| blob | 78bac00c0a8048f556a2597f3b04e30dc59c0354 |
1 /*
2 * Copyright (c) 2007-2008 The DragonFly Project. All rights reserved.
3 *
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $DragonFly: src/sys/vfs/hammer/hammer_inode.c,v 1.114 2008/09/24 00:53:51 dillon Exp $
35 */
38 #include <vm/vm_extern.h>
45 #if 0
47 #endif
49 hammer_flush_group_t flg);
54 pid_t pid);
56 #ifdef DEBUG_TRUNCATE
58 #endif
60 /*
61 * RB-Tree support for inode structures
62 */
63 int
65 {
79 }
81 int
83 {
89 }
91 /*
92 * RB-Tree support for inode structures / special LOOKUP_INFO
93 */
94 static int
96 {
110 }
112 /*
113 * Used by hammer_scan_inode_snapshots() to locate all of an object's
114 * snapshots. Note that the asof field is not tested, which we can get
115 * away with because it is the lowest-priority field.
116 */
117 static int
119 {
131 }
133 /*
134 * Used by hammer_unload_pseudofs() to locate all inodes associated with
135 * a particular PFS.
136 */
137 static int
139 {
146 }
148 /*
149 * RB-Tree support for pseudofs structures
150 */
151 static int
153 {
159 }
168 /*
169 * The kernel is not actively referencing this vnode but is still holding
170 * it cached.
171 *
172 * This is called from the frontend.
173 *
174 * MPALMOSTSAFE
175 */
176 int
178 {
181 /*
182 * Degenerate case
183 */
187 }
189 /*
190 * If the inode no longer has visibility in the filesystem try to
191 * recycle it immediately, even if the inode is dirty. Recycling
192 * it quickly allows the system to reclaim buffer cache and VM
193 * resources which can matter a lot in a heavily loaded system.
194 *
195 * This can deadlock in vfsync() if we aren't careful.
196 *
197 * Do not queue the inode to the flusher if we still have visibility,
198 * otherwise namespace calls such as chmod will unnecessarily generate
199 * multiple inode updates.
200 */
208 }
210 }
212 /*
213 * Release the vnode association. This is typically (but not always)
214 * the last reference on the inode.
215 *
216 * Once the association is lost we are on our own with regards to
217 * flushing the inode.
218 *
219 * We must interlock ip->vp so hammer_get_vnode() can avoid races.
220 */
221 int
223 {
225 hammer_mount_t hmp;
240 }
243 }
245 }
247 /*
248 * Return a locked vnode for the specified inode. The inode must be
249 * referenced but NOT LOCKED on entry and will remain referenced on
250 * return.
251 *
252 * Called from the frontend.
253 */
254 int
256 {
257 hammer_mount_t hmp;
260 u_int8_t obj_type;
276 }
300 }
302 /*
303 * Only mark as the root vnode if the ip is not
304 * historical, otherwise the VFS cache will get
305 * confused. The other half of the special handling
306 * is in hammer_vop_nlookupdotdot().
307 *
308 * Pseudo-filesystem roots can be accessed via
309 * non-root filesystem paths and setting VROOT may
310 * confuse the namecache. Set VPFSROOT instead.
311 */
316 else
318 }
321 /* vnode locked by getnewvnode() */
322 /* make related vnode dirty if inode dirty? */
328 }
330 }
332 /*
333 * Interlock vnode clearing. This does not prevent the
334 * vnode from going into a reclaimed state but it does
335 * prevent it from being destroyed or reused so the vget()
336 * will properly fail.
337 */
342 }
346 /*
347 * loop if the vget fails (aka races), or if the vp
348 * no longer matches ip->vp.
349 */
354 }
356 }
358 }
361 }
363 /*
364 * Locate all copies of the inode for obj_id compatible with the specified
365 * asof, reference, and issue the related call-back. This routine is used
366 * for direct-io invalidation and does not create any new inodes.
367 */
368 void
372 {
374 hammer_inode_info_cmp_all_history,
376 }
378 /*
379 * Acquire a HAMMER inode. The returned inode is not locked. These functions
380 * do not attach or detach the related vnode (use hammer_get_vnode() for
381 * that).
382 *
383 * The flags argument is only applied for newly created inodes, and only
384 * certain flags are inherited.
385 *
386 * Called from the frontend.
387 */
392 {
400 /*
401 * Determine if we already have an inode cached. If we do then
402 * we are golden.
403 *
404 * If we find an inode with no vnode we have to mark the
405 * transaction such that hammer_inode_waitreclaims() is
406 * called later on to avoid building up an infinite number
407 * of inodes. Otherwise we can continue to * add new inodes
408 * faster then they can be disposed of, even with the tsleep
409 * delay.
410 *
411 * If we find a dummy inode we return a failure so dounlink
412 * (which does another lookup) doesn't try to mess with the
413 * link count. hammer_vop_nresolve() uses hammer_get_dummy_inode()
414 * to ref dummy inodes.
415 */
419 loop:
425 }
429 }
431 /*
432 * Allocate a new inode structure and deal with races later.
433 */
454 /*
455 * Locate the on-disk inode. If this is a PFS root we always
456 * access the current version of the root inode and (if it is not
457 * a master) always access information under it with a snapshot
458 * TID.
459 *
460 * We cache recent inode lookups in this directory in dip->cache[2].
461 * If we can't find it we assume the inode we are looking for is
462 * close to the directory inode.
463 */
464 retry:
469 else
471 }
483 HAMMER_CURSOR_ASOF;
489 }
491 /*
492 * On success the B-Tree lookup will hold the appropriate
493 * buffer cache buffers and provide a pointer to the requested
494 * information. Copy the information to the in-memory inode
495 * and cache the B-Tree node to improve future operations.
496 */
501 /*
502 * cache[0] tries to cache the location of the object inode.
503 * The assumption is that it is near the directory inode.
504 *
505 * cache[1] tries to cache the location of the object data.
506 * We might have something in the governing directory from
507 * scan optimizations (see the strategy code in
508 * hammer_vnops.c).
