xfs: force the log before shutting down

When we have marked the filesystem for shutdown, we want to prevent any further buffer IO from being submitted. However, we currently force the log after marking the filesystem as shut down, hence allowing IO to the log *after* we have marked both the filesystem and the log as in an error state. Clean this up by forcing the log before we mark the filesytem with an error. This replaces the pure CIL flush that we currently have which works around this same issue (i.e the CIL can't be flushed once the shutdown flags are set) and hence enables us to clean up the logic substantially. Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Dave Chinner <david@fromorbit.com>
author: Dave Chinner <dchinner@redhat.com> 2014-10-01 19:02:28 -0400
committer: Dave Chinner <david@fromorbit.com> 2014-10-01 19:02:28 -0400
commit: a870fe6dfaba1cc67424cde4cfd2cd3eee62bf35 (patch)
tree: 251fac0a8479c93c91f4c687668948078483c856 /fs/xfs
parent: 52addcf9d6669fa439387610bc65c92fa0980cef (diff)
1 files changed, 17 insertions, 38 deletions
diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c
index ca4fd5bd8522..85f36f212641 100644
--- a/fs/xfs/xfs_log.c
+++ b/fs/xfs/xfs_log.c
@@ -3867,18 +3867,17 @@ xlog_state_ioerror(
 * This is called from xfs_force_shutdown, when we're forcibly
 * shutting down the filesystem, typically because of an IO error.
 * Our main objectives here are to make sure that:
- *      a. the filesystem gets marked 'SHUTDOWN' for all interested
+ *      a. if !logerror, flush the logs to disk. Anything modified
+ *         after this is ignored.
+ *      b. the filesystem gets marked 'SHUTDOWN' for all interested
 *         parties to find out, 'atomically'.
- *      b. those who're sleeping on log reservations, pinned objects and
+ *      c. those who're sleeping on log reservations, pinned objects and
 *          other resources get woken up, and be told the bad news.
- *      c. nothing new gets queued up after (a) and (b) are done.
+ *      d. nothing new gets queued up after (b) and (c) are done.
- *      d. if !logerror, flush the iclogs to disk, then seal them off
- *         for business.
 *
- * Note: for delayed logging the !logerror case needs to flush the regions
+ * Note: for the !logerror case we need to flush the regions held in memory out
- * held in memory out to the iclogs before flushing them to disk. This needs
+ * to disk first. This needs to be done before the log is marked as shutdown,
- * to be done before the log is marked as shutdown, otherwise the flush to the
+ * otherwise the iclog writes will fail.
- * iclogs will fail.
 */
 int
 xfs_log_force_umount(
@@ -3910,16 +3909,16 @@ xfs_log_force_umount(
                ASSERT(XLOG_FORCED_SHUTDOWN(log));
                return 1;
        }
-        retval = 0;
        /*
-         * Flush the in memory commit item list before marking the log as
+         * Flush all the completed transactions to disk before marking the log
-         * being shut down. We need to do it in this order to ensure all the
+         * being shut down. We need to do it in this order to ensure that
-         * completed transactions are flushed to disk with the xfs_log_force()
+         * completed operations are safely on disk before we shut down, and that
-         * call below.
+         * we don't have to issue any buffer IO after the shutdown flags are set
+         * to guarantee this.
         */
        if (!logerror)
-                xlog_cil_force(log);
+                _xfs_log_force(mp, XFS_LOG_SYNC, NULL);
        /*
         * mark the filesystem and the as in a shutdown state and wake
@@ -3931,18 +3930,11 @@ xfs_log_force_umount(
                XFS_BUF_DONE(mp->m_sb_bp);
        /*
-         * This flag is sort of redundant because of the mount flag, but
+         * Mark the log and the iclogs with IO error flags to prevent any
-         * it's good to maintain the separation between the log and the rest
+         * further log IO from being issued or completed.
-         * of XFS.
         */
        log->l_flags |= XLOG_IO_ERROR;
+        retval = xlog_state_ioerror(log);
-        /*
-         * If we hit a log error, we want to mark all the iclogs IOERROR
-         * while we're still holding the loglock.
-         */
-        if (logerror)
-                retval = xlog_state_ioerror(log);
        spin_unlock(&log->l_icloglock);
        /*
@@ -3955,19 +3947,6 @@ xfs_log_force_umount(
        xlog_grant_head_wake_all(&log->l_reserve_head);
        xlog_grant_head_wake_all(&log->l_write_head);
-        if (!(log->l_iclog->ic_state & XLOG_STATE_IOERROR)) {
-                ASSERT(!logerror);
-                /*
-                 * Force the incore logs to disk before shutting the
-                 * log down completely.
-                 */
-                _xfs_log_force(mp, XFS_LOG_SYNC, NULL);
-                spin_lock(&log->l_icloglock);
-                retval = xlog_state_ioerror(log);
-                spin_unlock(&log->l_icloglock);
-        }
        /*
         * Wake up everybody waiting on xfs_log_force. Wake the CIL push first
         * as if the log writes were completed. The abort handling in the log
author	Dave Chinner <dchinner@redhat.com>	2014-10-01 19:02:28 -0400
committer	Dave Chinner <david@fromorbit.com>	2014-10-01 19:02:28 -0400
commit	a870fe6dfaba1cc67424cde4cfd2cd3eee62bf35 (patch)
tree	251fac0a8479c93c91f4c687668948078483c856 /fs/xfs
parent	52addcf9d6669fa439387610bc65c92fa0980cef (diff)

diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c index ca4fd5bd8522..85f36f212641 100644 --- a/fs/xfs/xfs_log.c +++ b/fs/xfs/xfs_log.c
@@ -3867,18 +3867,17 @@ xlog_state_ioerror(
3867	* This is called from xfs_force_shutdown, when we're forcibly	3867	* This is called from xfs_force_shutdown, when we're forcibly
3868	* shutting down the filesystem, typically because of an IO error.	3868	* shutting down the filesystem, typically because of an IO error.
