1. 17 Dec, 2017 6 commits
  2. 13 Dec, 2017 15 commits
    • Mike Snitzer's avatar
      dm: set QUEUE_FLAG_DAX accordingly in dm_table_set_restrictions() · ad3793fc
      Mike Snitzer authored
      Rather than having DAX support be unique by setting it based on table
      type in dm_setup_md_queue().
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      ad3793fc
    • Mike Snitzer's avatar
      dm: fix __send_changing_extent_only() to send first bio and chain remainder · 3d7f4562
      Mike Snitzer authored
      __send_changing_extent_only() must follow the same pattern that was
      established with commit "dm: ensure bio submission follows a depth-first
      tree walk".  That is: submit first bio up to split boundary and then
      split the remainder to further submissions.
      Suggested-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      3d7f4562
    • Mike Snitzer's avatar
      dm: ensure bio-based DM's bioset and io_pool support targets' maximum IOs · 0776aa0e
      Mike Snitzer authored
      alloc_multiple_bios() assumes it can allocate the requested number of
      bios but until now there was no gaurantee that the mempools would be
      accomodating.
      Suggested-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      0776aa0e
    • Mike Snitzer's avatar
      dm: remove BIOSET_NEED_RESCUER based dm_offload infrastructure · 4a3f54d9
      Mike Snitzer authored
      Now that all of DM has been revised and/or verified to no longer require
      the use of BIOSET_NEED_RESCUER the dm_offload code may be removed.
      Suggested-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      4a3f54d9
    • Mike Snitzer's avatar
      dm: safely allocate multiple bioset bios · 318716dd
      Mike Snitzer authored
      DM targets can request multiple bios be sent to them by DM core (see:
      num_{flush,discard,write_same,write_zeroes}_bios).  But until now these
      bios were allocated in an unsafe manner than could potentially exhaust
      the DM device's bioset -- in the face of multiple threads each trying to
      do multiple allocations from the same DM device's bioset.
      
      Fix __send_duplicate_bios() by using the new alloc_multiple_bios().  The
      allocation strategy used by alloc_multiple_bios() models that used by
      dm-crypt.c:crypt_alloc_buffer().
      
      Neil Brown initially proposed this fix but the implementation has been
      revised enough that it inappropriate to attribute the entirety of it to
      him.
      Suggested-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      318716dd
    • NeilBrown's avatar
      dm: remove unused 'num_write_bios' target interface · f31c21e4
      NeilBrown authored
      No DM target provides num_write_bios and none has since dm-cache's
      brief use in 2013.
      
      Having the possibility of num_write_bios > 1 complicates bio
      allocation.  So remove the interface and assume there is only one bio
      needed.
      
      If a target ever needs more, it must provide a suitable bioset and
      allocate itself based on its particular needs.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      f31c21e4
    • NeilBrown's avatar
      dm: ensure bio submission follows a depth-first tree walk · 18a25da8
      NeilBrown authored
      A dm device can, in general, represent a tree of targets, each of which
      handles a sub-range of the range of blocks handled by the parent.
      
      The bio sequencing managed by generic_make_request() requires that bios
      are generated and handled in a depth-first manner.  Each call to a
      make_request_fn() may submit bios to a single member device, and may
      submit bios for a reduced region of the same device as the
      make_request_fn.
      
      In particular, any bios submitted to member devices must be expected to
      be processed in order, so a later one must never wait for an earlier
      one.
      
      This ordering is usually achieved by using bio_split() to reduce a bio
      to a size that can be completely handled by one target, and resubmitting
      the remainder to the originating device. bio_queue_split() shows the
      canonical approach.
      
      dm doesn't follow this approach, largely because it has needed to split
      bios since long before bio_split() was available.  It currently can
      submit bios to separate targets within the one dm_make_request() call.
      Dependencies between these targets, as can happen with dm-snap, can
      cause deadlocks if either bios gets stuck behind the other in the queues
      managed by generic_make_request().  This requires the 'rescue'
      functionality provided by dm_offload_{start,end}.
      
      Some of this requirement can be removed by changing the order of bio
      submission to follow the canonical approach.  That is, if dm finds that
      it needs to split a bio, the remainder should be sent to
      generic_make_request() rather than being handled immediately.  This
      delays the handling until the first part is completely processed, so the
      deadlock problems do not occur.
      
      __split_and_process_bio() can be called both from dm_make_request() and
      from dm_wq_work().  When called from dm_wq_work() the current approach
      is perfectly satisfactory as each bio will be processed immediately.
      When called from dm_make_request(), current->bio_list will be non-NULL,
      and in this case it is best to create a separate "clone" bio for the
      remainder.
      