509 *
510 * We update dip->cache[2], if possible, with the location
511 * of the object inode for future directory shortcuts.
512 */
518 }
520 }
522 /*
523 * The file should not contain any data past the file size
524 * stored in the inode. Setting save_trunc_off to the
525 * file size instead of max reduces B-Tree lookup overheads
526 * on append by allowing the flusher to avoid checking for
527 * record overwrites.
528 */
531 /*
532 * Locate and assign the pseudofs management structure to
533 * the inode.
534 */
541 errorp);
543 }
544 }
546 /*
547 * The inode is placed on the red-black tree and will be synced to
548 * the media when flushed or by the filesystem sync. If this races
549 * another instantiation/lookup the insertion will fail.
550 */
556 }
562 }
566 }
569 /*
570 * NEWINODE is only set if the inode becomes dirty later,
571 * setting it here just leads to unnecessary stalls.
572 *
573 * trans->flags |= HAMMER_TRANSF_NEWINODE;
574 */
576 }
578 /*
579 * Get a dummy inode to placemark a broken directory entry.
580 */
585 {
590 /*
591 * Determine if we already have an inode cached. If we do then
592 * we are golden.
593 *
594 * If we find an inode with no vnode we have to mark the
595 * transaction such that hammer_inode_waitreclaims() is
596 * called later on to avoid building up an infinite number
597 * of inodes. Otherwise we can continue to * add new inodes
598 * faster then they can be disposed of, even with the tsleep
599 * delay.
600 *
601 * If we find a non-fake inode we return an error. Only fake
602 * inodes can be returned by this routine.
603 */
607 loop:
614 }
617 }
619 /*
620 * Allocate a new inode structure and deal with races later.
621 */
640 /*
641 * Populate the dummy inode. Leave everything zero'd out.
642 *
643 * (ip->ino_leaf and ip->ino_data)
644 *
645 * Make the dummy inode a FIFO object which most copy programs
646 * will properly ignore.
647 */
651 /*
652 * Locate and assign the pseudofs management structure to
653 * the inode.
654 */
660 errorp);
662 }
664 /*
665 * The inode is placed on the red-black tree and will be synced to
666 * the media when flushed or by the filesystem sync. If this races
667 * another instantiation/lookup the insertion will fail.
668 *
669 * NOTE: Do not set HAMMER_INODE_ONDISK. The inode is a fake.
670 */
675 }
680 }
683 }
686 }
688 /*
689 * Return a referenced inode only if it is in our inode cache.
690 *
691 * Dummy inodes do not count.
692 */
696 {
709 else
711 }
713 }
715 /*
716 * Create a new filesystem object, returning the inode in *ipp. The
717 * returned inode will be referenced. The inode is created in-memory.
718 *
719 * If pfsm is non-NULL the caller wishes to create the root inode for
720 * a master PFS.
721 */
722 int
727 {
728 hammer_mount_t hmp;
729 hammer_inode_t ip;
730 uid_t xuid;
733 u_int32_t dummy;
751 }
765 /* ip->save_trunc_off = 0; (already zero) */
774 /*
775 * A nohistory designator on the parent directory is inherited by
776 * the child. We will do this even for pseudo-fs creation... the
777 * sysad can turn it off.
778 */
782 }
786 HAMMER_LOCALIZE_INODE;
799 /*
800 * If we are running version 2 or greater directory entries are
801 * inode-localized instead of data-localized.
802 */
806 HAMMER_INODE_CAP_DIR_LOCAL_INO;
807 }
808 }
810 /*
811 * Setup the ".." pointer. This only needs to be done for directories
812 * but we do it for all objects as a recovery aid.
813 */
816 #if 0
817 /*
818 * The parent_obj_localization field only applies to pseudo-fs roots.
819 * XXX this is no longer applicable, PFSs are no longer directly
820 * tied into the parent's directory structure.
821 */
826 }
827 #endif
837 }
839 /*
840 * Calculate default uid/gid and overwrite with information from
841 * the vap.
842 */
849 }
856 else
881 }
889 /* not reached */
891 }
894 }
896 /*
897 * Final cleanup / freeing of an inode structure
898 */
899 static void
901 {
918 }
921 }
923 /*
924 * Retrieve pseudo-fs data. NULL will never be returned.
925 *
926 * If an error occurs *errorp will be set and a default template is returned,
927 * otherwise *errorp is set to 0. Typically when an error occurs it will
928 * be ENOENT.
929 */
930 hammer_pseudofs_inmem_t
933 {
935 hammer_inode_t ip;
936 hammer_pseudofs_inmem_t pfsm;
940 retry:
946 }
948 /*
949 * PFS records are stored in the root inode (not the PFS root inode,
950 * but the real root). Avoid an infinite recursion if loading
951 * the PFS for the real root.
952 */
955 HAMMER_MAX_TID,
959 }
968 HAMMER_LOCALIZE_MISC;
980 else
986 HAMMER_PFSD_DELETED) {
993 }
994 }
995 }
1005 }
1007 }
1009 /*
1010 * Store pseudo-fs data. The backend will automatically delete any prior
1011 * on-disk pseudo-fs data but we have to delete in-memory versions.
1012 */
1013 int
1015 {
1017 hammer_record_t record;
1018 hammer_inode_t ip;
1023 retry:
1027 HAMMER_LOCALIZE_MISC;
1037 /*
1038 * Replace any in-memory version of the record.
1039 */
1051 }
1052 }
1054 /*
1055 * Allocate replacement general record. The backend flush will
1056 * delete any on-disk version of the record.
1057 */
1063 HAMMER_LOCALIZE_MISC;
1069 }
1075 }
1077 /*
1078 * Create a root directory for a PFS if one does not alredy exist.
1079 *
1080 * The PFS root stands alone so we must also bump the nlinks count
1081 * to prevent it from being destroyed on release.
1082 */
1083 int
1085 hammer_pseudofs_inmem_t pfsm)
1086 {
1087 hammer_inode_t ip;
1103 }
1104 }
1108 }
1110 /*
1111 * Unload any vnodes & inodes associated with a PFS, return ENOTEMPTY
1112 * if we are unable to disassociate all the inodes.
