/* * Code for moving data off a device. */ #include "bcachefs.h" #include "btree_update.h" #include "buckets.h" #include "extents.h" #include "io.h" #include "journal.h" #include "keylist.h" #include "migrate.h" #include "move.h" #include "super-io.h" static int issue_migration_move(struct bch_dev *ca, struct moving_context *ctxt, struct bkey_s_c k) { struct bch_fs *c = ca->fs; struct disk_reservation res; const struct bch_extent_ptr *ptr; int ret; if (bch2_disk_reservation_get(c, &res, k.k->size, 0)) return -ENOSPC; extent_for_each_ptr(bkey_s_c_to_extent(k), ptr) if (ptr->dev == ca->dev_idx) goto found; BUG(); found: /* XXX: we need to be doing something with the disk reservation */ ret = bch2_data_move(c, ctxt, &c->migration_write_point, k, ptr); if (ret) bch2_disk_reservation_put(c, &res); return ret; } #define MAX_DATA_OFF_ITER 10 /* * This moves only the data off, leaving the meta-data (if any) in place. * It walks the key space, and for any key with a valid pointer to the * relevant device, it copies it elsewhere, updating the key to point to * the copy. * The meta-data is moved off by bch_move_meta_data_off_device. * * Note: If the number of data replicas desired is > 1, ideally, any * new copies would not be made in the same device that already have a * copy (if there are enough devices). * This is _not_ currently implemented. The multiple replicas can * land in the same device even if there are others available. */ int bch2_move_data_off_device(struct bch_dev *ca) { struct moving_context ctxt; struct bch_fs *c = ca->fs; struct bch_sb_field_members *mi; unsigned pass = 0; u64 seen_key_count; int ret = 0; BUG_ON(ca->mi.state == BCH_MEMBER_STATE_RW); if (!ca->mi.has_data) return 0; bch2_move_ctxt_init(&ctxt, NULL, SECTORS_IN_FLIGHT_PER_DEVICE); ctxt.avoid = ca; /* * In theory, only one pass should be necessary as we've * quiesced all writes before calling this. * * However, in practice, more than one pass may be necessary: * - Some move fails due to an error. We can can find this out * from the moving_context. * - Some key swap failed because some of the pointers in the * key in the tree changed due to caching behavior, btree gc * pruning stale pointers, or tiering (if the device being * removed is in tier 0). A smarter bkey_cmpxchg would * handle these cases. * * Thus this scans the tree one more time than strictly necessary, * but that can be viewed as a verification pass. */ do { struct btree_iter iter; struct bkey_s_c k; seen_key_count = 0; atomic_set(&ctxt.error_count, 0); atomic_set(&ctxt.error_flags, 0); bch2_btree_iter_init(&iter, c, BTREE_ID_EXTENTS, POS_MIN); while (!bch2_move_ctxt_wait(&ctxt) && (k = bch2_btree_iter_peek(&iter)).k && !(ret = btree_iter_err(k))) { if (!bkey_extent_is_data(k.k) || !bch2_extent_has_device(bkey_s_c_to_extent(k), ca->dev_idx)) goto next; ret = issue_migration_move(ca, &ctxt, k); if (ret == -ENOMEM) { bch2_btree_iter_unlock(&iter); /* * memory allocation failure, wait for some IO * to finish */ bch2_move_ctxt_wait_for_io(&ctxt); continue; } if (ret == -ENOSPC) break; BUG_ON(ret); seen_key_count++; next: bch2_btree_iter_advance_pos(&iter); bch2_btree_iter_cond_resched(&iter); } bch2_btree_iter_unlock(&iter); bch2_move_ctxt_exit(&ctxt); if (ret) return ret; } while (seen_key_count && pass++ < MAX_DATA_OFF_ITER); if (seen_key_count) { pr_err("Unable to migrate all data in %d iterations.", MAX_DATA_OFF_ITER); return -1; } mutex_lock(&c->sb_lock); mi = bch2_sb_get_members(c->disk_sb); SET_BCH_MEMBER_HAS_DATA(&mi->members[ca->dev_idx], false); bch2_write_super(c); mutex_unlock(&c->sb_lock); return 0; } /* * This walks the btree, and for any node on the relevant device it moves the * node elsewhere. */ static int bch2_move_btree_off(struct bch_dev *ca, enum btree_id id) { struct bch_fs *c = ca->fs; struct btree_iter iter; struct closure cl; struct btree *b; int ret; BUG_ON(ca->mi.state == BCH_MEMBER_STATE_RW); closure_init_stack(&cl); for_each_btree_node(&iter, c, id, POS_MIN, 0, b) { struct bkey_s_c_extent e = bkey_i_to_s_c_extent(&b->key); retry: if (!bch2_extent_has_device(e, ca->dev_idx)) continue; ret = bch2_btree_node_rewrite(&iter, b, &cl); if (ret == -EINTR || ret == -ENOSPC) { /* * Drop locks to upgrade locks or wait on * reserve: after retaking, recheck in case we * raced. */ bch2_btree_iter_unlock(&iter); closure_sync(&cl); b = bch2_btree_iter_peek_node(&iter); goto retry; } if (ret) { bch2_btree_iter_unlock(&iter); return ret; } bch2_btree_iter_set_locks_want(&iter, 0); } ret = bch2_btree_iter_unlock(&iter); if (ret) return ret; /* btree IO error */ if (IS_ENABLED(CONFIG_BCACHEFS_DEBUG)) { for_each_btree_node(&iter, c, id, POS_MIN, 0, b) { struct bkey_s_c_extent e = bkey_i_to_s_c_extent(&b->key); BUG_ON(bch2_extent_has_device(e, ca->dev_idx)); } bch2_btree_iter_unlock(&iter); } return 0; } /* * This moves only the meta-data off, leaving the data (if any) in place. * The data is moved off by bch_move_data_off_device, if desired, and * called first. * * Before calling this, allocation of buckets to the device must have * been disabled, as else we'll continue to write meta-data