mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2026-05-22 02:27:36 +03:00
zvol: stop using zvol_state_lock to protect OS-side private data
zvol_state_lock is intended to protect access to the global name->zvol lists (zvol_find_by_name()), but has also been used to control access to OS-side private data, accessed through whatever kernel object is used to represent the volume (gendisk, geom, etc). This appears to have been necessary to some degree because the OS-side object is what's used to get a handle on zvol_state_t, so zv_state_lock and zv_suspend_lock can't be used to manage access, but also, with the private object and the zvol_state_t being shutdown and destroyed at the same time in zvol_os_free(), we must ensure that the private object pointer only ever corresponds to a real zvol_state_t, not one in partial destruction. Taking the global lock seems like a convenient way to ensure this. The problem with this is that zvol_state_lock does not actually protect access to the zvol_state_t internals, so we need to take zv_state_lock and/or zv_suspend_lock. If those are contended, this can then cause OS-side operations (eg zvol_open()) to sleep to wait for them while hold zvol_state_lock. This then blocks out all other OS-side operations which want to get the private data, and any ZFS-side control operations that would take the write half of the lock. It's even worse if ZFS-side operations induce OS-side calls back into the zvol (eg creating a zvol triggers a partition probe inside the kernel, and also a userspace access from udev to set up device links). And it gets even works again if anything decides to defer those ops to a task and wait on them, which zvol_remove_minors_impl() will do under high load. However, since the previous commit, we have a guarantee that the private data pointer will always be NULL'd out in zvol_os_remove_minor() _before_ the zvol_state_t is made invalid, but it won't happen until all users are ejected. So, if we make access to the private object pointer atomic, we remove the need to take a global lockout to access it, and so we can remove all acquisitions of zvol_state_lock from the OS side. While here, I've rewritten much of the locking theory comment at the top of zvol.c. It wasn't wrong, but it hadn't been followed exactly, so I've tried to describe the purpose of each lock in a little more detail, and in particular describe where it should and shouldn't be used. Sponsored-by: Klara, Inc. Sponsored-by: Railway Corporation Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Fedor Uporov <fuporov.vstack@gmail.com> Signed-off-by: Rob Norris <rob.norris@klarasystems.com> Closes #17625
This commit is contained in:
Rob Norris
committed by
Brian Behlendorf
Brian Behlendorf
parent
96f9d271ea
commit
8a0e5e8b54
@@ -679,28 +679,19 @@ zvol_open(struct block_device *bdev, fmode_t flag)
|
||||
|
||||
retry:
|
||||
#endif
|
||||
rw_enter(&zvol_state_lock, RW_READER);
|
||||
/*
|
||||
* Obtain a copy of private_data under the zvol_state_lock to make
|
||||
* sure that either the result of zvol free code path setting
|
||||
* disk->private_data to NULL is observed, or zvol_os_free()
|
||||
* is not called on this zv because of the positive zv_open_count.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_BLK_MODE_T
|
||||
zv = disk->private_data;
|
||||
zv = atomic_load_ptr(&disk->private_data);
|
||||
#else
|
||||
zv = bdev->bd_disk->private_data;
|
||||
zv = atomic_load_ptr(&bdev->bd_disk->private_data);
|
||||
#endif
|
||||
if (zv == NULL) {
|
||||
rw_exit(&zvol_state_lock);
|
||||
return (-SET_ERROR(ENXIO));
|
||||
}
|
||||
|
||||
mutex_enter(&zv->zv_state_lock);
|
||||
|
||||
if (unlikely(zv->zv_flags & ZVOL_REMOVING)) {
|
||||
mutex_exit(&zv->zv_state_lock);
|
||||
rw_exit(&zvol_state_lock);
|
||||
return (-SET_ERROR(ENXIO));
|
||||
}
|
||||
|
||||
@@ -712,8 +703,28 @@ retry:
|
||||
if (zv->zv_open_count == 0) {
|
||||
if (!rw_tryenter(&zv->zv_suspend_lock, RW_READER)) {
|
||||
mutex_exit(&zv->zv_state_lock);
|
||||
|
||||
/*
|
||||
* Removal may happen while the locks are down, so
|
||||
* we can't trust zv any longer; we have to start over.