1113 */
1114 static
1115 int
1117 {
1125 else
1129 }
1131 int
1133 {
1139 hammer_inode_pfs_cmp,
1140 hammer_unload_pseudofs_callback,
1145 }
1149 }
1152 /*
1153 * Release a reference on a PFS
1154 */
1155 void
1157 {
1162 }
1163 }
1165 /*
1166 * Called by hammer_sync_inode().
1167 */
1168 static int
1170 {
1172 hammer_record_t record;
1176 retry:
1179 /*
1180 * If the inode has a presence on-disk then locate it and mark
1181 * it deleted, setting DELONDISK.
1182 *
1183 * The record may or may not be physically deleted, depending on
1184 * the retention policy.
1185 */
1187 HAMMER_INODE_ONDISK) {
1190 HAMMER_LOCALIZE_INODE;
1212 }
1215 }
1224 }
1225 }
1227 /*
1228 * Ok, write out the initial record or a new record (after deleting
1229 * the old one), unless the DELETED flag is set. This routine will
1230 * clear DELONDISK if it writes out a record.
1231 *
1232 * Update our inode statistics if this is the first application of
1233 * the inode on-disk.
1234 */
1236 /*
1237 * Generate a record and write it to the media. We clean-up
1238 * the state before releasing so we do not have to set-up
1239 * a flush_group.
1240 */
1251 /*
1252 * If this flag is set we cannot sync the new file size
1253 * because we haven't finished related truncations. The
1254 * inode will be flushed in another flush group to finish
1255 * the job.
1256 */
1263 }
1279 }
1281 /*
1282 * Note: The record was never on the inode's record tree
1283 * so just wave our hands importantly and destroy it.
1284 */
1291 /*
1292 * Finish up.
1293 */
1298 HAMMER_INODE_SDIRTY |
1299 HAMMER_INODE_ATIME |
1300 HAMMER_INODE_MTIME);
1305 /*
1306 * Root volume count of inodes
1307 */
1312 vol0_stat_inodes);
1318 }
1320 }
1321 }
1323 /*
1324 * If the inode has been destroyed, clean out any left-over flags
1325 * that may have been set by the frontend.
1326 */
1329 HAMMER_INODE_SDIRTY |
1330 HAMMER_INODE_ATIME |
1331 HAMMER_INODE_MTIME);
1332 }
1334 }
1336 /*
1337 * Update only the itimes fields.
1338 *
1339 * ATIME can be updated without generating any UNDO. MTIME is updated
1340 * with UNDO so it is guaranteed to be synchronized properly in case of
1341 * a crash.
1342 *
1343 * Neither field is included in the B-Tree leaf element's CRC, which is how
1344 * we can get away with updating ATIME the way we do.
1345 */
1346 static int
1348 {
1352 retry:
1354 HAMMER_INODE_ONDISK) {
1356 }
1360 HAMMER_LOCALIZE_INODE;
1378 /*
1379 * Updating MTIME requires an UNDO. Just cover
1380 * both atime and mtime.
1381 */
1385 HAMMER_ITIMES_BYTES);
1391 /*
1392 * Updating atime only can be done in-place with
1393 * no UNDO.
1394 */
1401 }
1403 }
1410 }
1412 }
1414 /*
1415 * Release a reference on an inode, flush as requested.
1416 *
1417 * On the last reference we queue the inode to the flusher for its final
1418 * disposition.
1419 */
1420 void
1422 {
1423 /*hammer_mount_t hmp = ip->hmp;*/
1425 /*
1426 * Handle disposition when dropping the last ref.
1427 */
1430 /*
1431 * Determine whether on-disk action is needed for
1432 * the inode's final disposition.
1433 */
1441 }
1446 /*
1447 * The inode still has multiple refs, try to drop
1448 * one ref.
1449 */
1454 }
1455 }
1456 }
1457 }
1459 /*
1460 * Unload and destroy the specified inode. Must be called with one remaining
1461 * reference. The reference is disposed of.
1462 *
1463 * The inode must be completely clean.
1464 */
1465 static int
1467 {
1484 }
1489 }
1491 /*
1492 * Called during unmounting if a critical error occured. The in-memory
1493 * inode and all related structures are destroyed.
1494 *
1495 * If a critical error did not occur the unmount code calls the standard
1496 * release and asserts that the inode is gone.
1497 */
1498 int
1500 {
1501 hammer_record_t rec;
1503 /*
1504 * Get rid of the inodes in-memory records, regardless of their
1505 * state, and clear the mod-mask.
1506 */
1512 }
1516 else
1525 }
1530 /*
1531 * Remove the inode from any flush group, force it idle. FLUSH
1532 * and SETUP states have an inode ref.
1533 */
1539 /* fall through */
1543 /* fall through */
1546 }
1548 /*
1549 * There shouldn't be any associated vnode. The unload needs at
1550 * least one ref, if we do have a vp steal its ip ref.
1551 */
1559 }
1562 }
1564 /*
1565 * Called on mount -u when switching from RW to RO or vise-versa. Adjust
1566 * the read-only flag for cached inodes.
1567 *
1568 * This routine is called from a RB_SCAN().
1569 */
1570 int
1572 {
1577 else
1580 }
1582 /*
1583 * A transaction has modified an inode, requiring updates as specified by
1584 * the passed flags.
1585 *
1586 * HAMMER_INODE_DDIRTY: Inode data has been updated, not incl mtime/atime,
1587 * and not including size changes due to write-append
1588 * (but other size changes are included).
1589 * HAMMER_INODE_SDIRTY: Inode data has been updated, size changes due to
1590 * write-append.
1591 * HAMMER_INODE_XDIRTY: Dirty in-memory records
1592 * HAMMER_INODE_BUFS: Dirty buffer cache buffers
1593 * HAMMER_INODE_DELETED: Inode record/data must be deleted
1594 * HAMMER_INODE_ATIME/MTIME: mtime/atime has been updated
1595 */
1596 void
1598 {
1599 /*
1600 * ronly of 0 or 2 does not trigger assertion.
