// SPDX-License-Identifier: GPL-2.0+ /* * Copyright (C) 2016 Oracle. All Rights Reserved. * Author: Darrick J. Wong <[email protected]> */ #include "xfs.h" #include "xfs_fs.h" #include "xfs_shared.h" #include "xfs_format.h" #include "xfs_log_format.h" #include "xfs_trans_resv.h" #include "xfs_mount.h" #include "xfs_defer.h" #include "xfs_inode.h" #include "xfs_trans.h" #include "xfs_bmap.h" #include "xfs_bmap_util.h" #include "xfs_trace.h" #include "xfs_icache.h" #include "xfs_btree.h" #include "xfs_refcount_btree.h" #include "xfs_refcount.h" #include "xfs_bmap_btree.h" #include "xfs_trans_space.h" #include "xfs_bit.h" #include "xfs_alloc.h" #include "xfs_quota.h" #include "xfs_reflink.h" #include "xfs_iomap.h" #include "xfs_ag.h" #include "xfs_ag_resv.h" #include "xfs_health.h" /* * Copy on Write of Shared Blocks * * XFS must preserve "the usual" file semantics even when two files share * the same physical blocks. This means that a write to one file must not * alter the blocks in a different file; the way that we'll do that is * through the use of a copy-on-write mechanism. At a high level, that * means that when we want to write to a shared block, we allocate a new * block, write the data to the new block, and if that succeeds we map the * new block into the file. * * XFS provides a "delayed allocation" mechanism that defers the allocation * of disk blocks to dirty-but-not-yet-mapped file blocks as long as * possible. This reduces fragmentation by enabling the filesystem to ask * for bigger chunks less often, which is exactly what we want for CoW. * * The delalloc mechanism begins when the kernel wants to make a block * writable (write_begin or page_mkwrite). If the offset is not mapped, we * create a delalloc mapping, which is a regular in-core extent, but without * a real startblock. (For delalloc mappings, the startblock encodes both * a flag that this is a delalloc mapping, and a worst-case estimate of how * many blocks might be required to put the mapping into the BMBT.) delalloc * mappings are a reservation against the free space in the filesystem; * adjacent mappings can also be combined into fewer larger mappings. * * As an optimization, the CoW extent size hint (cowextsz) creates * outsized aligned delalloc reservations in the hope of landing out of * order nearby CoW writes in a single extent on disk, thereby reducing * fragmentation and improving future performance. * * D: --RRRRRRSSSRRRRRRRR--- (data fork) * C: ------DDDDDDD--------- (CoW fork) * * When dirty pages are being written out (typically in writepage), the * delalloc reservations are converted into unwritten mappings by * allocating blocks and replacing the delalloc mapping with real ones. * A delalloc mapping can be replaced by several unwritten ones if the * free space is fragmented. * * D: --RRRRRRSSSRRRRRRRR--- * C: ------UUUUUUU--------- * * We want to adapt the delalloc mechanism for copy-on-write, since the * write paths are similar. The first two steps (creating the reservation * and allocating the blocks) are exactly the same as delalloc except that * the mappings must be stored in a separate CoW fork because we do not want * to disturb the mapping in the data fork until we're sure that the write * succeeded. IO completion in this case is the process of removing the old * mapping from the data fork and moving the new mapping from the CoW fork to * the data fork. This will be discussed shortly. * * For now, unaligned directio writes will be bounced back to the page cache. * Block-aligned directio writes will use the same mechanism as buffered * writes. * * Just prior to submitting the actual disk write requests, we convert * the extents representing the range of the file actually being written * (as opposed to extra pieces created for the cowextsize hint) to real * extents. This will become important in the next step: * * D: --RRRRRRSSSRRRRRRRR--- * C: ------UUrrUUU--------- * * CoW remapping must be done after the data block write completes, * because we don't want to destroy the old data fork map until we're sure * the