      When we use bio_clone_bioset() to split off the front part of a bio
      and chain the two together and submit the remainder to
      generic_make_request(), it is important that the newly allocated
      bio is used as the head to be processed immediately, and the original
      bio gets "bio_advance()"d and sent to generic_make_request() as the
      remainder.  Otherwise, if the newly allocated bio is used as the
      remainder, and if it then needs to be split again, then the next
      bio_clone_bioset() call will be made while holding a reference a bio
      (result of the first clone) from the same bioset.  This can potentially
      exhaust the bioset mempool and result in a memory allocation deadlock.
      
      Note that there is no race caused by reassigning cio.io->bio after already
      calling __map_bio().  This bio will only be dereferenced again after
      dec_pending() has found io->io_count to be zero, and this cannot happen
      before the dec_pending() call at the end of __split_and_process_bio().
      
      To provide the clone bio when splitting, we use q->bio_split.  This
      was previously being freed by bio-based dm to avoid having excess
      rescuer threads.  As bio_split bio sets no longer create rescuer
      threads, there is little cost and much gain from restoring the
      q->bio_split bio set.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      18a25da8
    • NeilBrown's avatar
      dm io: remove BIOSET_NEED_RESCUER flag from bios bioset · c110a4b6
      NeilBrown authored
      The BIOSET_NEED_RESCUER flag is only needed when a make_request_fn might
      do two allocations from the one bioset, and the second one could block
      until the first bio completes.
      
      dm_io() is called from make_request_fn() context.  The closest it comes
      to multiple allocations is in chunk_io() in dm-snap-persistent.  But
      there the code uses a separate thread to avoid problems.
      
      So BIOSET_NEED_RESCUER is not needed.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      c110a4b6
    • NeilBrown's avatar
      dm crypt: remove BIOSET_NEED_RESCUER flag · 80cd1757
      NeilBrown authored
      The BIOSET_NEED_RESCUER flag is only needed when a make_request_fn might
      do two allocations from the one bioset, and the second one could block
      until the first bio completes.
      
      dm-crypt does allocate from this bioset inside the dm make_request_fn,
      but does so using GFP_NOWAIT so that the allocation will not block.
      
      So BIOSET_NEED_RESCUER is not needed.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      80cd1757
    • NeilBrown's avatar
      dm: fix comment above dm_accept_partial_bio · c06b3e58
      NeilBrown authored
      Clarify that dm_accept_partial_bio isn't allowed for REQ_OP_ZONE_RESET
      bios.
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      c06b3e58
    • Heinz Mauelshagen's avatar
      dm raid: use rs_is_raid*() · 552aa679
      Heinz Mauelshagen authored
      Cleanup, no functional change.
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      552aa679
    • Heinz Mauelshagen's avatar
      dm raid: simplify rs_get_progress() · 7c29744e
      Heinz Mauelshagen authored
      No need to calculate the reshaping progress because
      mddev->curr_resync_completed holds it.
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      7c29744e
    • Heinz Mauelshagen's avatar
      dm raid: ensure 'a' chars during reshape · dc15b943
      Heinz Mauelshagen authored
      During reshape, 'A' chars were reported in status rather than 'a'.
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      dc15b943
    • Heinz Mauelshagen's avatar
      dm raid: stop keeping raid set frozen altogether · 11e47232
      Heinz Mauelshagen authored
      In order to avoid redoing synchronization/recovery/reshape partially,
      the raid set got frozen until after all passed in table line flags had
      been cleared.  The related table reload sequence had to be precisely
      followed, or reshaping may lead to data corruption caused by the active
      mapping carrying on with a reshape when the inactive mapping already
      had retrieved a stale reshape position.
      
      Harden by retrieving the actual resync/recovery/reshape position
      during resume whilst the active table is suspended thus avoiding
      to keep the raid set frozen altogether.  This prevents superfluous
      redoing of an already resynchronized or recovered segment and,
      most importantly, potential for redoing of an already reshaped
      segment causing data corruption.
      
      Fixes: d39f0010 ("dm raid: fix raid_resume() to keep raid set frozen as needed")
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      11e47232
    • Heinz Mauelshagen's avatar
      dm raid: validate current raid sets redundancy · 53bf5384
      Heinz Mauelshagen authored
      Verifying the current raid sets redundancy based on retrieved
      superblock content has to use the superblock's raid level (e.g. raid0),
      not the constructor requested one (e.g. raid10).
      