1601 * 2 is a special error state
1602 */
1605 HAMMER_INODE_SDIRTY |
1611 }
1613 /*
1614 * Set the NEWINODE flag in the transaction if the inode
1615 * transitions to a dirty state. This is used to track
1616 * the load on the inode cache.
1617 */
1622 }
1625 }
1627 /*
1628 * Request that an inode be flushed. This whole mess cannot block and may
1629 * recurse (if not synchronous). Once requested HAMMER will attempt to
1630 * actively flush the inode until the flush can be done.
1631 *
1632 * The inode may already be flushing, or may be in a setup state. We can
1633 * place the inode in a flushing state if it is currently idle and flag it
1634 * to reflush if it is currently flushing.
1635 *
1636 * Upon return if the inode could not be flushed due to a setup
1637 * dependancy, then it will be automatically flushed when the dependancy
1638 * is satisfied.
1639 */
1640 void
1642 {
1643 hammer_mount_t hmp;
1644 hammer_flush_group_t flg;
1647 /*
1648 * next_flush_group is the first flush group we can place the inode
1649 * in. It may be NULL. If it becomes full we append a new flush
1650 * group and make that the next_flush_group.
1651 */
1659 }
1665 }
1667 /*
1668 * Trivial 'nothing to flush' case. If the inode is in a SETUP
1669 * state we have to put it back into an IDLE state so we can
1670 * drop the extra ref.
1671 *
1672 * If we have a parent dependancy we must still fall through
1673 * so we can run it.
1674 */
1680 }
1683 }
1685 /*
1686 * Our flush action will depend on the current state.
1687 */
1690 /*
1691 * We have no dependancies and can flush immediately. Some
1692 * our children may not be flushable so we have to re-test
1693 * with that additional knowledge.
1694 */
1698 /*
1699 * Recurse upwards through dependancies via target_list
1700 * and start their flusher actions going if possible.
1701 *
1702 * 'good' is our connectivity. -1 means we have none and
1703 * can't flush, 0 means there weren't any dependancies, and
1704 * 1 means we have good connectivity.
1705 */
1709 /*
1710 * We can continue if good >= 0. Determine how
1711 * many records under our inode can be flushed (and
1712 * mark them).
1713 */
1716 /*
1717 * Parent has no connectivity, tell it to flush
1718 * us as soon as it does.
1719 *
1720 * The REFLUSH flag is also needed to trigger
1721 * dependancy wakeups.
1722 */
1724 HAMMER_INODE_REFLUSH;
1728 }
1729 }
1732 /*
1733 * We are already flushing, flag the inode to reflush
1734 * if needed after it completes its current flush.
1735 *
1736 * The REFLUSH flag is also needed to trigger
1737 * dependancy wakeups.
1738 */
1744 }
1746 }
1747 }
1749 /*
1750 * Scan ip->target_list, which is a list of records owned by PARENTS to our
1751 * ip which reference our ip.
1752 *
1753 * XXX This is a huge mess of recursive code, but not one bit of it blocks
1754 * so for now do not ref/deref the structures. Note that if we use the
1755 * ref/rel code later, the rel CAN block.
1756 */
1757 static int
1759 hammer_flush_group_t flg)
1760 {
1761 hammer_record_t depend;
1765 /*
1766 * If we hit our recursion limit and we have parent dependencies
1767 * We cannot continue. Returning < 0 will cause us to be flagged
1768 * for reflush. Returning -2 cuts off additional dependency checks
1769 * because they are likely to also hit the depth limit.
1770 *
1771 * We cannot return < 0 if there are no dependencies or there might
1772 * not be anything to wakeup (ip).
1773 */
1779 }
1781 /*
1782 * Scan dependencies
1783 */
1793 /*
1794 * If we failed due to the recursion depth limit then stop
1795 * now.
1796 */
1799 }
1801 }
1803 /*
1804 * This helper function takes a record representing the dependancy between
1805 * the parent inode and child inode.
1806 *
1807 * record->ip = parent inode
1808 * record->target_ip = child inode
1809 *
1810 * We are asked to recurse upwards and convert the record from SETUP
1811 * to FLUSH if possible.
1812 *
1813 * Return 1 if the record gives us connectivity
1814 *
1815 * Return 0 if the record is not relevant
1816 *
1817 * Return -1 if we can't resolve the dependancy and there is no connectivity.
1818 */
1819 static int
1821 hammer_flush_group_t flg)
1822 {
1823 hammer_mount_t hmp;
1824 hammer_inode_t pip;
1831 /*
1832 * If the record is already flushing, is it in our flush group?
1833 *
1834 * If it is in our flush group but it is a general record or a
1835 * delete-on-disk, it does not improve our connectivity (return 0),
1836 * and if the target inode is not trying to destroy itself we can't
1837 * allow the operation yet anyway (the second return -1).
1838 */
1840 /*
1841 * If not in our flush group ask the parent to reflush
1842 * us as soon as possible.
1843 */
1848 }
1850 /*
1851 * If in our flush group everything is already set up,
1852 * just return whether the record will improve our
1853 * visibility or not.
1854 */
1858 }
1860 /*
1861 * It must be a setup record. Try to resolve the setup dependancies
1862 * by recursing upwards so we can place ip on the flush list.
1863 *
1864 * Limit ourselves to 20 levels of recursion to avoid blowing out
1865 * the kernel stack. If we hit the recursion limit we can't flush
1866 * until the parent flushes. The parent will flush independantly
1867 * on its own and ultimately a deep recursion will be resolved.
1868 */
1873 /*
1874 * If good < 0 the parent has no connectivity and we cannot safely
1875 * flush the directory entry, which also means we can't flush our
1876 * ip. Flag us for downward recursion once the parent's
1877 * connectivity is resolved. Flag the parent for [re]flush or it
1878 * may not check for downward recursions.
1879 */
1884 }
1886 /*
1887 * We are go, place the parent inode in a flushing state so we can
1888 * place its record in a flushing state. Note that the parent
1889 * may already be flushing. The record must be in the same flush
1890 * group as the parent.
