ext4: serialize unaligned asynchronous DIO

ext4 has a data corruption case when doing non-block-aligned asynchronous direct IO into a sparse file, as demonstrated by xfstest 240. The root cause is that while ext4 preallocates space in the hole, mappings of that space still look "new" and dio_zero_block() will zero out the unwritten portions. When more than one AIO thread is going, they both find this "new" block and race to zero out their portion; this is uncoordinated and causes data corruption. Dave Chinner fixed this for xfs by simply serializing all unaligned asynchronous direct IO. I've done the same here. The difference is that we only wait on conversions, not all IO. This is a very big hammer, and I'm not very pleased with stuffing this into ext4_file_write(). But since ext4 is DIO_LOCKING, we need to serialize it at this high level. I tried to move this into ext4_ext_direct_IO, but by then we have the i_mutex already, and we will wait on the work queue to do conversions - which must also take the i_mutex. So that won't work. This was originally exposed by qemu-kvm installing to a raw disk image with a normal sector-63 alignment. I've tested a backport of this patch with qemu, and it does avoid the corruption. It is also quite a lot slower (14 min for package installs, vs. 8 min for well-aligned) but I'll take slow correctness over fast corruption any day. Mingming suggested that we can track outstanding conversions, and wait on those so that non-sparse files won't be affected, and I've implemented that here; unaligned AIO to nonsparse files won't take a perf hit. [tytso@mit.edu: Keep the mutex as a hashed array instead of bloating the ext4 inode] [tytso@mit.edu: Fix up namespace issues so that global variables are protected with an "ext4_" prefix.] Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
author: Eric Sandeen <sandeen@redhat.com> 2011-02-12 08:17:34 -0500
committer: Theodore Ts'o <tytso@mit.edu> 2011-02-12 08:17:34 -0500
commit: e9e3bcecf44c04b9e6b505fd8e2eb9cea58fb94d (patch)
tree: 9f347a48889a00071dbe1f12be4c50ec7a45542b /fs/ext4/file.c
parent: 2892c15ddda6a76dc10b7499e56c0f3b892e5a69 (diff)
1 files changed, 59 insertions, 1 deletions
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index 2e8322c8aa88..7b80d543b89e 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -55,11 +55,47 @@ static int ext4_release_file(struct inode *inode, struct file *filp)
        return 0;
 }
+static void ext4_aiodio_wait(struct inode *inode)
+{
+        wait_queue_head_t *wq = ext4_ioend_wq(inode);
+        wait_event(*wq, (atomic_read(&EXT4_I(inode)->i_aiodio_unwritten) == 0));
+}
+/*
+ * This tests whether the IO in question is block-aligned or not.
+ * Ext4 utilizes unwritten extents when hole-filling during direct IO, and they
+ * are converted to written only after the IO is complete.  Until they are
+ * mapped, these blocks appear as holes, so dio_zero_block() will assume that
+ * it needs to zero out portions of the start and/or end block.  If 2 AIO
+ * threads are at work on the same unwritten block, they must be synchronized
+ * or one thread will zero the other's data, causing corruption.
+ */
+static int
+ext4_unaligned_aio(struct inode *inode, const struct iovec *iov,
+                   unsigned long nr_segs, loff_t pos)
+{
+        struct super_block *sb = inode->i_sb;
+        int blockmask = sb->s_blocksize - 1;
+        size_t count = iov_length(iov, nr_segs);
+        loff_t final_size = pos + count;
+        if (pos >= inode->i_size)
+                return 0;
+        if ((pos & blockmask) || (final_size & blockmask))
+                return 1;
+        return 0;
+}
 static ssize_t
 ext4_file_write(struct kiocb *iocb, const struct iovec *iov,
                unsigned long nr_segs, loff_t pos)
 {
        struct inode *inode = iocb->ki_filp->f_path.dentry->d_inode;
+        int unaligned_aio = 0;
+        int ret;
        /*
         * If we have encountered a bitmap-format file, the size limit
@@ -78,9 +114,31 @@ ext4_file_write(struct kiocb *iocb, const struct iovec *iov,
                        nr_segs = iov_shorten((struct iovec *)iov, nr_segs,
                                              sbi->s_bitmap_maxbytes - pos);
                }
+        } else if (unlikely((iocb->ki_filp->f_flags & O_DIRECT) &&
+                   !is_sync_kiocb(iocb))) {
+                unaligned_aio = ext4_unaligned_aio(inode, iov, nr_segs, pos);
        }
-        return generic_file_aio_write(iocb, iov, nr_segs, pos);
