On Wed, Oct 09, 2019 at 02:21:23PM +1100, Dave Chinner wrote: > 4. it xfs_ilock_nowait() fails until the rcu grace period Should this be: > 4. if xfs_ilock_nowait() fails before the rcu grace period ? > + xfs_iunlock(ip, XFS_ILOCK_EXCL); > kmem_zone_free(xfs_inode_zone, ip); > } > > @@ -131,6 +132,7 @@ xfs_inode_free( > * free state. The ip->i_flags_lock provides the barrier against lookup > * races. > */ > + xfs_ilock(ip, XFS_ILOCK_EXCL); This introduceѕ a non-owner unlock of an exclusively held rwsem. As-is this will make lockdep very unhappy. We have a non-owner unlock version of up_read, but not of up_write currently. I'm also not sure if those are allowed from RCU callback, which IIRC can run from softirq context. That being said this scheme of only unlocking the inode in the rcu free callback makes totaly sense to me, so I wish we can accomodate it somehow. > @@ -312,7 +327,8 @@ xfs_iget_cache_hit( > rcu_read_lock(); > spin_lock(&ip->i_flags_lock); > wake = !!__xfs_iflags_test(ip, XFS_INEW); > - ip->i_flags &= ~(XFS_INEW | XFS_IRECLAIM); > + ip->i_flags &= ~XFS_INEW | XFS_IRECLAIM; This change looks wrong to me, or did I miss something? We now clear all bits that are not XFS_I_NEW and XFS_IRECLAIM, which already is set in ~XFS_INEW. So if that was the intent just: ip->i_flags &= ~XFS_INEW; would do it. > + * This requires code that requires such pins to do the following under a single This adds an > 80 char line. (there are a few more below. > + /* push the AIL to clean dirty reclaimable inodes */ > + xfs_ail_push_all(mp->m_ail); > + > + /* push the AIL to clean dirty reclaimable inodes */ > + xfs_ail_push_all(mp->m_ail); > + This looks spurious vs the rest of the patch. > + if (__xfs_iflags_test(ip, XFS_ISTALE)) { > + spin_unlock(&ip->i_flags_lock); > + if (ip != free_ip) > xfs_iunlock(ip, XFS_ILOCK_EXCL); > - } > + rcu_read_unlock(); > + continue; This unlock out of order. Should be harmless, but also pointless. I think this code would be a lot easier to understand if we fatored this inner loop into a new helper. Untested patch that does, and also removes a no incorrect comment below: diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 1d7e3f575952..16d425174868 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -2510,6 +2510,93 @@ xfs_iunlink_remove( return error; } +static void +xfs_ifree_one_inode( + struct xfs_perag *pag, + struct xfs_inode *free_ip, + struct xfs_buf *bp, + xfs_ino_t ino) +{ + struct xfs_mount *mp = free_ip->i_mount; + struct xfs_inode *ip; + struct xfs_inode_log_item *iip; + +retry: + rcu_read_lock(); + ip = radix_tree_lookup(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, ino)); + if (!ip) + goto out_rcu_unlock; + + /* + * See xfs_dispose_inode() for an explanation of the tests here to avoid + * inode reclaim races. + */ + spin_lock(&ip->i_flags_lock); + if (!ip->i_ino || __xfs_iflags_test(ip, XFS_IRECLAIM)) + goto out_unlock_iflags; + + /* + * The inode isn't in reclaim, but it might be locked by someone else. + * In that case, we retry the inode rather than skipping it completely. + */ + if (ip != free_ip && !xfs_ilock_nowait(ip, XFS_ILOCK_EXCL)) { + spin_unlock(&ip->i_flags_lock); + rcu_read_unlock(); + delay(1); + goto retry; + } + + /* + * Inode is now pinned against reclaim until we unlock it, so now we can + * do the work necessary to mark the inode stale and get it held until + * the cluster freeing transaction is logged. If it's stale, then it has + * already been attached to the buffer and we're done. + */ + if (__xfs_iflags_test(ip, XFS_ISTALE)) + goto out_unlock_ilock; + __xfs_iflags_set(ip, XFS_ISTALE); + spin_unlock(&ip->i_flags_lock); + rcu_read_unlock(); + + /* + * Flush lock will hold off inode reclaim until the buffer completion + * routine runs the xfs_istale_done callback on the inode and unlocks + * it. + */ + xfs_iflock(ip); + + /* + * We don't need to attach clean inodes or those only with unlogged + * changes (which we throw away, anyway). + */ + iip = ip->i_itemp; + if (!iip || xfs_inode_clean(ip)) { + ASSERT(ip != free_ip); + xfs_ifunlock(ip); + goto done; + } + + iip->ili_last_fields = iip->ili_fields; + iip->ili_fields = 0; + iip->ili_fsync_fields = 0; + iip->ili_logged = 1; + xfs_trans_ail_copy_lsn(mp->m_ail, &iip->ili_flush_lsn, + &iip->ili_item.li_lsn); + + xfs_buf_attach_iodone(bp, xfs_istale_done, &iip->ili_item); +done: + if (ip != free_ip) + xfs_iunlock(ip, XFS_ILOCK_EXCL); + return; +out_unlock_ilock: + if (ip != free_ip) + xfs_iunlock(ip, XFS_ILOCK_EXCL); +out_unlock_iflags: + spin_unlock(&ip->i_flags_lock); +out_rcu_unlock: + rcu_read_unlock(); +} + /* * A big issue when freeing the inode cluster is that we _cannot_ skip any * inodes that are in memory - they all must be marked stale and attached to @@ -2527,7 +2614,6 @@ xfs_ifree_cluster( int ioffset; xfs_daddr_t blkno; xfs_buf_t *bp; - xfs_inode_t *ip; xfs_inode_log_item_t *iip; struct xfs_log_item *lip; struct xfs_perag *pag; @@ -2604,99 +2690,9 @@ xfs_ifree_cluster( * buffer and set it up for being staled on buffer IO * completion. This is safe as we've locked out tail pushing * and flushing by locking the buffer. - * - * We have already marked every inode that was part of a - * transaction stale above, which means there is no point in - * even trying to lock them. */ - for (i = 0; i < igeo->inodes_per_cluster; i++) { -retry: - rcu_read_lock(); - ip = radix_tree_lookup(&pag->pag_ici_root, - XFS_INO_TO_AGINO(mp, (inum + i))); - - /* Inode not in memory, nothing to do */ - if (!ip) { - rcu_read_unlock(); - continue; - } - - /* - * See xfs_dispose_inode() for an explanation of the - * tests here to avoid inode reclaim races. - */ - spin_lock(&ip->i_flags_lock); - if (!ip->i_ino || - __xfs_iflags_test(ip, XFS_IRECLAIM)) { - spin_unlock(&ip->i_flags_lock); - rcu_read_unlock(); - continue; - } - - /* - * The inode isn't in reclaim, but it might be locked by - * someone else. In that case, we retry the inode rather - * than skipping it completely. - */ - if (ip != free_ip && - !xfs_ilock_nowait(ip, XFS_ILOCK_EXCL)) { - spin_unlock(&ip->i_flags_lock); - rcu_read_unlock(); - delay(1); - goto retry; - } - - /* - * Inode is now pinned against reclaim until we unlock - * it, so now we can do the work necessary to mark the - * inode stale and get it held until the cluster freeing - * transaction is logged. If it's stale, then it has - * already been attached to the buffer and we're done. - */ - if (__xfs_iflags_test(ip, XFS_ISTALE)) { - spin_unlock(&ip->i_flags_lock); - if (ip != free_ip) - xfs_iunlock(ip, XFS_ILOCK_EXCL); - rcu_read_unlock(); - continue; - } - __xfs_iflags_set(ip, XFS_ISTALE); - spin_unlock(&ip->i_flags_lock); - rcu_read_unlock(); - - /* - * Flush lock will hold off inode reclaim until the - * buffer completion routine runs the xfs_istale_done - * callback on the inode and unlocks it. - */ - xfs_iflock(ip); - - /* - * we don't need to attach clean inodes or those only - * with unlogged changes (which we throw away, anyway). - */ - iip = ip->i_itemp; - if (!iip || xfs_inode_clean(ip)) { - ASSERT(ip != free_ip); - xfs_ifunlock(ip); - if (ip != free_ip) - xfs_iunlock(ip, XFS_ILOCK_EXCL); - continue; - } - - iip->ili_last_fields = iip->ili_fields; - iip->ili_fields = 0; - iip->ili_fsync_fields = 0; - iip->ili_logged = 1; - xfs_trans_ail_copy_lsn(mp->m_ail, &iip->ili_flush_lsn, - &iip->ili_item.li_lsn); - - xfs_buf_attach_iodone(bp, xfs_istale_done, - &iip->ili_item); - - if (ip != free_ip) - xfs_iunlock(ip, XFS_ILOCK_EXCL); - } + for (i = 0; i < igeo->inodes_per_cluster; i++) + xfs_ifree_one_inode(pag, free_ip, bp, inum + i); xfs_trans_stale_inode_buf(tp, bp); xfs_trans_binval(tp, bp);