1891 */
1897 #if 0
1900 /*
1901 * Regardless of flushing state we cannot sync this path if the
1902 * record represents a delete-on-disk but the target inode
1903 * is not ready to sync its own deletion.
1904 *
1905 * XXX need to count effective nlinks to determine whether
1906 * the flush is ok, otherwise removing a hardlink will
1907 * just leave the DEL record to rot.
1908 */
1912 #endif
1914 /*
1915 * Because we have not calculated nlinks yet we can just
1916 * set records to the flush state if the parent is in
1917 * the same flush group as we are.
1918 */
1924 /*
1925 * A general directory-add contributes to our visibility.
1926 *
1927 * Otherwise it is probably a directory-delete or
1928 * delete-on-disk record and does not contribute to our
1929 * visbility (but we can still flush it).
1930 */
1935 /*
1936 * If the parent is not in our flush group we cannot
1937 * flush this record yet, there is no visibility.
1938 * We tell the parent to reflush and mark ourselves
1939 * so the parent knows it should flush us too.
1940 */
1944 }
1945 }
1947 /*
1948 * This is the core routine placing an inode into the FST_FLUSH state.
1949 */
1950 static void
1952 {
1955 /*
1956 * Set flush state and prevent the flusher from cycling into
1957 * the next flush group. Do not place the ip on the list yet.
1958 * Inodes not in the idle state get an extra reference.
1959 */
1971 /*
1972 * If the flush group reaches the autoflush limit we want to signal
1973 * the flusher. This is particularly important for remove()s.
1974 *
1975 * If the default hammer_limit_reclaim is changed via sysctl
1976 * make sure we don't hit a degenerate case where we don't start
1977 * a flush but blocked on further inode ops.
1978 */
1983 #if 0
1984 /*
1985 * We need to be able to vfsync/truncate from the backend.
1986 *
1987 * XXX Any truncation from the backend will acquire the vnode
1988 * independently.
1989 */
1994 }
1995 #endif
1997 /*
1998 * Figure out how many in-memory records we can actually flush
1999 * (not including inode meta-data, buffers, etc).
2000 */
2003 /*
2004 * If this is a upwards recursion we do not want to
2005 * recurse down again!
2006 */
2008 #if 0
2010 /*
2011 * No new records are added if we must complete a flush
2012 * from a previous cycle, but we do have to move the records
2013 * from the previous cycle to the current one.
2014 */
2015 #if 0
2018 #endif
2020 #endif
2022 /*
2023 * Normal flush, scan records and bring them into the flush.
2024 * Directory adds and deletes are usually skipped (they are
2025 * grouped with the related inode rather then with the
2026 * directory).
2027 *
2028 * go_count can be negative, which means the scan aborted
2029 * due to the flush group being over-full and we should
2030 * flush what we have.
2031 */
2034 }
2036 /*
2037 * This is a more involved test that includes go_count. If we
2038 * can't flush, flag the inode and return. If go_count is 0 we
2039 * were are unable to flush any records in our rec_tree and
2040 * must ignore the XDIRTY flag.
2041 */
2050 #if 0
2054 }
2055 #endif
2057 /*
2058 * REFLUSH is needed to trigger dependancy wakeups
2059 * when an inode is in SETUP.
2060 */
2065 }
2069 }
2070 }
2072 /*
2073 * Snapshot the state of the inode for the backend flusher.
2074 *
2075 * We continue to retain save_trunc_off even when all truncations
2076 * have been resolved as an optimization to determine if we can
2077 * skip the B-Tree lookup for overwrite deletions.
2078 *
2079 * NOTE: The DELETING flag is a mod flag, but it is also sticky,
2080 * and stays in ip->flags. Once set, it stays set until the
2081 * inode is destroyed.
2082 */
2090 /*
2091 * The save_trunc_off used to cache whether the B-Tree
2092 * holds any records past that point is not used until
2093 * after the truncation has succeeded, so we can safely
2094 * set it now.
2095 */
2098 }
2104 #ifdef DEBUG_TRUNCATE
2107 #endif
2109 /*
2110 * The flusher list inherits our inode and reference.
2111 */
2119 }
2120 }
2122 /*
2123 * Callback for scan of ip->rec_tree. Try to include each record in our
2124 * flush. ip->flush_group has been set but the inode has not yet been
2125 * moved into a flushing state.
2126 *
2127 * If we get stuck on a record we have to set HAMMER_INODE_REFLUSH on
2128 * both inodes.
2129 *
2130 * We return 1 for any record placed or found in FST_FLUSH, which prevents
2131 * the caller from shortcutting the flush.
2132 */
2133 static int
2135 {
2136 hammer_flush_group_t flg;
2137 hammer_inode_t target_ip;
2138 hammer_inode_t ip;
2141 /*
2142 * Records deleted or committed by the backend are ignored.
2143 * Note that the flush detects deleted frontend records at
2144 * multiple points to deal with races. This is just the first
2145 * line of defense. The only time HAMMER_RECF_DELETED_FE cannot
2146 * be set is when HAMMER_RECF_INTERLOCK_BE is set, because it
2147 * messes up link-count calculations.
2148 *
2149 * NOTE: Don't get confused between record deletion and, say,
2150 * directory entry deletion. The deletion of a directory entry
2151 * which is on-media has nothing to do with the record deletion
2152 * flags.
2153 */
2155 HAMMER_RECF_COMMITTED)) {
2161 }
2163 }
2165 /*
2166 * If the record is in an idle state it has no dependancies and
2167 * can be flushed.
2168 */
2175 /*
2176 * The record has no setup dependancy, we can flush it.
2177 */
2186 /*
2187 * The record has a setup dependancy. These are typically
2188 * directory entry adds and deletes. Such entries will be
2189 * flushed when their inodes are flushed so we do not
2190 * usually have to add them to the flush here. However,
2191 * if the target_ip has set HAMMER_INODE_CONN_DOWN then
2192 * it is asking us to flush this record (and it).
