Re: [PATCH RFC] Btrfs: only subtract from len_to_oe_boundary when it is tracking an extent

[Qu Wenruo <quwenruo.btrfs@gmx.com>]

On 2023/7/31 03:02, Chris Mason wrote:
> [ This is an RFC because Christoph switched us to almost always set
> len_to_oe_boundary in a patch in for-next  I think we still need this
> commit for strange corners, but it's already pretty hard to hit reliably
> so I wanted to toss it out for discussion. We should consider either
> Christoph's "btrfs: limit write bios to a single ordered extent" or this
> commit for 6.4 stable as well ]
>
> bio_ctrl->len_to_oe_boundary is used to make sure we stay inside an
> extent as we submit bios.  Every time we add a page to the bio, we
> decrement those bytes from len_to_oe_boundary, and then we submit the
> bio if we happen to hit zero.
>
> Most of the time, len_to_oe_boundary gets set to U32_MAX.  With
> Christoph's incoming ("btrfs: limit write bios to a single ordered
> extent") we're almost always setting len_to_oe_boundary, so we might not
> need this commit moving forward.  But, there's a corner of a corner in here
> where we can still create a massive bio, so talking through it:
>
> submit_extent_page() adds pages into our bio, and the size of the bio
> ends up limited by:
>
> - Are we contiguous on disk?
> - Does bio_add_page() allow us to stuff more in?
> - is len_to_oe_boundary > 0?
>
> The len_to_oe_boundary math starts with U32_MAX, which isn't page or
> sector aligned, and subtracts from it until it hits zero.  In the
> non-ordered extent case, the last IO we submit before we hit zero is
> going to be unaligned, triggering BUGs and other sadness.
>
> This is hard to trigger because bio_add_page() isn't going to make a bio
> of U32_MAX size unless you give it a perfect set of pages and fully
> contiguous extents on disk.  We can hit it pretty reliably while making
> large swapfiles during provisioning because the machine is freshly
> booted, mostly idle, and the disk is freshly formatted.
>
> The code has been cleaned up and shifted around a few times, but this flaw
> has been lurking since the counter was added.  I think Christoph's
> commit ended up exposing the bug, but it's pretty tricky to get bios
> big enough to prove if older kernels have the same problem.
>
> The fix used here is to skip doing math on len_to_oe_boundary unless
> we've changed it from the default U32_MAX value.  bio_add_page() is the
> real limited we want, and there's no reason to do extra math when Jens
> is doing it for us.
>
> Signed-off-by: Chris Mason <clm@fb.com>
> Fixes: 24e6c8082208 ("btrfs: simplify main loop in submit_extent_page")
> ---
>   fs/btrfs/extent_io.c | 12 +++++++++++-
>   1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
> index 6b40189a1a3e..bb2d2d405d04 100644
> --- a/fs/btrfs/extent_io.c
> +++ b/fs/btrfs/extent_io.c
> @@ -849,7 +849,17 @@ static void submit_extent_page(struct btrfs_bio_ctrl *bio_ctrl,
>   		size -= len;
>   		pg_offset += len;
>   		disk_bytenr += len;
> -		bio_ctrl->len_to_oe_boundary -= len;
> +
> +		/*
> +		 * len_to_oe_boundary defaults to U32_MAX, which isn't page or
> +		 * sector aligned.  So, we don't really want to do math on
> +		 * len_to_oe_boundary unless it has been intentionally set by
> +		 * alloc_new_bio().  If we decrement here, we'll potentially
> +		 * end up sending down an unaligned bio once we get close to
> +		 * zero.
> +		 */
> +		if (bio_ctrl->len_to_oe_boundary != U32_MAX)
> +			bio_ctrl->len_to_oe_boundary -= len;

Personally speaking, I think we'd better moving the ordered extent based
split (only for zoned devices) to btrfs bio layer.

HCH has already done the work to remove the stripe boundary checks to
btrfs bio layer, thus I believe we should also move the checks to the
same layer.
(Although unlike the stripe boundary, the OE boundary may need extra works).


Another concern is, how we could hit a bio which has a size larger than
U32_MAX?

The bio->bi_iter.size is only unsigned int, it should never exceed U32_MAX.

It would help a lot if you can provide a backtrace of such unaligned bio.

Thanks,
Qu
>
>   		/* Ordered extent boundary: move on to a new bio. */
>   		if (bio_ctrl->len_to_oe_boundary == 0)