new block has been written. Since the new mappings are kept in a * separate fork, we can simply iterate these mappings to find the ones * that cover the file blocks that we just CoW'd. For each extent, simply * unmap the corresponding range in the data fork, map the new range into * the data fork, and remove the extent from the CoW fork. Because of * the presence of the cowextsize hint, however, we must be careful * only to remap the blocks that we've actually written out -- we must * never remap delalloc reservations nor CoW staging blocks that have * yet to be written. This corresponds exactly to the real extents in * the CoW fork: * * D: --RRRRRRrrSRRRRRRRR--- * C: ------UU--UUU--------- * * Since the remapping operation can be applied to an arbitrary file * range, we record the need for the remap step as a flag in the ioend * instead of declaring a new IO type. This is required for direct io * because we only have ioend for the whole dio, and we have to be able to * remember the presence of unwritten blocks and CoW blocks with a single * ioend structure. Better yet, the more ground we can cover with one * ioend, the better. */ /* * Given an AG extent, find the lowest-numbered run of shared blocks * within that range and return the range in fbno/flen. If * find_end_of_shared is true, return the longest contiguous extent of * shared blocks. If there are no shared extents, fbno and flen will * be set to NULLAGBLOCK and 0, respectively. */ static int xfs_reflink_find_shared( struct xfs_perag *pag, struct xfs_trans *tp, xfs_agblock_t agbno, xfs_extlen_t aglen, xfs_agblock_t *fbno, xfs_extlen_t *flen, bool find_end_of_shared) { … } /* * Trim the mapping to the next block where there's a change in the * shared/unshared status. More specifically, this means that we * find the lowest-numbered extent of shared blocks that coincides with * the given block mapping. If the shared extent overlaps the start of * the mapping, trim the mapping to the end of the shared extent. If * the shared region intersects the mapping, trim the mapping to the * start of the shared extent. If there are no shared regions that * overlap, just return the original extent. */ int xfs_reflink_trim_around_shared( struct xfs_inode *ip, struct xfs_bmbt_irec *irec, bool *shared) { … } int xfs_bmap_trim_cow( struct xfs_inode *ip, struct xfs_bmbt_irec *imap, bool *shared) { … } static int xfs_reflink_convert_cow_locked( struct xfs_inode *ip, xfs_fileoff_t offset_fsb, xfs_filblks_t count_fsb) { … } /* Convert all of the unwritten CoW extents in a file's range to real ones. */ int xfs_reflink_convert_cow( struct xfs_inode *ip, xfs_off_t offset, xfs_off_t count) { … } /* * Find the extent that maps the given range in the COW fork. Even if the extent * is not shared we might have a preallocation for it in the COW fork. If so we * use it that rather than trigger a new allocation. */ static int xfs_find_trim_cow_extent( struct xfs_inode *ip, struct xfs_bmbt_irec *imap, struct xfs_bmbt_irec *cmap, bool *shared, bool *found) { … } static int xfs_reflink_convert_unwritten( struct xfs_inode *ip, struct xfs_bmbt_irec *imap, struct xfs_bmbt_irec *cmap, bool convert_now) { … } static int xfs_reflink_fill_cow_hole( struct xfs_inode *ip, struct xfs_bmbt_irec *imap, struct xfs_bmbt_irec *cmap, bool *shared, uint *lockmode, bool convert_now) { … } static int xfs_reflink_fill_delalloc( struct xfs_inode *ip, struct xfs_bmbt_irec *imap, struct xfs_bmbt_irec *cmap, bool *shared, uint *lockmode, bool convert_now) { … } /* Allocate all CoW reservations covering a range of blocks in a file. */ int xfs_reflink_allocate_cow( struct xfs_inode *ip, struct xfs_bmbt_irec *imap, struct xfs_bmbt_irec *cmap, bool *shared, uint *lockmode, bool convert_now) { … } /* * Cancel CoW reservations for some block range of an inode. * * If cancel_real is true this function cancels all COW fork extents for the * inode; if cancel_real is false, real extents are not cleared. * * Caller must have already joined the inode to the current transaction. The * inode will be joined to the transaction returned to the caller. */ int xfs_reflink_cancel_cow_blocks( struct xfs_inode *ip, struct xfs_trans **tpp, xfs_fileoff_t offset_fsb, xfs_fileoff_t end_fsb, bool cancel_real) { … } /* * Cancel CoW reservations for some byte range of an inode. * * If cancel_real is true this function cancels all COW fork extents for the * inode; if cancel_real is false, real extents are not cleared. */ int xfs_reflink_cancel_cow_range( struct xfs_inode *ip, xfs_off_t offset, xfs_off_t count, bool cancel_real) { … } /* * Remap part of the CoW fork into the data fork. * * We aim to remap the range starting at @offset_fsb and ending at @end_fsb * into the data fork; this function will remap what it can (at the end of the * range) and update @end_fsb appropriately. Each remap gets its own * transaction because we can end up merging and splitting bmbt blocks for * every remap operation and we'd like to keep the block reservation * requirements as low as possible. */ STATIC int xfs_reflink_end_cow_extent( struct xfs_inode *ip, xfs_fileoff_t *offset_fsb, xfs_fileoff_t end_fsb) { … } /* * Remap parts of a file's data fork after a successful CoW. */ int xfs_reflink_end_cow( struct xfs_inode *ip, xfs_off_t offset, xfs_off_t count) { … } /* * Free all CoW staging blocks that are still referenced by the ondisk refcount * metadata. The ondisk metadata does not track which inode created the * staging extent, so callers must ensure that there are no cached inodes with * live CoW staging extents. */ int xfs_reflink_recover_cow( struct xfs_mount *mp) { … } /* * Reflinking (Block) Ranges of Two Files Together * * First, ensure that the reflink flag is set on both inodes. The flag is an * optimization to avoid unnecessary refcount btree lookups in the write path. * * Now we can iteratively remap the range of extents (and holes) in src to the * corresponding ranges in dest. Let drange and srange denote the ranges of * logical blocks in dest and src touched by the reflink operation. * * While the length of drange is greater than zero, * - Read src's bmbt at the start of srange ("imap") * - If imap doesn't exist, make imap appear to start at the end of srange * with zero length. * - If imap starts before srange, advance imap to start at srange. * - If imap goes beyond srange, truncate imap to end at the end of srange. * - Punch (imap start - srange start + imap len) blocks from dest at * offset (drange start). * - If imap points to a real range of pblks, * > Increase the refcount of the imap's pblks * > Map imap's pblks into dest at the offset * (drange start + imap start - srange start) * - Advance drange and srange by (imap start - srange start + imap len) * * Finally, if the reflink made dest longer, update both the in-core and * on-disk file sizes. * * ASCII Art Demonstration: * * Let's say we want to reflink this source file: * * ----SSSSSSS-SSSSS----SSSSSS (src file) * <--------------------> * * into this destination file: * * --DDDDDDDDDDDDDDDDDDD--DDD (dest file) * <--------------------> * '-' means a hole, and 'S' and 'D' are written blocks in the src and dest. * Observe that the range has different logical offsets in either file. * * Consider that the first extent in the source file doesn't line up with our * reflink range. Unmapping and remapping are separate operations, so we can * unmap more blocks from the destination file than we remap. * * ----SSSSSSS-SSSSS----SSSSSS * <-------> * --DDDDD---------DDDDD--DDD * <-------> * * Now remap the source extent into the destination file: * * ----SSSSSSS-SSSSS----SSSSSS * <-------> * --DDDDD--SSSSSSSDDDDD--DDD * <-------> * * Do likewise with the second hole and extent in our range. Holes in the * unmap range don't affect our operation. * * ----SSSSSSS-SSSSS----SSSSSS * <----> * --DDDDD--SSSSSSS-SSSSS-DDD * <----> * * Finally, unmap and remap part of the third extent. This will increase the * size of the destination file. * * ----SSSSSSS-SSSSS----SSSSSS * <-----> * --DDDDD--SSSSSSS-SSSSS----SSS * <-----> * * Once we update the destination file's i_size, we're done. */ /* * Ensure the