On Wed, Oct 21, 2020 at 05:55:19AM -0400, Brian Foster wrote:
> On Wed, Oct 21, 2020 at 11:19:28AM +0800, Gao Xiang wrote:
> > On Tue, Oct 20, 2020 at 10:50:12AM -0400, Brian Foster wrote:
> > > On Thu, Oct 15, 2020 at 09:49:15AM +0800, Gao Xiang wrote:
> >
> > ...
> >
> > > > >
> > > > > Interesting... this seems fundamentally sane when narrowing the scope
> > > > > down to tail AG shrinking. Does xfs_repair flag any issues in the simple
> > > > > tail AG shrink case?
> > > >
> > > > Yeah, I ran xfs_repair together as well, For smaller sizes, it seems
> > > > all fine, but I did observe some failure when much larger values
> > > > passed in, so as a formal patch, it really needs to be solved later.
> > > >
> > >
> > > I'm curious to see what xfs_repair complained about if you have a record
> > > of it. That might call out some other things we could be overlooking.
> >
> > Sorry for somewhat slow progress...
> >
> > it could show random "SB summary counter sanity check failed" runtime message
> > when the shrink size is large (much close to ag start).
> >
>
> Ok. That error looks associated with a few different checks:
>
> if (XFS_BUF_ADDR(bp) == XFS_SB_DADDR && !sbp->sb_inprogress &&
> (sbp->sb_fdblocks > sbp->sb_dblocks ||
> !xfs_verify_icount(mp, sbp->sb_icount) ||
> sbp->sb_ifree > sbp->sb_icount)) {
> xfs_warn(mp, "SB summary counter sanity check failed");
> return -EFSCORRUPTED;
> }
>
> Though I think the inode counters should be a subset of allocated space
> (i.e. inode chunks) so are unlikely to be impacted by a removal of free
> space. Without looking into details, I'd guess it's most likely just an
> accounting bug and it's easiest to dump the relevant values that land in
> the superblock and work backwards from there. FWIW, the followon
> shutdown, repair (dirty log) and log recovery behavior (write and read
> verifier failures) are typical and to be expected on metadata
> corruption. IOW, I suspect that if we address the write verifier
> failure, the followon issues will likely be resolved as well.
After looking into a little bit, the exact failure condition is
sbp->sb_fdblocks > sbp->sb_dblocks,
and it seems sbp->sb_fdblocks doesn't decrease as expected when the shrink
size is large (in fact, it's still the number as the origin compared with
correct small shrink size) I'm still looking into what's exactly happening.
>
...
> > >
> > > It's probably debatable as to whether we should reduce the size of the
> > > shrink or just fail the operation, but I think to increase the size of
> > > the shrink from what the user requested (even if it occurs "by accident"
> > > due to the AG size rules) is inappropriate. With regard to the former,
> > > have you looked into how shrink behaves on other filesystems (ext4)? I
> > > think one advantage of shrinking what's available is to at least give
> > > the user an opportunity to make incremental progress.
> >
> > I quickly check what resize2fs does.
> >
> > errcode_t adjust_fs_info(ext2_filsys fs, ext2_filsys old_fs,
> > ext2fs_block_bitmap reserve_blocks, blk64_t new_size)
> > ...
> > ext2fs_blocks_count_set(fs->super, new_size);
> > fs->super->s_overhead_clusters = 0;
> >
> > retry:
> > ...
> > /*
> > * Overhead is the number of bookkeeping blocks per group. It
> > * includes the superblock backup, the group descriptor
> > * backups, the inode bitmap, the block bitmap, and the inode
> > * table.
> > */
> > overhead = (int) (2 + fs->inode_blocks_per_group);
> > ...
> > /*
> > * See if the last group is big enough to support the
> > * necessary data structures. If not, we need to get rid of
> > * it.
> > */
> > rem = (ext2fs_blocks_count(fs->super) - fs->super->s_first_data_block) %
> > fs->super->s_blocks_per_group;
> > if ((fs->group_desc_count == 1) && rem && (rem < overhead))
> > return EXT2_ET_TOOSMALL;
> > if ((fs->group_desc_count > 1) && rem && (rem < overhead+50)) {
> > ext2fs_blocks_count_set(fs->super,
> > ext2fs_blocks_count(fs->super) - rem);
> > goto retry;
> > }
> >
> > from the code itself it seems for some cases it increases the size of
> > the shrink from what the user requested. and for the other cases, it
> > just errors out.
> >
> > and I also tried with some configuration:
> >
> > First block: 1
> > Block size: 1024
> > Fragment size: 1024
> > Group descriptor size: 64
> > Reserved GDT blocks: 256
> > Blocks per group: 8192
> > Fragments per group: 8192
> > Inodes per group: 2016
> > Inode blocks per group: 252
> >
> > # resize2fs test.ext4.img 262500
> > resize2fs 1.44.5 (15-Dec-2018)
> > Resizing the filesystem on test.ext4.img to 262500 (1k) blocks.
> > The filesystem on test.ext4.img is now 262500 (1k) blocks long.
> >
> > # resize2fs test.ext4.img 262403
> > resize2fs 1.44.5 (15-Dec-2018)
> > Resizing the filesystem on test.ext4.img to 262403 (1k) blocks.
> > The filesystem on test.ext4.img is now 262145 (1k) blocks long.
> >
>
> Interesting. It looks like there's similar logic around having a minimum
> size "allocation group" to support internal structures, but I really
> don't know enough about ext4 to comment further. I suppose this behavior
> does make sense if you consider that a common purpose of shrink is to
> inform the filesystem of a pending block device size change. In that
> case, the desired result is to ensure the fs fits within the new,
> smaller device and thus it might make sense to either increase the size
> of the shrink and otherwise have straightforward success or failure
> semantics. Thanks for the research.
Yeah, I'm fine with either of that if we document the behavior well.
Thanks,
Gao Xiang
>
> Brian
>
