LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Kernel page

Recent Features

Kernel prepatch 3.9-rc5

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The end of block barriers

By Jonathan Corbet
August 18, 2010
One of the higher-profile decisions made at the recently-concluded Linux Storage and Filesystem summit was to get rid of support for barriers in the Linux kernel block subsystem. This was a popular decision, but also somewhat misunderstood (arguably, by your editor above all). Now, a new patch series from Tejun Heo shows how request ordering will likely be handled between filesystems and the block layer in the future.

The block layer must be able to reorder disk I/O operations if it is to obtain the sort of performance that users expect from their systems. On rotating media, there is much to be gained by minimizing head seeks, and that goal is best achieved by executing all nearby requests together, regardless of the order in which those requests were issued. Even with flash-based devices, there is some benefit to be had by grouping adjacent requests, especially when small requests can be coalesced into larger operations. Proper dispatch of requests to the low-level device driver is normally the I/O scheduler's job; the scheduler will freely reorder requests, blissfully ignorant of the higher-level decisions which created those requests in the first place.

Note that this reordering also usually happens within the storage device itself; requests will be cached in (possibly volatile) memory and writes will be executed at a time which the hardware deems to be convenient. This reordering is typically invisible to the operating system.

The problem, of course, is that it is not always safe to reorder I/O requests in arbitrary ways. The classic example is that of a journaling filesystem, which operates in roughly this way:

  1. Begin a new transaction.
  2. Write all planned metadata changes to the journal. Depending on the filesystem and its configuration, data changes may go to the journal as well.
  3. Write a commit record closing out the transaction.
  4. Begin the process of writing the journaled changes to the filesystem itself.
  5. Goto 1.

If the system were to crash before step 3 completes, everything written to the journal would be lost, but the integrity of the filesystem would be unharmed. If the system crashes after step 3, but before the changes are written to the filesystem, those changes will be replayed at the next mount, preserving both the metadata and the filesystem's integrity. Thus, journaling makes a filesystem relatively crash-proof.

But imagine what can happen if requests are reordered. If the commit record is written before all of the other changes have been written to the journal, then, after a crash, an incomplete journal would be replayed, corrupting the filesystem. Or, if a transaction frees some disk blocks which are subsequently reused elsewhere in the filesystem, and the reused blocks are written before the transaction which freed them is committed, a crash at the wrong time would, once again, corrupt things. So, clearly, the filesystem must be able to impose some ordering on how requests are executed; otherwise, its attempts to guarantee filesystem integrity in all situations may well be for nothing.

For some years, the answer has been barrier requests. When the filesystem issues a request to the block layer, it can mark that request as a barrier, indicating that the block layer should execute all requests issued before the barrier prior to doing any requests issued afterward. Barriers should, thus, ensure that operations make it to the media in the right order while not overly constraining the block layer's ability to reorder requests between the barriers.

In practice, barriers have an unpleasant reputation for killing block I/O performance, to the point that administrators are often tempted to turn them off and take their risks. While the tagged queue operations provided by contemporary hardware should implement barriers reasonably well, attempts to make use of those features have generally run into difficulties. So, in the real world, barriers are implemented by simply draining the I/O request queue prior to issuing the barrier operation, with some flush operations thrown in to get the hardware to actually commit the data to persistent media. Queue-drain operations will stall the device and kill the parallelism needed for full performance; it's not surprising that the use of barriers can be painful.

In their discussions of this problem, the storage and filesystem developers have realized that the ordering semantics provided by block-layer barriers are much stronger than necessary. Filesystems need to ensure that certain requests are executed in a specific order, and they need to ensure that specific requests have made it to the physical media before starting others. Beyond that, though, filesystems need not concern themselves with the ordering for most other requests, so the use of barriers constrains the block layer more than is required. In general, it was concluded, filesystems should concern themselves with ordering, since that's where the information is, and not dump that problem into the block layer.

To implement this reasoning, Tejun's patch gets rid of hard-barrier operations in the block layer; any filesystem trying to use them will get a cheery EOPNOTSUPP error for its pains. A filesystem which wants operations to happen in a specific order will simply need to issue them in the proper order, waiting for completion when necessary. The block layer can then reorder requests at will.

What the block layer cannot do, though, is evade the responsibility for getting important requests to the physical media when the filesystem requires it. So, while barrier requests are going away, "flush requests" will replace them. On suitably-capable devices, a flush request can have two separate requirements: (1) the write cache must be flushed before beginning the operation, and (2) the data associated with the flush request itself must be committed to persistent media by the time the request completes. The second part is often called a "force unit access" (or FUA) request.

