Re: [RFC PATCH 0/3] Stop clearing uptodate flag on write IO error

From: Ric Wheeler
Date: Thu Jan 26 2012 - 07:18:22 EST

Next message: Arnaldo Carvalho de Melo: "Fixing perf top --user shortcoming was: Re: [GIT PULL 0/9] perf/coreimprovements and fixes"
Previous message: Jens Axboe: "Re: [RFC PATCH v1 1/2] sched: unified sched_powersavings sysfs tunable"
In reply to: Jan Kara: "Re: [RFC PATCH 0/3] Stop clearing uptodate flag on write IO error"
Next in thread: Jan Kara: "Re: [RFC PATCH 0/3] Stop clearing uptodate flag on write IO error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/23/2012 07:36 PM, Dave Chinner wrote:

On Mon, Jan 23, 2012 at 04:47:09PM -0500, Ted Ts'o wrote:
The thing is, transient write errors tend to be isolated and go away
when a retry occurs (think of IO timeouts when multipath failover
occurs). When non-isolated IO or unrecoverable problems occur (e.g.
no paths left to fail over onto), critical other metadata reads and
writes will fail and shut down the filesystem, thereby terminating
the "try forever" background writeback loop those delayed write
buffers may be in. So the truth is that "trying forever" on write
errors can handle a whole class of write IO errors very
effectively....

So how does XFS decide whether a write should fail and shutdown the
file system, or just "try forever"?

The IO dispatcher decides that. If the dispatcher has handed the IO
off to the delayed write queue, then failed writes will be tried
again. If the caller is catching the IO completion (e.g. sync
writes) or attaching a completion callback (journal IO), then the
completion context will handle the error appropriately. Journal IO
errors tend to shutdown the filesystem on the first error, other
contexts may handle the error, retry or shutdown the filesystem
depending on their current state when the error occurs.

Reads are even more complex, because ithe dispatch context can be
within a transaction and the correct error handling is then
dependent on the current state of the transaction....

Cheers,

Dave.

I think that having retry logic at the file system layer is really putting the fix in the wrong place.

Specifically, if we have multipath configured under a file system, it is up to the multipath logic to handle the failure (and use another path, retry, etc). If we see a failed IO further up the stack, it is *really* dead at that point.

Transient errors on normal drives are also rarely worth re-trying since pretty much all modern storage devices have firmware that will have done exhaustive retries on a failed write. Definitely not worth retrying forever for a normal device.

At one end of the spectrum, think of a box with dozens of storage devices attached (either via SAN or local S-ATA devices). If we are doing large, streaming writes, we could get a large amount of memory dirtied while writing. If that one device dies and we keep that memory in use for the endless retry loop, we have really cripple the box which still has multiple happy storage devices and file systems....

Ric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnaldo Carvalho de Melo: "Fixing perf top --user shortcoming was: Re: [GIT PULL 0/9] perf/coreimprovements and fixes"
Previous message: Jens Axboe: "Re: [RFC PATCH v1 1/2] sched: unified sched_powersavings sysfs tunable"
In reply to: Jan Kara: "Re: [RFC PATCH 0/3] Stop clearing uptodate flag on write IO error"
Next in thread: Jan Kara: "Re: [RFC PATCH 0/3] Stop clearing uptodate flag on write IO error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]