3869	* Our main objectives here are to make sure that:	3869	* Our main objectives here are to make sure that:
3870	* a. the filesystem gets marked 'SHUTDOWN' for all interested	3870	* a. if !logerror, flush the logs to disk. Anything modified
		3871	* after this is ignored.
		3872	* b. the filesystem gets marked 'SHUTDOWN' for all interested
3871	* parties to find out, 'atomically'.	3873	* parties to find out, 'atomically'.
3872	* b. those who're sleeping on log reservations, pinned objects and	3874	* c. those who're sleeping on log reservations, pinned objects and
3873	* other resources get woken up, and be told the bad news.	3875	* other resources get woken up, and be told the bad news.
3874	* c. nothing new gets queued up after (a) and (b) are done.	3876	* d. nothing new gets queued up after (b) and (c) are done.
3875	* d. if !logerror, flush the iclogs to disk, then seal them off
3876	* for business.
3877	*	3877	*
3878	* Note: for delayed logging the !logerror case needs to flush the regions	3878	* Note: for the !logerror case we need to flush the regions held in memory out
3879	* held in memory out to the iclogs before flushing them to disk. This needs	3879	* to disk first. This needs to be done before the log is marked as shutdown,
3880	* to be done before the log is marked as shutdown, otherwise the flush to the	3880	* otherwise the iclog writes will fail.
3881	* iclogs will fail.
3882	*/	3881	*/
3883	int	3882	int
3884	xfs_log_force_umount(	3883	xfs_log_force_umount(
@@ -3910,16 +3909,16 @@ xfs_log_force_umount(
3910	ASSERT(XLOG_FORCED_SHUTDOWN(log));	3909	ASSERT(XLOG_FORCED_SHUTDOWN(log));
3911	return 1;	3910	return 1;
3912	}	3911	}
3913	retval = 0;
3914		3912
3915	/*	3913	/*
3916	* Flush the in memory commit item list before marking the log as	3914	* Flush all the completed transactions to disk before marking the log
3917	* being shut down. We need to do it in this order to ensure all the	3915	* being shut down. We need to do it in this order to ensure that
3918	* completed transactions are flushed to disk with the xfs_log_force()	3916	* completed operations are safely on disk before we shut down, and that
3919	* call below.	3917	* we don't have to issue any buffer IO after the shutdown flags are set
		3918	* to guarantee this.
3920	*/	3919	*/
3921	if (!logerror)	3920	if (!logerror)
3922	xlog_cil_force(log);	3921	_xfs_log_force(mp, XFS_LOG_SYNC, NULL);
3923		3922
3924	/*	3923	/*
3925	* mark the filesystem and the as in a shutdown state and wake	3924	* mark the filesystem and the as in a shutdown state and wake
@@ -3931,18 +3930,11 @@ xfs_log_force_umount(
3931	XFS_BUF_DONE(mp->m_sb_bp);	3930	XFS_BUF_DONE(mp->m_sb_bp);
3932		3931
3933	/*	3932	/*
3934	* This flag is sort of redundant because of the mount flag, but	3933	* Mark the log and the iclogs with IO error flags to prevent any
3935	* it's good to maintain the separation between the log and the rest	3934	* further log IO from being issued or completed.
3936	* of XFS.
3937	*/	3935	*/
3938	log->l_flags \|= XLOG_IO_ERROR;	3936	log->l_flags \|= XLOG_IO_ERROR;
3939		3937	retval = xlog_state_ioerror(log);
3940	/*
3941	* If we hit a log error, we want to mark all the iclogs IOERROR
3942	* while we're still holding the loglock.
3943	*/
3944	if (logerror)
3945	retval = xlog_state_ioerror(log);
3946	spin_unlock(&log->l_icloglock);	3938	spin_unlock(&log->l_icloglock);
3947		3939
3948	/*	3940	/*
@@ -3955,19 +3947,6 @@ xfs_log_force_umount(
3955	xlog_grant_head_wake_all(&log->l_reserve_head);	3947	xlog_grant_head_wake_all(&log->l_reserve_head);
3956	xlog_grant_head_wake_all(&log->l_write_head);	3948	xlog_grant_head_wake_all(&log->l_write_head);
3957		3949
3958	if (!(log->l_iclog->ic_state & XLOG_STATE_IOERROR)) {
3959	ASSERT(!logerror);
3960	/*
3961	* Force the incore logs to disk before shutting the
3962	* log down completely.
3963	*/
3964	_xfs_log_force(mp, XFS_LOG_SYNC, NULL);
3965
3966	spin_lock(&log->l_icloglock);
3967	retval = xlog_state_ioerror(log);
3968	spin_unlock(&log->l_icloglock);
3969	}
3970
3971	/*	3950	/*
3972	* Wake up everybody waiting on xfs_log_force. Wake the CIL push first	3951	* Wake up everybody waiting on xfs_log_force. Wake the CIL push first
3973	* as if the log writes were completed. The abort handling in the log	3952	* as if the log writes were completed. The abort handling in the log