In this world, a journaling filesystem can issue all of the journal writes for a given transaction, then wait for them to complete. At that point, it knows that the writes have made it to the device, but the device might have cached those requests internally. The write of the commit record can then follow, with both the "flush" and "FUA" bits set; that will ensure that all of the journal data makes it to physical media before the commit record does, and that the commit record itself is written by the time the request completes. Meanwhile, all other I/O operations - playing through previous transactions or those with no transaction at all - can be in flight at the same time, avoiding the queue stall which characterizes the barrier operations implemented by current kernels.

The patch set has been well received, but there is still work to be done, especially with regard to converting filesystems to the new way of doing things. Christoph Hellwig has posted a set of patches to that end. A lot of testing will be required as well; there is little desire to introduce bugs in this area, since the consequences of failure are so high. But the development cycle has just begun, leaving a fair amount of time to shake down this work before the 2.6.37 merge window opens.

(Log in to post comments)

"doesn't support DPO or FUA"

Posted Aug 19, 2010 1:41 UTC (Thu) by cesarb (subscriber, #6266) [Link]

I often see things like the following in the kernel log for SATA disks:

sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA

What happens to these when a filesystem requests a force unit access?

"doesn't support DPO or FUA"

Posted Aug 19, 2010 20:58 UTC (Thu) by willy (subscriber, #9762) [Link]

If the drive doesn't support FUA, the block layer sends down the FUA-tagged command, then sends down another flush. So you get:

write, write, write, flush, important write, flush, write, write, write

instead of:

write, write, write, flush, important write FUA, write, write, write

This is documented in Documentation/block/barrier.txt if you're curious in learning more.

"doesn't support DPO or FUA"

Posted Aug 20, 2010 11:14 UTC (Fri) by Hknr (guest, #67789) [Link]

From Documentation/block/barrier.txt:

»All low level drivers have to are implementing its prepare_flush_fn»...

Does nobody ever (proof-)read these Documents?

"doesn't support DPO or FUA"

Posted Aug 20, 2010 22:37 UTC (Fri) by cesarb (subscriber, #6266) [Link]

> Does nobody ever (proof-)read these Documents?

Some people do. Every once in a while I see a batch of spelling fix patches on the git history of the kernel. After all, anyone can send a spelling fix patch.

"doesn't support DPO or FUA"

Posted Aug 29, 2010 22:24 UTC (Sun) by Duncan (guest, #6647) [Link]

>> "drivers have are implementing its prepare_flush_fn"...

Gaah! Spammers in the kernel docs!

The end of block barriers

Posted Aug 19, 2010 8:09 UTC (Thu) by butlerm (subscriber, #13312) [Link]

The basic limitation I see with this is a complete write cache flush is not close to optimal on sufficiently intelligent devices. That is where I/O threads come in. The complaint is made that a write barrier makes it difficult to re-order write requests in the block subsystem. There is an easy solution to that: make the write barrier only apply to one I/O thread.

Then the block layer can reorder requests arbitrarily as long as the I/O thread specific ordering constraints are met. And when a thread specific write barrier needs to be issued to a lower level device, it can be translated to a device level write barrier instead of issuing a full write cache flush, without impairing the higher level block reordering at all.

In addition, intelligent I/O thread supporting block devices could use the I/O thread specific barrier operation to order just the requests on that I/O thread instead of flushing its entire write cache. iSCSI theoretically supports this now if you map I/O threads to connections (initiator target nexuses), although the SCSI architectural model doesn't seem to be designed to do it that way.

However (with proper kernel support) a block layer protocol such as that used by DRBD could presumably easily be adapted to support I/O thread specific barrier operations, allowing the remote device to maintain a much larger write cache, one that doesn't need to be flushed every time a process calls fsync, or even forced to order all its block operations to satisfy the ordering constraints of just one I/O thread. Provided there was a way to flush the cache for just one I/O thread, or (even better) be notified when the writes prior to an I/O thread specific barrier had completed, such support would reduce fsync latency on a busy device dramatically.

It is not as if one was writing a distributed database protocol he would request a remote database node to flush every dirty block in its cache to ensure a commit. Rather a request would be sent to commit just the ones associated with a certain transaction. I don't see why a distributed block device should be any different, and I/O threads are a simple way of making that happen. I/O threads or something like them are the future of block devices. A full write cache flush makes the BKL look like an exercise in efficiency.

The end of block barriers

Posted Aug 19, 2010 11:31 UTC (Thu) by zmi (subscriber, #4829) [Link]

You partly answered a question I had to the article: What makes the new algorithm that much faster than barriers? When I still send a "cache must be flushed" request to the device, even normal writes are stopped until the device flush it's cache, and it will take some time to fill the cache again to get good performance, during that another flush might incur...

