[dm-devel] [PATCH] deadlock with suspend and quotas

Mikulas Patocka mpatocka at redhat.com
Wed Nov 30 16:53:40 UTC 2011 


On Wed, 30 Nov 2011, Alasdair G Kergon wrote:

> On Tue, Nov 29, 2011 at 11:19:01AM +0100, Jan Kara wrote:
> > So I believe the consensus was that we should not block sync or flusher

Well, I think that not blocking sync actually doesn't help at all.

Suppose at first that you have a perfectly-barriered filesystem --- that 
is filesystem, that contains barriers around all code paths that could 
possibly create dirty data. In this case it is impossible to have dirty 
data while the filesystem is suspended. --- In this case you can call 
sync on suspened filesystem as much as you like, sync never finds ady 
dirty data, consequently it never tries to write anything and it can't 
deadlock. So skipping sync has no effect.

Suppose as a second case that you have imperfectly-barriered filesystem 
--- that means there exists a code path that creates dirty data while the 
filesystem is suspended. In this case if you skip sync, you are violating 
sync semantics, because the application can create dirty data while 
suspended, call sync while still suspended and assume that the dirty data 
was written.

So --- in case 1 skipping sync has no effect and in case 2 you trade one 
bug for another --- you avoid deadlock and you introduce violations of 
sync semantics.

Mikulas

> Consensus where?
> 
> > thread on frozen filesystem. Firstly, it's kind of ugly from user
> > perspective (you cannot sync filesystems on your system while one
> > filesystem is frozen???), secondly, in case of flusher thread it has some
> > serious implications if there are more filesystems on the same device - you
> > would effectively stop any writeback to the device possibly hanging the
> > whole system due to dirty limit being exceeded. So at least in these two
> > cases we should just ignore frozen filesystem.
> 
> The sync only needs to block on a particular fs if there is data to flush.
> 
> A sync that originated in a way that can only be independent of any
> application that is changing the fs may skip that fs if it is frozen.
> 
> It's the user's responsibility only to freeze filesystems for very brief
> periods of time if they are still being changed.
> 
> ?
>  
> Alasdair
>

More information about the dm-devel mailing list