2193 */
2198 /*
2199 * If the target IP is already flushing in our group
2200 * we could associate the record, but target_ip has
2201 * already synced ino_data to sync_ino_data and we
2202 * would also have to adjust nlinks. Plus there are
2203 * ordering issues for adds and deletes.
2204 *
2205 * Reflush downward if this is an ADD, and upward if
2206 * this is a DEL.
2207 */
2211 else
2214 }
2216 /*
2217 * Target IP is not yet flushing. This can get complex
2218 * because we have to be careful about the recursion.
2219 *
2220 * Directories create an issue for us in that if a flush
2221 * of a directory is requested the expectation is to flush
2222 * any pending directory entries, but this will cause the
2223 * related inodes to recursively flush as well. We can't
2224 * really defer the operation so just get as many as we
2225 * can and
2226 */
2227 #if 0
2230 /*
2231 * We aren't reclaiming and the target ip was not
2232 * previously prevented from flushing due to this
2233 * record dependancy. Do not flush this record.
2234 */
2235 /*r = 0;*/
2237 #endif
2240 /*
2241 * Our flush group is over-full and we risk blowing
2242 * out the UNDO FIFO. Stop the scan, flush what we
2243 * have, then reflush the directory.
2244 *
2245 * The directory may be forced through multiple
2246 * flush groups before it can be completely
2247 * flushed.
2248 */
2250 HAMMER_INODE_REFLUSH;
2253 /*
2254 * If the target IP is not flushing we can force
2255 * it to flush, even if it is unable to write out
2256 * any of its own records we have at least one in
2257 * hand that we CAN deal with.
2258 */
2264 HAMMER_FLUSH_RECURSION);
2267 /*
2268 * General or delete-on-disk record.
2269 *
2270 * XXX this needs help. If a delete-on-disk we could
2271 * disconnect the target. If the target has its own
2272 * dependancies they really need to be flushed.
2273 *
2274 * XXX
2275 */
2281 HAMMER_FLUSH_RECURSION);
2283 }
2286 /*
2287 * The flush_group should already match.
2288 */
2292 }
2294 }
2296 #if 0
2297 /*
2298 * This version just moves records already in a flush state to the new
2299 * flush group and that is it.
2300 */
2301 static int
2303 {
2312 }
2314 }
2315 #endif
2317 /*
2318 * Wait for a previously queued flush to complete.
2319 *
2320 * If a critical error occured we don't try to wait.
2321 */
2322 void
2324 {
2325 hammer_flush_group_t flg;
2336 }
2337 }
2338 }
2339 }
2341 /*
2342 * Called by the backend code when a flush has been completed.
2343 * The inode has already been removed from the flush list.
2344 *
2345 * A pipelined flush can occur, in which case we must re-enter the
2346 * inode on the list and re-copy its fields.
2347 */
2348 void
2350 {
2351 hammer_mount_t hmp;
2358 /*
2359 * Auto-reflush if the backend could not completely flush
2360 * the inode. This fixes a case where a deferred buffer flush
2361 * could cause fsync to return early.
2362 */
2366 /*
2367 * Merge left-over flags back into the frontend and fix the state.
2368 * Incomplete truncations are retained by the backend.
2369 */
2374 /*
2375 * The backend may have adjusted nlinks, so if the adjusted nlinks
2376 * does not match the fronttend set the frontend's DDIRTY flag again.
2377 */
2381 /*
2382 * Fix up the dirty buffer status.
2383 */
2386 }
2389 /*
2390 * Re-set the XDIRTY flag if some of the inode's in-memory records
2391 * could not be flushed.
2392 */
2398 /*
2399 * Do not lose track of inodes which no longer have vnode
2400 * assocations, otherwise they may never get flushed again.
2401 *
2402 * The reflush flag can be set superfluously, causing extra pain
2403 * for no reason. If the inode is no longer modified it no longer
2404 * needs to be flushed.
2405 */
2411 }
2413 /*
2414 * Adjust the flush state.
2415 */
2417 /*
2418 * We were unable to flush out all our records, leave the
2419 * inode in a flush state and in the current flush group.
2420 * The flush group will be re-run.
2421 *
2422 * This occurs if the UNDO block gets too full or there is
2423 * too much dirty meta-data and allows the flusher to
2424 * finalize the UNDO block and then re-flush.
2425 */
2429 /*
2430 * Remove from the flush_group
2431 */
2435 #if 0
2436 /*
2437 * Clean up the vnode ref and tracking counts.
2438 */
2442 }
2443 #endif
2447 /*
2448 * And adjust the state.
2449 */
2456 }
2458 /*
2459 * If the frontend is waiting for a flush to complete,
2460 * wake it up.
2461 */
2465 }
2467 /*
2468 * If the frontend made more changes and requested another
2469 * flush, then try to get it running.
2470 *
2471 * Reflushes are aborted when the inode is errored out.
2472 */
2480 }
2481 }
2482 }
2484 /*
2485 * If we have no parent dependancies we can clear CONN_DOWN
2486 */
2490 /*
2491 * If the inode is now clean drop the space reservation.
2492 */
2497 }
2501 }
2503 /*
2504 * Called from hammer_sync_inode() to synchronize in-memory records
2505 * to the media.
2506 */
2507 static int
2509 {
2515 /*
2516 * Skip records that do not belong to the current flush.
2517 */
2522 #if 1
2524 kprintf("sync_record %p ip %p bad flush group %p %p\n", record, record->ip, record->flush_group ,record->ip->flush_group);
2528 }
2529 #endif
2532 /*
2533 * Interlock the record using the BE flag. Once BE is set the
2534 * frontend cannot change the state of FE.
2535 *
2536 * NOTE: If FE is set prior to us setting BE we still sync the
2537 * record out, but the flush completion code converts it to
2538 * a delete-on-disk record instead of destroying it.
2539 */
2543 /*
2544 * The backend has already disposed of the record.