Think of a simple file server, where 3 persons copy files to:
Person 1 copies his MP3 collection to the server.
Person 2 copies her HD-video collection to the server.
Person 3 runs a highly parallel intensive write database.

While for 1 and especially 2 there will be very low metadata operations, 3 generates lots of fsync's. From the article I read that a full cache flush would happen, suspending even the normal writes of person 1+2. Or am I misinterpreting that?

The end of block barriers

Posted Aug 19, 2010 13:13 UTC (Thu) by corbet (editor, #1) [Link]

The cache flush can happen in parallel with other I/O. Forcing specific blocks to persistent media can only slow things down, but they have to get there soon in any case. While the drive is executing the cache flush, it can be satisfying other requests whenever it's convenient. "Cache flush" doesn't mean "write only blocks in the cache" or "don't satisfy outstanding reads while you're at it". It will be far more efficient than a full queue drain.

The end of block barriers

Posted Aug 19, 2010 15:25 UTC (Thu) by butlerm (subscriber, #13312) [Link]

The problem is that in general an fsync requires a journal commit. If you have to flush the entire write cache throughput for non-fsync-serialized threads might be fine, but the performance of threads that call fsync will seriously suffer due to the delay.

Flushing the write cache of the device a lot also moves the request ordering / merging efficiency problem down a level. If the device must flush the entire write cache on a regular basis, it has much reduced opportunity to order write operations as optimal for that device.

Why not explicit dependencies?

Posted Aug 19, 2010 9:44 UTC (Thu) by epa (subscriber, #39769) [Link]

Issuing a request and then waiting for it before sending the next seems like an inefficient way to do things. If request A needs to be done before request B, why have a round trip back to the filesystem code after A is complete before sending B?

Perhaps a 'makefile' kind of interface would work better: each request to list zero or more previous requests which must be completed before this one is processed. Then the I/O layer could go away and execute them all in the fastest order possible without having to wait for the filesystem.

Why not explicit dependencies?

Posted Aug 19, 2010 16:14 UTC (Thu) by butlerm (subscriber, #13312) [Link]

You don't normally have to wait for the next request. You may, however, have to wait for a group of requests to complete before issuing some of the requests after that.

Explicit dependencies would be the most flexible of course, but the problem is that arbitrary dependencies are difficult for a block layer to process. A barrier on the other hand means always execute requests (within some context) issued before the barrier before the requests issued after the barrier (within the same context).

That can be inefficient if an (upper layer) barrier is at the level of an entire block device, because the block layer cannot re-order and merge barrier independent requests across the barrier. One way to solve that problem is with I/O thread identifiers and I/O thread specific barriers. That is not quite as flexible as explicit request level dependencies, but it is much easier to implement, and solves the same problem.

The method described in this article is to require the filesystems to implement their own concept of I/O threads without passing I/O thread identity information down to the block layer, and waiting on request completion for the requests from that upper layer I/O thread and write cache flushes instead. All modern journalled filesystems have at least one identifiable I/O thread - that associated with serialization of the journal commits. In this case it is just implicit instead of explicit, and the lower layer doesn't know anything about it.

Why not explicit dependencies?

Posted Aug 19, 2010 16:17 UTC (Thu) by butlerm (subscriber, #13312) [Link]

An I/O thread should not be confused with a CPU thread of course.

Ordered tags are not widely supported

Posted Aug 19, 2010 20:55 UTC (Thu) by willy (subscriber, #9762) [Link]

Apparently the last hard drive to support them shipped about fifteen years ago. I'm told they aren't even available in high-end storage arrays.

Ordered tags are not widely supported

Posted Aug 20, 2010 7:40 UTC (Fri) by butlerm (subscriber, #13312) [Link]

Microsoft was asking that write barriers be added to SATA just three years ago. I don't know if they made any progress. There are several related patents and patent applications out there.

Hitachi, for example, has a patent on transforming a flush cache command into a write barrier in a disk drive, something that is necessary (more or less) to implement an asynchronous cache flush (cf. Patent 7574565, filed 2006, published last year).

The end of block barriers

Posted Aug 26, 2010 16:21 UTC (Thu) by joib (guest, #8541) [Link]

In case anybody is wondering whether Linux inability to expose scsi ordered tag semantics for the filesystems to use puts Linux at a disadvantage compared to MS, this thread suggests that Windows only ever issues SCSI SIMPLE (i.e. unordered) tags, and any ordering requirements are handled by waiting for completion.

Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds