936524aa02
Removed most of the hacks that were trying to deal with low-memory
situations prior to now.
The new code is based on the concept that I/O must be able to function in
a low memory situation. All major modules related to I/O (except
networking) have been adjusted to allow allocation out of the system
reserve memory pool. These modules now detect a low memory situation but
rather then block they instead continue to operate, then return resources
to the memory pool instead of cache them or leave them wired.
Code has been added to stall in a low-memory situation prior to a vnode
being locked.
Thus situations where a process blocks in a low-memory condition while
holding a locked vnode have been reduced to near nothing. Not only will
I/O continue to operate, but many prior deadlock conditions simply no
longer exist.
Implement a number of VFS/BIO fixes
(found by Ian): in biodone(), bogus-page replacement code, the loop
was not properly incrementing loop variables prior to a continue
statement. We do not believe this code can be hit anyway but we
aren't taking any chances. We'll turn the whole section into a
panic (as it already is in brelse()) after the release is rolled.
In biodone(), the foff calculation was incorrectly
clamped to the iosize, causing the wrong foff to be calculated
for pages in the case of an I/O error or biodone() called without
initiating I/O. The problem always caused a panic before. Now it
doesn't. The problem is mainly an issue with NFS.
Fixed casts for ~PAGE_MASK. This code worked properly before only
because the calculations use signed arithmatic. Better to properly
extend PAGE_MASK first before inverting it for the 64 bit masking
op.
In brelse(), the bogus_page fixup code was improperly throwing
away the original contents of 'm' when it did the j-loop to
fix the bogus pages. The result was that it would potentially
invalidate parts of the *WRONG* page(!), leading to corruption.
There may still be cases where a background bitmap write is
being duplicated, causing potential corruption. We have identified
a potentially serious bug related to this but the fix is still TBD.
So instead this patch contains a KASSERT to detect the problem
and panic the machine rather then continue to corrupt the filesystem.
The problem does not occur very often.. it is very hard to
reproduce, and it may or may not be the cause of the corruption
people have reported.
Review by: (VFS/BIO: mckusick, Ian Dowse <iedowse@maths.tcd.ie>)
Testing by: (VM/Deadlock) Paul Saab <ps@yahoo-inc.com>
|
||
|---|---|---|
| .. | ||
| ffs_alloc.c | ||
| ffs_balloc.c | ||
| ffs_extern.h | ||
| ffs_inode.c | ||
| ffs_snapshot.c | ||
| ffs_softdep_stub.c | ||
| ffs_softdep.c | ||
| ffs_subr.c | ||
| ffs_tables.c | ||
| ffs_vfsops.c | ||
| ffs_vnops.c | ||
| fs.h | ||
| README.snapshot | ||
| README.softupdates | ||
| softdep.h | ||
$FreeBSD$ Using Soft Updates To enable the soft updates feature in your kernel, add option SOFTUPDATES to your kernel configuration. Once you are running a kernel with soft update support, you need to enable it for whichever filesystems you wish to run with the soft update policy. This is done with the -n option to tunefs(8) on the UNMOUNTED filesystems, e.g. from single-user mode you'd do something like: tunefs -n enable /usr To permanently enable soft updates on the /usr filesystem (or at least until a corresponding ``tunefs -n disable'' is done). Soft Updates Copyright Restrictions As of June 2000 the restrictive copyright has been removed and replaced with a `Berkeley-style' copyright. The files implementing soft updates now reside in the sys/ufs/ffs directory and are compiled into the generic kernel by default. Soft Updates Status The soft updates code has been running in production on many systems for the past two years generally quite successfully. The two current sets of shortcomings are: 1) On filesystems that are chronically full, the two minute lag from the time a file is deleted until its free space shows up will result in premature filesystem full failures. This failure mode is most evident in small filesystems such as the root. For this reason, use of soft updates is not recommended on the root filesystem. 2) If your system routines runs parallel processes each of which remove many files, the kernel memory rate limiting code may not be able to slow removal operations to a level sustainable by the disk subsystem. The result is that the kernel runs out of memory and hangs. Both of these problems are being addressed, but have not yet been resolved. There are no other known problems at this time. How Soft Updates Work For more general information on soft updates, please see: http://www.mckusick.com/softdep/ http://www.ece.cmu.edu/~ganger/papers/CSE-TR-254-95/ -- Marshall Kirk McKusick <mckusick@mckusick.com> July 2000