|
||||
*/
|
||||
#ifdef HAVE_BLK_MODE_T
|
||||
zv = atomic_load_ptr(&disk->private_data);
|
||||
#else
|
||||
zv = atomic_load_ptr(&bdev->bd_disk->private_data);
|
||||
#endif
|
||||
if (zv == NULL)
|
||||
return (-SET_ERROR(ENXIO));
|
||||
|
||||
rw_enter(&zv->zv_suspend_lock, RW_READER);
|
||||
mutex_enter(&zv->zv_state_lock);
|
||||
|
||||
if (unlikely(zv->zv_flags & ZVOL_REMOVING)) {
|
||||
mutex_exit(&zv->zv_state_lock);
|
||||
rw_exit(&zv->zv_suspend_lock);
|
||||
return (-SET_ERROR(ENXIO));
|
||||
}
|
||||
|
||||
/* check to see if zv_suspend_lock is needed */
|
||||
if (zv->zv_open_count != 0) {
|
||||
rw_exit(&zv->zv_suspend_lock);
|
||||
@@ -724,7 +735,6 @@ retry:
|
||||
drop_suspend = B_TRUE;
|
||||
}
|
||||
}
|
||||
rw_exit(&zvol_state_lock);
|
||||
|
||||
ASSERT(MUTEX_HELD(&zv->zv_state_lock));
|
||||
|
||||
@@ -821,11 +831,11 @@ zvol_release(struct gendisk *disk, fmode_t unused)
|
||||
#if !defined(HAVE_BLOCK_DEVICE_OPERATIONS_RELEASE_1ARG)
|
||||
(void) unused;
|
||||
#endif
|
||||
zvol_state_t *zv;
|
||||
boolean_t drop_suspend = B_TRUE;
|
||||
|
||||
rw_enter(&zvol_state_lock, RW_READER);
|
||||
zv = disk->private_data;
|
||||
zvol_state_t *zv = atomic_load_ptr(&disk->private_data);
|
||||
if (zv == NULL)
|
||||
return;
|
||||
|
||||
mutex_enter(&zv->zv_state_lock);
|
||||
ASSERT3U(zv->zv_open_count, >, 0);
|
||||
@@ -839,6 +849,15 @@ zvol_release(struct gendisk *disk, fmode_t unused)
|
||||
mutex_exit(&zv->zv_state_lock);
|
||||
rw_enter(&zv->zv_suspend_lock, RW_READER);
|
||||
mutex_enter(&zv->zv_state_lock);
|
||||
|
||||
/*
|
||||
* Unlike in zvol_open(), we don't check if removal
|
||||
* started here, because we might be one of the openers
|
||||
* that needs to be thrown out! If we're the last, we
|
||||
* need to call zvol_last_close() below to finish
|
||||
* cleanup. So, no special treatment for us.
|
||||
*/
|
||||
|
||||
/* check to see if zv_suspend_lock is needed */
|
||||
if (zv->zv_open_count != 1) {
|
||||
rw_exit(&zv->zv_suspend_lock);
|
||||
@@ -848,7 +867,6 @@ zvol_release(struct gendisk *disk, fmode_t unused)
|
||||
} else {
|
||||
drop_suspend = B_FALSE;
|
||||
}
|
||||
rw_exit(&zvol_state_lock);
|
||||
|
||||
ASSERT(MUTEX_HELD(&zv->zv_state_lock));
|
||||
|
||||
@@ -868,9 +886,10 @@ static int
|
||||
zvol_ioctl(struct block_device *bdev, fmode_t mode,
|
||||
unsigned int cmd, unsigned long arg)
|
||||
{
|
||||
zvol_state_t *zv = bdev->bd_disk->private_data;
|
||||
int error = 0;
|
||||
|
||||
zvol_state_t *zv = atomic_load_ptr(&bdev->bd_disk->private_data);
|
||||
ASSERT3P(zv, !=, NULL);
|
||||
ASSERT3U(zv->zv_open_count, >, 0);
|
||||
|
||||
switch (cmd) {
|
||||
@@ -923,9 +942,8 @@ zvol_check_events(struct gendisk *disk, unsigned int clearing)
|
||||
{
|
||||
unsigned int mask = 0;
|
||||
|
||||
rw_enter(&zvol_state_lock, RW_READER);
|
||||
zvol_state_t *zv = atomic_load_ptr(&disk->private_data);