+        /* Unaligned direct AIO must be serialized; see comment above */
+        if (unaligned_aio) {
+                static unsigned long unaligned_warn_time;
+                /* Warn about this once per day */
+                if (printk_timed_ratelimit(&unaligned_warn_time, 60*60*24*HZ))
+                        ext4_msg(inode->i_sb, KERN_WARNING,
+                                 "Unaligned AIO/DIO on inode %ld by %s; "
+                                 "performance will be poor.",
+                                 inode->i_ino, current->comm);
+                mutex_lock(ext4_aio_mutex(inode));
+                ext4_aiodio_wait(inode);
+        }
+        ret = generic_file_aio_write(iocb, iov, nr_segs, pos);
+        if (unaligned_aio)
+                mutex_unlock(ext4_aio_mutex(inode));
+        return ret;
 }
 static const struct vm_operations_struct ext4_file_vm_ops = {
author	Eric Sandeen <sandeen@redhat.com>	2011-02-12 08:17:34 -0500
committer	Theodore Ts'o <tytso@mit.edu>	2011-02-12 08:17:34 -0500
commit	e9e3bcecf44c04b9e6b505fd8e2eb9cea58fb94d (patch)
tree	9f347a48889a00071dbe1f12be4c50ec7a45542b /fs/ext4/file.c
parent	2892c15ddda6a76dc10b7499e56c0f3b892e5a69 (diff)

diff --git a/fs/ext4/file.c b/fs/ext4/file.c index 2e8322c8aa88..7b80d543b89e 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c
@@ -55,11 +55,47 @@ static int ext4_release_file(struct inode inode, struct file filp)
55	return 0;	55	return 0;
56	}	56	}
57		57
		58	static void ext4_aiodio_wait(struct inode *inode)
		59	{
		60	wait_queue_head_t *wq = ext4_ioend_wq(inode);
		61
		62	wait_event(*wq, (atomic_read(&EXT4_I(inode)->i_aiodio_unwritten) == 0));
		63	}
		64
		65	/*
		66	* This tests whether the IO in question is block-aligned or not.
		67	* Ext4 utilizes unwritten extents when hole-filling during direct IO, and they
		68	* are converted to written only after the IO is complete. Until they are
		69	* mapped, these blocks appear as holes, so dio_zero_block() will assume that
		70	* it needs to zero out portions of the start and/or end block. If 2 AIO
		71	* threads are at work on the same unwritten block, they must be synchronized
		72	* or one thread will zero the other's data, causing corruption.
		73	*/
		74	static int
		75	ext4_unaligned_aio(struct inode inode, const struct iovec iov,
		76	unsigned long nr_segs, loff_t pos)
		77	{
		78	struct super_block *sb = inode->i_sb;
		79	int blockmask = sb->s_blocksize - 1;
		80	size_t count = iov_length(iov, nr_segs);
		81	loff_t final_size = pos + count;
		82
		83	if (pos >= inode->i_size)
		84	return 0;
		85
		86	if ((pos & blockmask) \|\| (final_size & blockmask))
		87	return 1;
		88
		89	return 0;
		90	}
		91
58	static ssize_t	92	static ssize_t
59	ext4_file_write(struct kiocb iocb, const struct iovec iov,	93	ext4_file_write(struct kiocb iocb, const struct iovec iov,
60	unsigned long nr_segs, loff_t pos)	94	unsigned long nr_segs, loff_t pos)
61	{	95	{
62	struct inode *inode = iocb->ki_filp->f_path.dentry->d_inode;	96	struct inode *inode = iocb->ki_filp->f_path.dentry->d_inode;
		97	int unaligned_aio = 0;
		98	int ret;
63		99
64	/*	100	/*
65	* If we have encountered a bitmap-format file, the size limit	101	* If we have encountered a bitmap-format file, the size limit
@@ -78,9 +114,31 @@ ext4_file_write(struct kiocb iocb, const struct iovec iov,
78	nr_segs = iov_shorten((struct iovec *)iov, nr_segs,	114	nr_segs = iov_shorten((struct iovec *)iov, nr_segs,
79	sbi->s_bitmap_maxbytes - pos);	115	sbi->s_bitmap_maxbytes - pos);
80	}	116	}
		117	} else if (unlikely((iocb->ki_filp->f_flags & O_DIRECT) &&
		118	!is_sync_kiocb(iocb))) {
		119	unaligned_aio = ext4_unaligned_aio(inode, iov, nr_segs, pos);
81	}	120	}
82		121
83	return generic_file_aio_write(iocb, iov, nr_segs, pos);	122	/* Unaligned direct AIO must be serialized; see comment above */
		123	if (unaligned_aio) {
		124	static unsigned long unaligned_warn_time;
		125
		126	/* Warn about this once per day */
		127	if (printk_timed_ratelimit(&unaligned_warn_time, 606024*HZ))
		128	ext4_msg(inode->i_sb, KERN_WARNING,
		129	"Unaligned AIO/DIO on inode %ld by %s; "
		130	"performance will be poor.",
		131	inode->i_ino, current->comm);
		132	mutex_lock(ext4_aio_mutex(inode));
		133	ext4_aiodio_wait(inode);
		134	}
		135
		136	ret = generic_file_aio_write(iocb, iov, nr_segs, pos);
		137
		138	if (unaligned_aio)
		139	mutex_unlock(ext4_aio_mutex(inode));
		140
		141	return ret;
84	}	142	}
85		143
86	static const struct vm_operations_struct ext4_file_vm_ops = {	144	static const struct vm_operations_struct ext4_file_vm_ops = {