1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright (C) 2016 Oracle. All Rights Reserved.
4 * Author: Darrick J. Wong <darrick.wong@oracle.com>
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_log_format.h"
11 #include "xfs_trans_resv.h"
12 #include "xfs_mount.h"
13 #include "xfs_alloc.h"
14 #include "xfs_errortag.h"
15 #include "xfs_error.h"
16 #include "xfs_trace.h"
17 #include "xfs_trans.h"
18 #include "xfs_rmap_btree.h"
19 #include "xfs_btree.h"
20 #include "xfs_refcount_btree.h"
21 #include "xfs_ialloc_btree.h"
23 #include "xfs_ag_resv.h"
26 * Per-AG Block Reservations
28 * For some kinds of allocation group metadata structures, it is advantageous
29 * to reserve a small number of blocks in each AG so that future expansions of
30 * that data structure do not encounter ENOSPC because errors during a btree
31 * split cause the filesystem to go offline.
33 * Prior to the introduction of reflink, this wasn't an issue because the free
34 * space btrees maintain a reserve of space (the AGFL) to handle any expansion
35 * that may be necessary; and allocations of other metadata (inodes, BMBT,
36 * dir/attr) aren't restricted to a single AG. However, with reflink it is
37 * possible to allocate all the space in an AG, have subsequent reflink/CoW
38 * activity expand the refcount btree, and discover that there's no space left
39 * to handle that expansion. Since we can calculate the maximum size of the
40 * refcount btree, we can reserve space for it and avoid ENOSPC.
42 * Handling per-AG reservations consists of three changes to the allocator's
43 * behavior: First, because these reservations are always needed, we decrease
44 * the ag_max_usable counter to reflect the size of the AG after the reserved
45 * blocks are taken. Second, the reservations must be reflected in the
46 * fdblocks count to maintain proper accounting. Third, each AG must maintain
47 * its own reserved block counter so that we can calculate the amount of space
48 * that must remain free to maintain the reservations. Fourth, the "remaining
49 * reserved blocks" count must be used when calculating the length of the
50 * longest free extent in an AG and to clamp maxlen in the per-AG allocation
51 * functions. In other words, we maintain a virtual allocation via in-core
52 * accounting tricks so that we don't have to clean up after a crash. :)
54 * Reserved blocks can be managed by passing one of the enum xfs_ag_resv_type
55 * values via struct xfs_alloc_arg or directly to the xfs_free_extent
56 * function. It might seem a little funny to maintain a reservoir of blocks
57 * to feed another reservoir, but the AGFL only holds enough blocks to get
58 * through the next transaction. The per-AG reservation is to ensure (we
59 * hope) that each AG never runs out of blocks. Each data structure wanting
60 * to use the reservation system should update ask/used in xfs_ag_resv_init.
64 * Are we critically low on blocks? For now we'll define that as the number
65 * of blocks we can get our hands on being less than 10% of what we reserved
66 * or less than some arbitrary number (maximum btree height).
70 struct xfs_perag *pag,
71 enum xfs_ag_resv_type type)
77 case XFS_AG_RESV_METADATA:
78 avail = pag->pagf_freeblks - pag->pag_rmapbt_resv.ar_reserved;
79 orig = pag->pag_meta_resv.ar_asked;
81 case XFS_AG_RESV_RMAPBT:
82 avail = pag->pagf_freeblks + pag->pagf_flcount -
83 pag->pag_meta_resv.ar_reserved;
84 orig = pag->pag_rmapbt_resv.ar_asked;
91 trace_xfs_ag_resv_critical(pag, type, avail);
93 /* Critically low if less than 10% or max btree height remains. */
94 return XFS_TEST_ERROR(avail < orig / 10 || avail < XFS_BTREE_MAXLEVELS,
95 pag->pag_mount, XFS_ERRTAG_AG_RESV_CRITICAL);
99 * How many blocks are reserved but not used, and therefore must not be
104 struct xfs_perag *pag,
105 enum xfs_ag_resv_type type)
109 len = pag->pag_meta_resv.ar_reserved + pag->pag_rmapbt_resv.ar_reserved;
111 case XFS_AG_RESV_METADATA:
112 case XFS_AG_RESV_RMAPBT:
113 len -= xfs_perag_resv(pag, type)->ar_reserved;
115 case XFS_AG_RESV_NONE:
122 trace_xfs_ag_resv_needed(pag, type, len);
127 /* Clean out a reservation */
130 struct xfs_perag *pag,
131 enum xfs_ag_resv_type type)
133 struct xfs_ag_resv *resv;
134 xfs_extlen_t oldresv;
137 trace_xfs_ag_resv_free(pag, type, 0);
139 resv = xfs_perag_resv(pag, type);
140 if (pag->pag_agno == 0)
141 pag->pag_mount->m_ag_max_usable += resv->ar_asked;
143 * RMAPBT blocks come from the AGFL and AGFL blocks are always
144 * considered "free", so whatever was reserved at mount time must be
145 * given back at umount.