|
||||
|
||||
zvol_state_t *zv = disk->private_data;
|
||||
if (zv != NULL) {
|
||||
mutex_enter(&zv->zv_state_lock);
|
||||
mask = zv->zv_changed ? DISK_EVENT_MEDIA_CHANGE : 0;
|
||||
@@ -933,17 +951,14 @@ zvol_check_events(struct gendisk *disk, unsigned int clearing)
|
||||
mutex_exit(&zv->zv_state_lock);
|
||||
}
|
||||
|
||||
rw_exit(&zvol_state_lock);
|
||||
|
||||
return (mask);
|
||||
}
|
||||
|
||||
static int
|
||||
zvol_revalidate_disk(struct gendisk *disk)
|
||||
{
|
||||
rw_enter(&zvol_state_lock, RW_READER);
|
||||
zvol_state_t *zv = atomic_load_ptr(&disk->private_data);
|
||||
|
||||
zvol_state_t *zv = disk->private_data;
|
||||
if (zv != NULL) {
|
||||
mutex_enter(&zv->zv_state_lock);
|
||||
set_capacity(zv->zv_zso->zvo_disk,
|
||||
@@ -951,8 +966,6 @@ zvol_revalidate_disk(struct gendisk *disk)
|
||||
mutex_exit(&zv->zv_state_lock);
|
||||
}
|
||||
|
||||
rw_exit(&zvol_state_lock);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
@@ -980,9 +993,10 @@ zvol_os_update_volsize(zvol_state_t *zv, uint64_t volsize)
|
||||
static int
|
||||
zvol_getgeo(struct block_device *bdev, struct hd_geometry *geo)
|
||||
{
|
||||
zvol_state_t *zv = bdev->bd_disk->private_data;
|
||||
sector_t sectors;
|
||||
|
||||
zvol_state_t *zv = atomic_load_ptr(&bdev->bd_disk->private_data);
|
||||
ASSERT3P(zv, !=, NULL);
|
||||
ASSERT3U(zv->zv_open_count, >, 0);
|
||||
|
||||
sectors = get_capacity(zv->zv_zso->zvo_disk);
|
||||
@@ -1415,15 +1429,11 @@ zvol_os_remove_minor(zvol_state_t *zv)
|
||||
ASSERT0(atomic_read(&zv->zv_suspend_ref));
|
||||
ASSERT(zv->zv_flags & ZVOL_REMOVING);
|
||||
|
||||
/*
|
||||
* Cleared while holding zvol_state_lock as a writer
|
||||
* which will prevent zvol_open() from opening it.
|
||||
*/
|
||||
struct zvol_state_os *zso = zv->zv_zso;
|
||||
zv->zv_zso = NULL;
|
||||
|
||||
/* Clearing private_data will make new callers return immediately. */
|
||||
zso->zvo_disk->private_data = NULL;
|
||||
atomic_store_ptr(&zso->zvo_disk->private_data, NULL);
|
||||
|
||||
/*
|
||||
* Drop the state lock before calling del_gendisk(). There may be
|
||||
@@ -1455,17 +1465,6 @@ zvol_os_remove_minor(zvol_state_t *zv)
|
||||
mutex_enter(&zv->zv_state_lock);
|
||||
}
|
||||
|
||||
/*
|
||||
* Cleanup then free a zvol_state_t which was created by zvol_alloc().
|
||||
* At this time, the structure is not opened by anyone, is taken off
|
||||
* the zvol_state_list, and has its private data set to NULL.
|
||||
* The zvol_state_lock is dropped.
|
||||
*
|
||||
* This function may take many milliseconds to complete (e.g. we've seen
|
||||
* it take over 256ms), due to the calls to "blk_cleanup_queue" and
|
||||
* "del_gendisk". Thus, consumers need to be careful to account for this
|
||||
* latency when calling this function.
|
||||
*/
|
||||
void
|
||||
zvol_os_free(zvol_state_t *zv)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user