2545 */
2549 }
2551 /*
2552 * If the whole inode is being deleting all on-disk records will
2553 * be deleted very soon, we can't sync any new records to disk
2554 * because they will be deleted in the same transaction they were
2555 * created in (delete_tid == create_tid), which will assert.
2556 *
2557 * XXX There may be a case with RECORD_ADD with DELETED_FE set
2558 * that we currently panic on.
2559 */
2563 /*
2564 * We don't have to do anything, if the record was
2565 * committed the space will have been accounted for
2566 * in the blockmap.
2567 */
2568 /* fall through */
2570 /*
2571 * Set deleted-by-backend flag. Do not set the
2572 * backend committed flag, because we are throwing
2573 * the record away.
2574 */
2588 /*
2589 * Follow through and issue the on-disk deletion
2590 */
2592 }
2593 }
2595 /*
2596 * If DELETED_FE is set special handling is needed for directory
2597 * entries. Dependant pieces related to the directory entry may
2598 * have already been synced to disk. If this occurs we have to
2599 * sync the directory entry and then change the in-memory record
2600 * from an ADD to a DELETE to cover the fact that it's been
2601 * deleted by the frontend.
2602 *
2603 * A directory delete covering record (MEM_RECORD_DEL) can never
2604 * be deleted by the frontend.
2605 *
2606 * Any other record type (aka DATA) can be deleted by the frontend.
2607 * XXX At the moment the flusher must skip it because there may
2608 * be another data record in the flush group for the same block,
2609 * meaning that some frontend data changes can leak into the backend's
2610 * synchronization point.
2611 */
2614 /*
2615 * Convert a front-end deleted directory-add to
2616 * a directory-delete entry later.
2617 */
2620 /*
2621 * Dispose of the record (race case). Mark as
2622 * deleted by backend (and not committed).
2623 */
2629 }
2630 }
2632 /*
2633 * Assign the create_tid for new records. Deletions already
2634 * have the record's entire key properly set up.
2635 */
2639 }
2641 /*
2642 * This actually moves the record to the on-media B-Tree. We
2643 * must also generate REDO_TERM entries in the UNDO/REDO FIFO
2644 * indicating that the related REDO_WRITE(s) have been committed.
2645 *
2646 * During recovery any REDO_TERM's within the nominal recovery span
2647 * are ignored since the related meta-data is being undone, causing
2648 * any matching REDO_WRITEs to execute. The REDO_TERMs outside
2649 * the nominal recovery span will match against REDO_WRITEs and
2650 * prevent them from being executed (because the meta-data has
2651 * already been synchronized).
2652 */
2658 HAMMER_REDO_TERM_WRITE,
2659 NULL,
2661 }
2671 }
2676 done:
2679 /*
2680 * Do partial finalization if we have built up too many dirty
2681 * buffers. Otherwise a buffer cache deadlock can occur when
2682 * doing things like creating tens of thousands of tiny files.
2683 *
2684 * We must release our cursor lock to avoid a 3-way deadlock
2685 * due to the exclusive sync lock the finalizer must get.
2686 *
2687 * WARNING: See warnings in hammer_unlock_cursor() function.
2688 */
2693 }
2696 }
2698 /*
2699 * Backend function called by the flusher to sync an inode to media.
2700 */
2701 int
2703 {
2705 hammer_node_t tmp_node;
2706 hammer_record_t depend;
2707 hammer_record_t next;
2709 u_int64_t nlinks;
2718 /*
2719 * Any directory records referencing this inode which are not in
2720 * our current flush group must adjust our nlink count for the
2721 * purposes of synchronizating to disk.
2722 *
2723 * Records which are in our flush group can be unlinked from our
2724 * inode now, potentially allowing the inode to be physically
2725 * deleted.
2726 *
2727 * This cannot block.
2728 */
2735 /*
2736 * If this is an ADD that was deleted by the frontend
2737 * the frontend nlinks count will have already been
2738 * decremented, but the backend is going to sync its
2739 * directory entry and must account for it. The
2740 * record will be converted to a delete-on-disk when
2741 * it gets synced.
2742 *
2743 * If the ADD was not deleted by the frontend we
2744 * can remove the dependancy from our target_list.
2745 */
2750 target_entry);
2752 }
2754 /*
2755 * Not part of our flush group and not deleted by
2756 * the front-end, adjust the link count synced to
2757 * the media (undo what the frontend did when it
2758 * queued the record).
2759 */
2770 }
2771 }
2772 }
2774 /*
2775 * Set dirty if we had to modify the link count.
2776 */
2781 }
2783 /*
2784 * If there is a trunction queued destroy any data past the (aligned)
2785 * truncation point. Userland will have dealt with the buffer
2786 * containing the truncation point for us.
2787 *
2788 * We don't flush pending frontend data buffers until after we've
2789 * dealt with the truncation.
2790 */
2792 /*
2793 * Interlock trunc_off. The VOP front-end may continue to
2794 * make adjustments to it while we are blocked.
2795 */
2796 off_t trunc_off;
2797 off_t aligned_trunc_off;
2804 /*
2805 * Delete any whole blocks on-media. The front-end has
2806 * already cleaned out any partial block and made it
2807 * pending. The front-end may have updated trunc_off
2808 * while we were blocked so we only use sync_trunc_off.
2809 *
2810 * This operation can blow out the buffer cache, EWOULDBLOCK
2811 * means we were unable to complete the deletion. The
2812 * deletion will update sync_trunc_off in that case.
2813 */
2815 aligned_trunc_off,
2821 }
2826 /*
2827 * Generate a REDO_TERM_TRUNC entry in the UNDO/REDO FIFO.
2828 *
2829 * XXX we do this even if we did not previously generate
2830 * a REDO_TRUNC record. This operation may enclosed the
2831 * range for multiple prior truncation entries in the REDO
2832 * log.
2833 */
2837 HAMMER_REDO_TERM_TRUNC,
2839 }
2841 /*
2842 * Clear the truncation flag on the backend after we have
2843 * completed the deletions. Backend data is now good again
2844 * (including new records we are about to sync, below).
