[PATCH v2 2/4] block: introduce del_gendisk_queue()
Dave Chinner
david at fromorbit.com
Thu Jan 7 18:15:44 CST 2016
On Tue, Jan 05, 2016 at 08:56:27PM -0800, Dan Williams wrote:
> Historically we have waited for filesystem specific heuristics to
> attempt to guess when a block device is gone. Sometimes this works, but
> in other cases the system can hang waiting for the fs to trigger its
> shutdown protocol.
>
> The initial motivation for this investigation was to prevent DAX
> mappings (direct mmap access to persistent memory) from leaking past the
> lifetime of the hosting block device. However, Dave points out that
> these shutdown operations are needed in other scenarios. Quoting Dave:
>
> For example, if we detect a free space corruption during allocation,
> it is not safe to trust *any active mapping* because we can't trust
> that we having handed out the same block to multiple owners. Hence
> on such a filesystem shutdown, we have to prevent any new DAX
> mapping from occurring and invalidate all existing mappings as we
> cannot allow userspace to modify any data or metadata until we've
> resolved the corruption situation.
>
> The current block device shutdown sequence of del_gendisk +
> blk_cleanup_queue is problematic. We want to tell the fs after
> blk_cleanup_queue that there is no possibility of recovery, but by that
> time we have deleted partitions and lost the ability to find all the
> super-blocks on a block device.
>
> del_gendisk_queue() combines block device shutdown, blk_cleanup_queue(),
> with block device end of life notification, del_gendisk(). A later
> patch builds on this sequence to additionally communicate to the fs that
> it should force-fail all future i/o since the queue is permanently dead.
This still is two changes in one. Adding the force failure feature
is a separate change to creating del_gendisk_queue().
Cheers,
Dave.
--
Dave Chinner
david at fromorbit.com
More information about the xfs
mailing list