Deadlock between nfsd and snapshots.

Kostik Belousov kostikbel at gmail.com
Wed Aug 23 04:40:56 UTC 2006 

On Tue, Aug 22, 2006 at 09:46:38PM +0000, Tor Egge wrote:
> > 2. All places that currently set IN_ACCESS, instead would increment
> > i_accessed using the atomic ops. ufs_itimes shall update i_access
> > under some mutex if i_accessed is greater than zero.
>
> Protecting the existing i_flag and the timestamps with the vnode
> interlock when the current thread only has a shared vnode lock should
> be sufficient to protect against the races, removing the need for #3,
> #4 and #4 below.
>
> What's left is avoiding setting IN_MODIFIED when it's unsafe, to
> protect against the deadlock.

So, I will do the following:

1. Protect both setting and reading inode times and i_flag with vnode
interlock. This shall be done through all the sys/ufs/*/* code.

2. Modify ufs_itimes:
> If neither IN_CHANGE nor IN_UPDATE is set then it might be unsafe to
> set IN_MODIFIED since the file system might be suspended or in the
> process of being suspended with the vnode sync loop in ffs_sync()
> having iterated past the vnode.
In other words, if IN_CHANGE or IN_UPDATE are already set, I can
safely convert IN_ACCESS into IN_MOD.

Otherwise, I shall implemented the algorithm below. Suspending/suspended
checks need to take MNT_ILOCK.

>
> If the file system is suspended then IN_MODIFIED cannot be set. If
> IN_MODIFIED, IN_CHANGE or IN_UPDATE is set and the file system is
> suspended then something is wrong.
>
> If the file system is in the process of being suspended then
> IN_MODIFIED can be set at the cost of triggering a restart of the
> vnode sync loop in ffs_sync(). If either IN_MODIFIED, IN_CHANGE or
> IN_UPDATE is already set then the vnode sync loop has not reached the
> vnode, and a restart isn't needed.
>
> When ufs_itimes() cannot set IN_MODIFIED then it has to either risk
> losing the access time update or use some mechanism to defer it (e.g.
> set IN_LAZYMOD or a new flag and let process_deferred_inactive() set
> IN_MODIFIED after the file system has been resumed).
>
BTW, shall the test for MNT_RDONLY in the ufs_itimes moved earlier ?

3. Add the process_deferred_lazymod procedure, called from ffs_snapshot
before proc_deferred_inactive, that shall convert IN_LAZYMOD | IN_ACCESS
into IN_MODIFIED. To be safe, the proc_def_lazymod needs vn_start_write braces.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-fs/attachments/20060823/d9caa546/attachment.pgp

More information about the freebsd-fs mailing list