2845 *
2846 * Leave sync_trunc_off intact. As we write additional
2847 * records the backend will update sync_trunc_off. This
2848 * tells the backend whether it can skip the overwrite
2849 * test. This should work properly even when the backend
2850 * writes full blocks where the truncation point straddles
2851 * the block because the comparison is against the base
2852 * offset of the record.
2853 */
2855 /* ip->sync_trunc_off = 0x7FFFFFFFFFFFFFFFLL; */
2858 }
2860 /*
2861 * Now sync related records. These will typically be directory
2862 * entries, records tracking direct-writes, or delete-on-disk records.
2863 */
2871 }
2874 /*
2875 * Re-seek for inode update, assuming our cache hasn't been ripped
2876 * out from under us.
2877 */
2887 }
2889 }
2891 /*
2892 * If we are deleting the inode the frontend had better not have
2893 * any active references on elements making up the inode.
2894 *
2895 * The call to hammer_ip_delete_clean() cleans up auxillary records
2896 * but not DB or DATA records. Those must have already been deleted
2897 * by the normal truncation mechanic.
2898 */
2912 /*
2913 * Set delete_tid in both the frontend and backend
2914 * copy of the inode record. The DELETED flag handles
2915 * this, do not set DDIRTY.
2916 */
2923 /*
2924 * Adjust the inode count in the volume header
2925 */
2930 vol0_stat_inodes);
2933 }
2935 }
2936 }
2942 defer_buffer_flush:
2943 /*
2944 * Now update the inode's on-disk inode-data and/or on-disk record.
2945 * DELETED and ONDISK are managed only in ip->flags.
2946 *
2947 * In the case of a defered buffer flush we still update the on-disk
2948 * inode to satisfy visibility requirements if there happen to be
2949 * directory dependancies.
2950 */
2953 /*
2954 * If deleted and on-disk, don't set any additional flags.
2955 * the delete flag takes care of things.
2956 *
2957 * Clear flags which may have been set by the frontend.
2958 */
2960 HAMMER_INODE_SDIRTY |
2962 HAMMER_INODE_DELETING);
2965 /*
2966 * Take care of the case where a deleted inode was never
2967 * flushed to the disk in the first place.
2968 *
2969 * Clear flags which may have been set by the frontend.
2970 */
2972 HAMMER_INODE_SDIRTY |
2974 HAMMER_INODE_DELETING);
2982 }
2985 /*
2986 * If already on-disk, do not set any additional flags.
2987 */
2990 /*
2991 * If not on-disk and not deleted, set DDIRTY to force
2992 * an initial record to be written.
2993 *
2994 * Also set the create_tid in both the frontend and backend
2995 * copy of the inode record.
2996 */
3003 }
3005 /*
3006 * If DDIRTY or SDIRTY is set, write out a new record.
3007 * If the inode is already on-disk the old record is marked as
3008 * deleted.
3009 *
3010 * If DELETED is set hammer_update_inode() will delete the existing
3011 * record without writing out a new one.
3012 *
3013 * If *ONLY* the ITIMES flag is set we can update the record in-place.
3014 */
3025 }
3026 done:
3030 }
3033 }
3035 /*
3036 * This routine is called when the OS is no longer actively referencing
3037 * the inode (but might still be keeping it cached), or when releasing
3038 * the last reference to an inode.
3039 *
3040 * At this point if the inode's nlinks count is zero we want to destroy
3041 * it, which may mean destroying it on-media too.
3042 */
3043 void
3045 {
3048 /*
3049 * Set the DELETING flag when the link count drops to 0 and the
3050 * OS no longer has any opens on the inode.
3051 *
3052 * The backend will clear DELETING (a mod flag) and set DELETED
3053 * (a state flag) when it is actually able to perform the
3054 * operation.
3055 *
3056 * Don't reflag the deletion if the flusher is currently syncing
3057 * one that was already flagged. A previously set DELETING flag
3058 * may bounce around flags and sync_flags until the operation is
3059 * completely done.
3060 */
3070 }
3072 /*
3073 * Final cleanup
3074 */
3079 }
3080 }
3082 /*
3083 * After potentially resolving a dependancy the inode is tested
3084 * to determine whether it needs to be reflushed.
3085 */
3086 void
3088 {
3097 }
3099 }
3100 }
3102 /*
3103 * Clear the RECLAIM flag on an inode. This occurs when the inode is
3104 * reassociated with a vp or just before it gets freed.
3105 *
3106 * Pipeline wakeups to threads blocked due to an excessive number of
3107 * detached inodes. This typically occurs when atime updates accumulate
3108 * while scanning a directory tree.
3109 */
3110 static void
3112 {
3127 }
3130 }
3131 }
3133 /*
3134 * Setup our reclaim pipeline. We only let so many detached (and dirty)
3135 * inodes build up before we start blocking. This routine is called
3136 * if a new inode is created or an inode is loaded from media.
3137 *
3138 * When we block we don't care *which* inode has finished reclaiming,
3139 * as lone as one does.
3140 */
3141 void
3143 {
3147 /*
3148 * Track inode load
3149 */
3166 /*
3167 * Default mode
3168 */
3171 }
3177 }
3179 static
3182 {
3191 }
3195 }
3202 else
3204 }
3208 }
3210 #if 0
3212 /*
3213 * XXX not used, doesn't work very well due to the large batching nature
3214 * of flushes.
3215 *
3216 * A larger then normal backlog of inodes is sitting in the flusher,
3217 * enforce a general slowdown to let it catch up. This routine is only
3218 * called on completion of a non-flusher-related transaction which
3219 * performed B-Tree node I/O.
3220 *
3221 * It is possible for the flusher to stall in a continuous load.
3222 * blogbench -i1000 -o seems to do a good job generating this sort of load.
3223 * If the flusher is unable to catch up the inode count can bloat until
3224 * we run out of kvm.
3225 *
3226 * This is a bit of a hack.
3227 */
3228 void
3230 {
3231 /*
3232 * Hysteresis.
3233 */
3239 }
3244 }
3246 }
3248 /*
3249 * Block for one flush cycle.
3250 */
3252 }
3254 #endif