed exclusive access with completion. That is, we need to mark an 
> > > > object as
> > > > being flushed before flushing it to disk, and then block any other 
> > > > attempt to
> > > > flush it until the completion occurs.
> > > 
> > > This sounds like mutex semantics.  Why are the existing mutexes not
> > > appropriate for your needs?
> > 
> > Different threads doing wait and complete.
> Then let's leave it as a semaphore.  You can get rid of the sema_t if
> you like, but I don't think that turning completions into semaphores is
> a good idea (because it's confusing).

So remind me what the point of the semaphore removal tree is again?

As Christoph suggested, I can put this under another API that
is implemented using completions. If I have to do that in XFS,
so be it....

The main reason for this that we've just uncovered the fact that the
way XFS uses semaphores is completely unsafe [*] on x86/x86_64 for
kernels prior to the new generic semaphores.

[*] 2.6.20 panics in up() because of this race when I/O completion
(the up call) races with a simultaneous down() (iowaiter):

        T1              T2
        up()            down()

When the down() call completes, the up() call can still be
referencing the semaphore, and hence if we free the structure after
the down call then the up() will reference freed memory.  This is
probably the cause of many unexplained log replay or unmount panics
that we've been hitting for years with buffers that been freed while
apparently still in use....

Hence I'd prefer just to move completely away from semaphores for
this flush interface.  I'd like to start with getting the upstream
code fixed in a sane manner so all the backports to older kernels
start from the same series of commits.


Dave Chinner

<Prev in Thread] Current Thread [Next in Thread>