147 if (type == XFS_AG_RESV_RMAPBT)
148 oldresv = resv->ar_orig_reserved;
150 oldresv = resv->ar_reserved;
151 error = xfs_mod_fdblocks(pag->pag_mount, oldresv, true);
152 resv->ar_reserved = 0;
154 resv->ar_orig_reserved = 0;
157 trace_xfs_ag_resv_free_error(pag->pag_mount, pag->pag_agno,
162 /* Free a per-AG reservation. */
165 struct xfs_perag *pag)
170 error = __xfs_ag_resv_free(pag, XFS_AG_RESV_RMAPBT);
171 err2 = __xfs_ag_resv_free(pag, XFS_AG_RESV_METADATA);
179 struct xfs_perag *pag,
180 enum xfs_ag_resv_type type,
184 struct xfs_mount *mp = pag->pag_mount;
185 struct xfs_ag_resv *resv;
187 xfs_extlen_t hidden_space;
193 case XFS_AG_RESV_RMAPBT:
195 * Space taken by the rmapbt is not subtracted from fdblocks
196 * because the rmapbt lives in the free space. Here we must
197 * subtract the entire reservation from fdblocks so that we
198 * always have blocks available for rmapbt expansion.
202 case XFS_AG_RESV_METADATA:
204 * Space taken by all other metadata btrees are accounted
205 * on-disk as used space. We therefore only hide the space
206 * that is reserved but not used by the trees.
208 hidden_space = ask - used;
214 error = xfs_mod_fdblocks(mp, -(int64_t)hidden_space, true);
216 trace_xfs_ag_resv_init_error(pag->pag_mount, pag->pag_agno,
219 "Per-AG reservation for AG %u failed. Filesystem may run out of space.",
225 * Reduce the maximum per-AG allocation length by however much we're
226 * trying to reserve for an AG. Since this is a filesystem-wide
227 * counter, we only make the adjustment for AG 0. This assumes that
228 * there aren't any AGs hungrier for per-AG reservation than AG 0.
230 if (pag->pag_agno == 0)
231 mp->m_ag_max_usable -= ask;
233 resv = xfs_perag_resv(pag, type);
234 resv->ar_asked = ask;
235 resv->ar_orig_reserved = hidden_space;
236 resv->ar_reserved = ask - used;
238 trace_xfs_ag_resv_init(pag, type, ask);
242 /* Create a per-AG block reservation. */
245 struct xfs_perag *pag,
246 struct xfs_trans *tp)
248 struct xfs_mount *mp = pag->pag_mount;
249 xfs_agnumber_t agno = pag->pag_agno;
254 /* Create the metadata reservation. */
255 if (pag->pag_meta_resv.ar_asked == 0) {
258 error = xfs_refcountbt_calc_reserves(mp, tp, agno, &ask, &used);
262 error = xfs_finobt_calc_reserves(mp, tp, agno, &ask, &used);
266 error = __xfs_ag_resv_init(pag, XFS_AG_RESV_METADATA,
270 * Because we didn't have per-AG reservations when the
271 * finobt feature was added we might not be able to
272 * reserve all needed blocks. Warn and fall back to the
273 * old and potentially buggy code in that case, but
274 * ensure we do have the reservation for the refcountbt.
