[Cluster-devel] GFS2: Pull request (merge window)

[Bob Peterson]

Hi Linus,

Please consider pulling the following changes for the GFS2 file system.

Regards,

Bob Peterson

The following changes since commit 40e020c129cfc991e8ab4736d2665351ffd1468d:

  Linux 4.20-rc6 (2018-12-09 15:31:00 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git 
tags/gfs2-4.21.fixes

for you to fetch changes up to bc0205612bbd4dd4026d4ba6287f5643c37366ec:

  gfs2: take jdata unstuff into account in do_grow (2018-12-18 10:49:02 -0600)


We've got 11 patches for this merge window:

 - Enhancements and performance improvements to journal replay (Abhi Das)

 - Cleanup of gfs2_is_ordered and gfs2_is_writeback (Andreas Gruenbacher)

 - Fix a potential double-free in inode creation (Andreas Gruenbacher)

 - Fix the bitmap search loop that was searching too far (Andreas Gruenbacher)

 - Various cleanups (Andreas Gruenbacher, Bob Peterson)

 - Implement Steve Whitehouse's patch to dump nrpages for inodes (Bob Peterson)

 - Fix a withdraw bug where stuffed journaled data files didn't allocate
   enough journal space to be grown (Bob Peterson)


Abhi Das (4):
  gfs2: add more timing info to journal recovery process
  gfs2: changes to gfs2_log_XXX_bio
  gfs2: add a helper function to get_log_header that can be used elsewhere
  gfs2: read journal in large chunks to locate the head

Andreas Gruenbacher (4):
  gfs2: Clean up gfs2_is_{ordered,writeback}
  gfs2: Fix the gfs2_invalidatepage description
  gfs2: Get rid of potential double-freeing in gfs2_create_inode
  gfs2: Fix loop in gfs2_rbm_find

Bob Peterson (3):
  gfs2: Remove vestigial bd_ops
  gfs2: Dump nrpages for inodes and their glocks
  gfs2: take jdata unstuff into account in do_grow

 fs/gfs2/aops.c   |  16 ++--
 fs/gfs2/bmap.c   |  10 +-
 fs/gfs2/glock.c  |   2 +-
 fs/gfs2/glock.h  |   2 +-
 fs/gfs2/glops.c  |  17 +++-
 fs/gfs2/incore.h |   3 +-
 fs/gfs2/inode.c  |  18 ++--
 fs/gfs2/inode.h  |  10 +-
 fs/gfs2/log.c|   5 +-
 fs/gfs2/log.h|   5 +-
 fs/gfs2/lops.c   | 257 +++
 fs/gfs2/lops.h   |   4 +-
 fs/gfs2/ops_fstype.c |   1 +
 fs/gfs2/recovery.c   | 178 +++
 fs/gfs2/recovery.h   |   5 +-
 fs/gfs2/rgrp.c   |   4 +-
 fs/gfs2/rgrp.h   |   2 +-
 fs/gfs2/super.c  |   1 +
 fs/gfs2/trans.c  |   8 +-
 19 files changed, 317 insertions(+), 231 deletions(-)

Re: [Cluster-devel] [GFS2 PATCH] gfs2: Panic when an io error occurs writing

[Steven Whitehouse]

Hi,

On 18/12/2018 16:09, Mark Syms wrote:

Thanks Bob,

We believe we have seen these issues from time to time in our automated testing 
but I suspect that they're indicating a configuration problem with the backing 
storage. For flexibility a proportion of our purely functional testing will use 
storage provided by a VM running a software iSCSI target and these tests seem 
to be somewhat susceptible to getting I/O errors, some of which will inevitably 
end up being in the journal. If we start to see a lot we'll need to look at the 
config of the VMs first I think.

Mark.


I think there are a few things here... firstly Bob is right that in 
general if we are going to retry I/O, then this would be done at the 
block layer, by multipath for example. However, having a way to 
gracefully deal with failure aside from fencing/rebooting a node is useful.


One issue with that is tracking outstanding I/O. For the journal we do 
that anyway, since we count the number of in flight I/Os. In other cases 
this is more difficult, for example where we use the VFS library 
functions for readpages/writepages. If we were able to track all the I/O 
that GFS2 produces and be certain to be able to turn off future I/O (or 
writes at least) internally then we could avoid using the dm based 
solution for withdraw that we currently have. That would be an 
improvement in terms of reliability.


The other issue is the one that Bob has been looking at, namely a way to 
signal that recovery is due, but without requiring fencing. If we can 
solve both of those issues, then that would certainly go a long way 
towards improving this,


Steve.




-Original Message-
From: Bob Peterson 
Sent: 18 December 2018 15:52
To: Mark Syms 
Cc: cluster-devel@redhat.com
Subject: Re: [Cluster-devel] [GFS2 PATCH] gfs2: Panic when an io error occurs 
writing

- Original Message -

Hi Bob,

I agree, it's a hard problem. I'm just trying to understand that we've
done the absolute best we can and that if this condition is hit then
the best solution really is to just kill the node. I guess it's also a
question of how common this actually ends up being. We have now got
customers starting to use GFS2 for VM storage on XenServer so I guess
we'll just have to see how many support calls we get in on it.

Thanks,

Mark.

Hi Mark,

I don't expect the problem to be very common in the real world.
The user has to get IO errors while writing to the GFS2 journal, which is not 
very common. The patch is basically reacting to a phenomenon we recently 
started noticing in which the HBA (qla2xxx) driver shuts down and stops 
accepting requests when you do abnormal reboots (which we sometimes do to test 
node recovery). In these cases, the node doesn't go down right away.
It stays up just long enough to cause IO errors with subsequent withdraws, 
which, we discovered, results in file system corruption.
Normal reboots, "/sbin/reboot -fin", and "echo b > /proc/sysrq-trigger" should 
not have this problem, nor should node fencing, etc.

And like I said, I'm open to suggestions on how to fix it. I wish there was a 
better solution.

As it is, I'd kind of like to get something into this merge window for the 
upstream kernel, but I'll need to submit the pull request for that probably 
tomorrow or Thursday. If we find a better solution, we can always revert these 
changes and implement a new one.

Regards,

Bob Peterson