reflink bit is set in both inodes. */ STATIC int xfs_reflink_set_inode_flag( struct xfs_inode *src, struct xfs_inode *dest) { … } /* * Update destination inode size & cowextsize hint, if necessary. */ int xfs_reflink_update_dest( struct xfs_inode *dest, xfs_off_t newlen, xfs_extlen_t cowextsize, unsigned int remap_flags) { … } /* * Do we have enough reserve in this AG to handle a reflink? The refcount * btree already reserved all the space it needs, but the rmap btree can grow * infinitely, so we won't allow more reflinks when the AG is down to the * btree reserves. */ static int xfs_reflink_ag_has_free_space( struct xfs_mount *mp, xfs_agnumber_t agno) { … } /* * Remap the given extent into the file. The dmap blockcount will be set to * the number of blocks that were actually remapped. */ STATIC int xfs_reflink_remap_extent( struct xfs_inode *ip, struct xfs_bmbt_irec *dmap, xfs_off_t new_isize) { … } /* Remap a range of one file to the other. */ int xfs_reflink_remap_blocks( struct xfs_inode *src, loff_t pos_in, struct xfs_inode *dest, loff_t pos_out, loff_t remap_len, loff_t *remapped) { … } /* * If we're reflinking to a point past the destination file's EOF, we must * zero any speculative post-EOF preallocations that sit between the old EOF * and the destination file offset. */ static int xfs_reflink_zero_posteof( struct xfs_inode *ip, loff_t pos) { … } /* * Prepare two files for range cloning. Upon a successful return both inodes * will have the iolock and mmaplock held, the page cache of the out file will * be truncated, and any leases on the out file will have been broken. This * function borrows heavily from xfs_file_aio_write_checks. * * The VFS allows partial EOF blocks to "match" for dedupe even though it hasn't * checked that the bytes beyond EOF physically match. Hence we cannot use the * EOF block in the source dedupe range because it's not a complete block match, * hence can introduce a corruption into the file that has it's block replaced. * * In similar fashion, the VFS file cloning also allows partial EOF blocks to be * "block aligned" for the purposes of cloning entire files. However, if the * source file range includes the EOF block and it lands within the existing EOF * of the destination file, then we can expose stale data from beyond the source * file EOF in the destination file. * * XFS doesn't support partial block sharing, so in both cases we have check * these cases ourselves. For dedupe, we can simply round the length to dedupe * down to the previous whole block and ignore the partial EOF block. While this * means we can't dedupe the last block of a file, this is an acceptible * tradeoff for simplicity on implementation. * * For cloning, we want to share the partial EOF block if it is also the new EOF * block of the destination file. If the partial EOF block lies inside the * existing destination EOF, then we have to abort the clone to avoid exposing * stale data in the destination file. Hence we reject these clone attempts with * -EINVAL in this case. */ int xfs_reflink_remap_prep( struct file *file_in, loff_t pos_in, struct file *file_out, loff_t pos_out, loff_t *len, unsigned int remap_flags) { … } /* Does this inode need the reflink flag? */ int xfs_reflink_inode_has_shared_extents( struct xfs_trans *tp, struct xfs_inode *ip, bool *has_shared) { … } /* * Clear the inode reflink flag if there are no shared extents. * * The caller is responsible for joining the inode to the transaction passed in. * The inode will be joined to the transaction that is returned to the caller. */ int xfs_reflink_clear_inode_flag( struct xfs_inode *ip, struct xfs_trans **tpp) { … } /* * Clear the inode reflink flag if there are no shared extents and the size * hasn't changed. */ STATIC int xfs_reflink_try_clear_inode_flag( struct xfs_inode *ip) { … } /* * Pre-COW all shared blocks within a given byte range of a file and turn off * the reflink flag if we unshare all of the file's blocks. */ int xfs_reflink_unshare( struct xfs_inode *ip, xfs_off_t offset, xfs_off_t len) { … }
Codebase Browser
linux