to the device * when new buckets are picked for meta-data writes. * In addition, the copying gc and allocator threads for the device * must have been stopped. The allocator thread is the only thread * that writes prio/gen information. * * Meta-data consists of: * - Btree nodes * - Prio/gen information * - Journal entries * - Superblock * * This has to move the btree nodes and the journal only: * - prio/gen information is not written once the allocator thread is stopped. * also, as the prio/gen information is per-device it is not moved. * - the superblock will be written by the caller once after everything * is stopped. * * Note that currently there is no way to stop btree node and journal * meta-data writes to a device without moving the meta-data because * once a bucket is open for a btree node, unless a replacement btree * node is allocated (and the tree updated), the bucket will continue * to be written with updates. Similarly for the journal (it gets * written until filled). * * This routine leaves the data (if any) in place. Whether the data * should be moved off is a decision independent of whether the meta * data should be moved off and stopped: * * - For device removal, both data and meta-data are moved off, in * that order. * * - However, for turning a device read-only without removing it, only * meta-data is moved off since that's the only way to prevent it * from being written. Data is left in the device, but no new data * is written. */ int bch2_move_metadata_off_device(struct bch_dev *ca) { struct bch_fs *c = ca->fs; struct bch_sb_field_members *mi; unsigned i; int ret; BUG_ON(ca->mi.state == BCH_MEMBER_STATE_RW); if (!ca->mi.has_metadata) return 0; /* 1st, Move the btree nodes off the device */ for (i = 0; i < BTREE_ID_NR; i++) { ret = bch2_move_btree_off(ca, i); if (ret) return ret; } /* There are no prios/gens to move -- they are already in the device. */ /* 2nd. Move the journal off the device */ ret = bch2_journal_move(ca); if (ret) return ret; mutex_lock(&c->sb_lock); mi = bch2_sb_get_members(c->disk_sb); SET_BCH_MEMBER_HAS_METADATA(&mi->members[ca->dev_idx], false); bch2_write_super(c); mutex_unlock(&c->sb_lock); return 0; } /* * Flagging data bad when forcibly removing a device after failing to * migrate the data off the device. */ static int bch2_flag_key_bad(struct btree_iter *iter, struct bch_dev *ca, struct bkey_s_c_extent orig) { BKEY_PADDED(key) tmp; struct bkey_s_extent e; struct bch_extent_ptr *ptr; struct bch_fs *c = ca->fs; bkey_reassemble(&tmp.key, orig.s_c); e = bkey_i_to_s_extent(&tmp.key); extent_for_each_ptr_backwards(e, ptr) if (ptr->dev == ca->dev_idx) bch2_extent_drop_ptr(e, ptr); /* * If the new extent no longer has any pointers, bch2_extent_normalize() * will do the appropriate thing with it (turning it into a * KEY_TYPE_ERROR key, or just a discard if it was a cached extent) */ bch2_extent_normalize(c, e.s); return bch2_btree_insert_at(c, NULL, NULL, NULL, BTREE_INSERT_ATOMIC, BTREE_INSERT_ENTRY(iter, &tmp.key)); } /* * This doesn't actually move any data -- it marks the keys as bad * if they contain a pointer to a device that is forcibly removed * and don't have other valid pointers. If there are valid pointers, * the necessary pointers to the removed device are replaced with * bad pointers instead. * * This is only called if bch_move_data_off_device above failed, meaning * that we've already tried to move the data MAX_DATA_OFF_ITER times and * are not likely to succeed if we try again. */ int bch2_flag_data_bad(struct bch_dev *ca) { int ret = 0; struct bkey_s_c k; struct bkey_s_c_extent e; struct btree_iter iter; bch2_btree_iter_init(&iter, ca->fs, BTREE_ID_EXTENTS, POS_MIN); while ((k = bch2_btree_iter_peek(&iter)).k && !(ret = btree_iter_err(k))) { if (!bkey_extent_is_data(k.k)) goto advance; e = bkey_s_c_to_extent(k); if (!bch2_extent_has_device(e, ca->dev_idx)) goto advance; ret = bch2_flag_key_bad(&iter, ca, e); /* * don't want to leave ret == -EINTR, since if we raced and * something else overwrote the key we could spuriously return * -EINTR below: */ if (ret == -EINTR) ret = 0; if (ret) break; /* * If the replica we're dropping was dirty and there is an * additional cached replica, the cached replica will now be * considered dirty - upon inserting the new version of the key, * the bucket accounting will be updated to reflect the fact * that the cached data is now dirty and everything works out as * if by magic without us having to do anything. * * The one thing we need to be concerned with here is there's a * race between when we drop any stale pointers from the key * we're about to insert, and when the key actually gets * inserted and the cached data is marked as dirty - we could * end up trying to insert a key with a pointer that should be * dirty, but points to stale data. * * If that happens the insert code just bails out and doesn't do * the insert - however, it doesn't return an error. Hence we * need to always recheck the current key before advancing to * the next: */ continue; advance: bch2_btree_iter_advance_pos(&iter); } bch2_btree_iter_unlock(&iter); return ret; }