On Mon, May 20, 2019 at 12:38:32PM +0200, Paolo Valente wrote: ... > > I was considering adding support so that if userspace calls fsync(2) > > or fdatasync(2), to attach the process's CSS to the transaction, and > > then charge all of the journal metadata writes the process's CSS. If > > there are multiple fsync's batched into the transaction, the first > > process which forced the early transaction commit would get charged > > the entire journal write. OTOH, journal writes are sequential I/O, so > > the amount of disk time for writing the journal is going to be > > relatively small, and especially, the fact that work from other > > cgroups is going to be minimal, especially if hadn't issued an > > fsync(). > > > > Yeah, that's a longstanding and difficult instance of the general > too-short-blanket problem. Jan has already highlighted one of the > main issues in his reply. I'll add a design issue (from my point of > view): I'd find a little odd that explicit sync transactions have an > owner to charge, while generic buffered writes have not. > > I think Andrea Righi addressed related issues in his recent patch > proposal [1], so I've CCed him too. > > [1] https://lkml.org/lkml/2019/3/9/220 If journal metadata writes are submitted using a process's CSS, the commit may be throttled and that can also throttle indirectly other "high-priority" blkio cgroups, so I think that logic alone isn't enough. We have discussed this priorty-inversion problem with Josef and Tejun (adding both of them in cc), the idea that seemed most reasonable was to temporarily boost the priority of blkio cgroups when there are multiple sync(2) waiters in the system. More exactly, when I/O is going to be throttled for a specific blkio cgroup, if there's any other blkio cgroup waiting for writeback I/O, no throttling is applied (this logic can be refined by saving a list of blkio sync(2) waiters and taking the highest I/O rate among them). In addition to that Tejun mentioned that he would like to see a better sync(2) isolation done at the fs namespace level. This last part still needs to be defined and addressed. However, even the simple logic above "no throttling if there's any other sync(2) waiter" can already prevent big system lockups (see for example the simple test case that I suggested here https://lkml.org/lkml/2019/), so I think having this change alone would be a nice improvement already: https://lkml.org/lkml/2019/3/9/220 Thanks, -Andrea > > > In the case where you have three cgroups all issuing fsync(2) and they > > all landed in the same jbd2 transaction thanks to commit batching, in > > the ideal world we would split up the disk time usage equally across > > those three cgroups. But it's probably not worth doing that... > > > > That being said, we probably do need some BFQ support, since in the > > case where we have multiple processes doing buffered writes w/o fsync, > > we do charnge the data=ordered writeback to each block cgroup. Worse, > > the commit can't complete until the all of the data integrity > > writebacks have completed. And if there are N cgroups with dirty > > inodes, and slice_idle set to 8ms, there is going to be 8*N ms worth > > of idle time tacked onto the commit time. > > > > Jan already wrote part of what I wanted to reply here, so I'll > continue from his reply. > > Thanks, > Paolo > > > If we charge the journal I/O to the cgroup, and there's only one > > process doing the > > > > dd if=/dev/zero of=/root/test.img bs=512 count=10000 oflags=dsync > > > > then we don't need to worry about this failure mode, since both the > > journal I/O and the data writeback will be hitting the same cgroup. > > But that's arguably an artificial use case, and much more commonly > > there will be multiple cgroups all trying to at least some file system > > I/O. > > > > - Ted >