Fix inode eviction and sync writeback deadlock on Linux #17159
Conversation
If inode eviction and sync writeback happen on the same inode at the same time, inode eviction will set I_FREEING and wait for sync writeback, and sync writeback may eventually calls zfs_get_data and loop in zfs_zget forever because igrab cannot succeed with I_FREEING, thus causing deadlock. To fix this, in zfs_get_data we call a variant of zfs_zget where we bailout on loop if I_SYNC flag is set, and force the caller to wait for txg sync. Signed-off-by: Chunwei Chen <[email protected]> Fixes openzfs#7964 Fixes openzfs#9430
| @@ -1149,10 +1149,21 @@ zfs_get_data(void *arg, uint64_t gen, lr_write_t *lr, char *buf, | |||
| ASSERT3P(lwb, !=, NULL); | |||
| ASSERT3U(size, !=, 0); | |||
|
|
|||
| error = zfs_zget_impl(zfsvfs, object, &zp, B_TRUE); | |||
| #if defined(__linux__) | |||
There was a problem hiding this comment.
I added ifdef because I'm not sure if it's possible to return EAGAIN on freebsd or not.
But I guess looking at the caller, it doesn't really matter if we return EAGAIN or EIO.
There was a problem hiding this comment.
perhaps it would be more clean to enhance zil_lwb_commit, which is the user of zfs_get_data, to recognize EAGAIN, I think
| @@ -1149,10 +1149,21 @@ zfs_get_data(void *arg, uint64_t gen, lr_write_t *lr, char *buf, | |||
| ASSERT3P(lwb, !=, NULL); | |||
| ASSERT3U(size, !=, 0); | |||
|
|
|||
| error = zfs_zget_impl(zfsvfs, object, &zp, B_TRUE); | |||
| #if defined(__linux__) | |||
There was a problem hiding this comment.
perhaps it would be more clean to enhance zil_lwb_commit, which is the user of zfs_get_data, to recognize EAGAIN, I think
| * path, i.e. zfs_get_data, if inode is being | ||
| * evicted and I_SYNC is also set. | ||
| */ | ||
| if (check_sync && (ZTOI(zp)->i_state & I_SYNC)) |
There was a problem hiding this comment.
maybe you can move this before the igrab, take the i_lock and check for I_FREEING and I_SYNC and if they are both set, bail out of the original zfs_zget without the need for zfs_zget_impl - have you already considered it? am I overlooking something?
There was a problem hiding this comment.
The only place that needs bail out is if you are in writeback context, either you are the one setting I_SYNC or whoever set it is blocked by you.
If you do bailout for other caller then you will get errors randomly in all sorts of places for no good reason.
There was a problem hiding this comment.
I_SYNC is set in two kernel functions, writeback_sb_inodes, writeback_single_inode. So if you check for I_SYNC and I_FREEING and you use i_lock correctly as you're supposed to, you get more clean and also reliable solution. How is what am saying wrong specifically and why? Which tons of errors?
There was a problem hiding this comment.
@snajpa
I_FREEING and I_SYNC is set on the inode. Every one trying to do zfs_zget will see them. So if you don't have any restriction on caller then every one will bailout and got error as long as eviction and writeback is happening at the same time.
There was a problem hiding this comment.
well.. I tried playing around with it and it seems like it would be an interesting project to get to the bottom of maybe few other lurking bugs, forcing one to go around and look at how errors from zfs_zget are handled all over the codebase - I think there's a thing in direct IO I'll try to tackle if I find time; but that's not relevant to resolving the deadlock, so, yeah, no easy way other than the _impl split :)
|
@snajpa would you mind taking another look at this one when you get a chance? |
I mean I don't like it, because now evicting inodes with dirty data will cause txg closing, as fallback of not being able to do I think we should do something specifically in case the inode is evicting and syncing both, when @tuxoko how about this: If there's or please demonstrate if I'm wrong in my expectation that this will cause txg flushing even in cases of memory cgroup triggered evictions, how am I wrong specifically - we can't be closing txgs on evict (in my very strongly held opinion, because I do have problems with closing txgs faster than 2-3 seconds on our setups as we rely on the writeback mechanisms in ZFS, also want them to reduce rewrites) and also please consider that |
|
@snajpa Also, if you are using O_SYNC, you are expecting your write(2) to be sync during the call, so there's no inode eviction in picture as you hold the fd as you do write(2). |
|
Lots of software do mmap, we in particular do everything, because we run containers in containers on big boxes and OpenZFS so far has been the most performant option for our use-case in practice, even though microbenchmarks on otherwise idle boxes might not agree :) If this ends up triggering txg flushes on in-container inode evicts, I'm going to have to modify it in some way (if as I outlined works then that way) |
|
But then of course currently, due to the very bug you're trying to solve, we have to run with |
|
@snajpa |
|
Just to clarify, I don't disagree trying to gracefully get the znode and let zil commit continues normally would be better. |
|
Depends, it's only the first case of this happening currently, that deadlocks the machine, so that's the one we know about :) but if this happens continually in multiple cgroups in a loop and there isn't a deadlock, then we will still have to run with |
If inode eviction and sync writeback happen on the same inode at the same time, inode eviction will set I_FREEING and wait for sync writeback, and sync writeback may eventually calls zfs_get_data and loop in zfs_zget forever because igrab cannot succeed with I_FREEING, thus causing deadlock.
To fix this, in zfs_get_data we call a variant of zfs_zget where we bailout on loop if I_SYNC flag is set, and force the caller to wait for txg sync.
Signed-off-by: Chunwei Chen [email protected]
Fixes #7964
Fixes #9430
Motivation and Context
Description
How Has This Been Tested?
Types of changes
Checklist:
Signed-off-by.