      Using the requested raid level of raid10 lead to a "divide error"
      on raid0 which defines data copies divided by to be zero.
      
      Also check for bogus data copies.
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      53bf5384
  3. 08 Dec, 2017 13 commits
  4. 04 Dec, 2017 2 commits
    • monty_pavel@sina.com's avatar
      dm: fix various targets to dm_register_target after module __init resources created · 7e6358d2
      monty_pavel@sina.com authored
      A NULL pointer is seen if two concurrent "vgchange -ay -K <vg name>"
      processes race to load the dm-thin-pool module:
      
       PID: 25992 TASK: ffff883cd7d23500 CPU: 4 COMMAND: "vgchange"
        #0 [ffff883cd743d600] machine_kexec at ffffffff81038fa9
        0000001 [ffff883cd743d660] crash_kexec at ffffffff810c5992
        0000002 [ffff883cd743d730] oops_end at ffffffff81515c90
        0000003 [ffff883cd743d760] no_context at ffffffff81049f1b
        0000004 [ffff883cd743d7b0] __bad_area_nosemaphore at ffffffff8104a1a5
        0000005 [ffff883cd743d800] bad_area at ffffffff8104a2ce
        0000006 [ffff883cd743d830] __do_page_fault at ffffffff8104aa6f
        0000007 [ffff883cd743d950] do_page_fault at ffffffff81517bae
        0000008 [ffff883cd743d980] page_fault at ffffffff81514f95
           [exception RIP: kmem_cache_alloc+108]
           RIP: ffffffff8116ef3c RSP: ffff883cd743da38 RFLAGS: 00010046
           RAX: 0000000000000004 RBX: ffffffff81121b90 RCX: ffff881bf1e78cc0
           RDX: 0000000000000000 RSI: 00000000000000d0 RDI: 0000000000000000
           RBP: ffff883cd743da68 R8: ffff881bf1a4eb00 R9: 0000000080042000
           R10: 0000000000002000 R11: 0000000000000000 R12: 00000000000000d0
           R13: 0000000000000000 R14: 00000000000000d0 R15: 0000000000000246
           ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
        0000009 [ffff883cd743da70] mempool_alloc_slab at ffffffff81121ba5
       0000010 [ffff883cd743da80] mempool_create_node at ffffffff81122083
       0000011 [ffff883cd743dad0] mempool_create at ffffffff811220f4
       0000012 [ffff883cd743dae0] pool_ctr at ffffffffa08de049 [dm_thin_pool]
       0000013 [ffff883cd743dbd0] dm_table_add_target at ffffffffa0005f2f [dm_mod]
       0000014 [ffff883cd743dc30] table_load at ffffffffa0008ba9 [dm_mod]
       0000015 [ffff883cd743dc90] ctl_ioctl at ffffffffa0009dc4 [dm_mod]
      
      The race results in a NULL pointer because:
      
      Process A (vgchange -ay -K):
       	a. send DM_LIST_VERSIONS_CMD ioctl;
       	b. pool_target not registered;
       	c. modprobe dm_thin_pool and wait until end.
      
      Process B (vgchange -ay -K):
       	a. send DM_LIST_VERSIONS_CMD ioctl;
       	b. pool_target registered;
       	c. table_load->dm_table_add_target->pool_ctr;
       	d. _new_mapping_cache is NULL and panic.
      Note:
       	1. process A and process B are two concurrent processes.
       	2. pool_target can be detected by process B but
       	_new_mapping_cache initialization has not ended.
      
      To fix dm-thin-pool, and other targets (cache, multipath, and snapshot)
      with the same problem, simply dm_register_target() after all resources
      created during module init (as labelled with __init) are finished.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarmonty <monty_pavel@sina.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      7e6358d2
    • Mike Snitzer's avatar
      dm table: fix regression from improper dm_dev_internal.count refcount_t conversion · afc567a4
      Mike Snitzer authored
      Multiple refcounts are needed if the device was already added.  The
      micro-optimization of setting the refcount to 1 on first added (rather
      than fall thru to a common refcount_inc) lost sight of the fact that the
      refcount_inc is also needed for the case when the device already exists
      and the mode need not be upgraded.
      
      Fixes: 2a0b4682 ("dm: convert dm_dev_internal.count from atomic_t to refcount_t")
      Reported-by: default avatarZdenek Kabelac <zkabelac@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      afc567a4
  5. 03 Dec, 2017 4 commits