278 mp->m_finobt_nores = true;
280 error = xfs_refcountbt_calc_reserves(mp, tp, agno, &ask,
285 error = __xfs_ag_resv_init(pag, XFS_AG_RESV_METADATA,
292 /* Create the RMAPBT metadata reservation */
293 if (pag->pag_rmapbt_resv.ar_asked == 0) {
296 error = xfs_rmapbt_calc_reserves(mp, tp, agno, &ask, &used);
300 error = __xfs_ag_resv_init(pag, XFS_AG_RESV_RMAPBT, ask, used);
306 /* need to read in the AGF for the ASSERT below to work */
307 error = xfs_alloc_pagf_init(pag->pag_mount, tp, pag->pag_agno, 0);
311 ASSERT(xfs_perag_resv(pag, XFS_AG_RESV_METADATA)->ar_reserved +
312 xfs_perag_resv(pag, XFS_AG_RESV_RMAPBT)->ar_reserved <=
313 pag->pagf_freeblks + pag->pagf_flcount);
319 /* Allocate a block from the reservation. */
321 xfs_ag_resv_alloc_extent(
322 struct xfs_perag *pag,
323 enum xfs_ag_resv_type type,
324 struct xfs_alloc_arg *args)
326 struct xfs_ag_resv *resv;
330 trace_xfs_ag_resv_alloc_extent(pag, type, args->len);
333 case XFS_AG_RESV_AGFL:
335 case XFS_AG_RESV_METADATA:
336 case XFS_AG_RESV_RMAPBT:
337 resv = xfs_perag_resv(pag, type);
342 case XFS_AG_RESV_NONE:
343 field = args->wasdel ? XFS_TRANS_SB_RES_FDBLOCKS :
344 XFS_TRANS_SB_FDBLOCKS;
345 xfs_trans_mod_sb(args->tp, field, -(int64_t)args->len);
349 len = min_t(xfs_extlen_t, args->len, resv->ar_reserved);
350 resv->ar_reserved -= len;
351 if (type == XFS_AG_RESV_RMAPBT)
353 /* Allocations of reserved blocks only need on-disk sb updates... */
354 xfs_trans_mod_sb(args->tp, XFS_TRANS_SB_RES_FDBLOCKS, -(int64_t)len);
355 /* ...but non-reserved blocks need in-core and on-disk updates. */
357 xfs_trans_mod_sb(args->tp, XFS_TRANS_SB_FDBLOCKS,
358 -((int64_t)args->len - len));
361 /* Free a block to the reservation. */
363 xfs_ag_resv_free_extent(
364 struct xfs_perag *pag,
365 enum xfs_ag_resv_type type,
366 struct xfs_trans *tp,
369 xfs_extlen_t leftover;
370 struct xfs_ag_resv *resv;
372 trace_xfs_ag_resv_free_extent(pag, type, len);
375 case XFS_AG_RESV_AGFL:
377 case XFS_AG_RESV_METADATA:
378 case XFS_AG_RESV_RMAPBT:
379 resv = xfs_perag_resv(pag, type);
384 case XFS_AG_RESV_NONE:
385 xfs_trans_mod_sb(tp, XFS_TRANS_SB_FDBLOCKS, (int64_t)len);
389 leftover = min_t(xfs_extlen_t, len, resv->ar_asked - resv->ar_reserved);
390 resv->ar_reserved += leftover;
391 if (type == XFS_AG_RESV_RMAPBT)
393 /* Freeing into the reserved pool only requires on-disk update... */
394 xfs_trans_mod_sb(tp, XFS_TRANS_SB_RES_FDBLOCKS, len);
395 /* ...but freeing beyond that requires in-core and on-disk update. */
397 xfs_trans_mod_sb(tp, XFS_TRANS_SB_FDBLOCKS, len - leftover);
projects / linux-2.6-microblaze.git / blob