README update

[LaFS.git] / writeout.doc

Thinking through reservation for writeout ... again.

We would like to be able to deny or delay all
updates incase space is not available.
In general, 'deny' is appropriate if the the block in the
file hasn't been allocated yet, and 'delay' is appropriate
if the block has been allocated, as writing will
eventually free something up.

Sometimes we need to reserve the right to write
a block quite a lot later.  We might reserve that
right several times.  Each time might happen in
a different checkpoint and the space is used multiple
times.  Further: index blocks may need to be written
in order to write out a block.  So for each reservation
we take against a block, we really don't know
may many storage blocks might be needed.  This
is awkward.
So:
 Every write-reservation we take on a block
 preallocates 4 storage blocks, 2 each for
 this phase and next phase, one for the block
 and one to contribute towards indexes.
 Note that this is index growth.  Pre-existing
 index blocks need some preallocation of their
 own.

 When a block passes through a phase change and is written
 out, we know there is space to write out once more,
 But we might need to write out multiple times.
 We force allocation and essentially block all further
 new data writes until some cleaning has happen.

Writes that happen though system calls such as directory updates and
'write' can easily be blocked until enough space is available.
(except for index block space).

Write due to dirty mmapped memory is a little harder.
Maybe:
  When a write request is made for a block that cannot
  immediately be allocated more space, we unmap it
  thus requiring nopage to bring it back in.
  We block in the nopage operation so when the filesystem
  is very full, we might be pausing a lot waiting for
  checkpoints and cleaning to happen.


Question: how much waiting is allowed between allocating
and using?
 We might have to read from disk.
 We might kmalloc which could mean writing some things to disk.
If we could limit this to one phase change, we could be more
comfortable about all the preallocation.
But how would we enforce that.  The second phase change
would have to wait for allocations in the previous to be used.

Hmmmm...
Biggest problem seems to be index block which might need to be
written every checkpoint.

I guess we do just block everything until we can allocate
enough space.

So actually doing a write either refreshes the allocation,
or unmaps the block and makes sure any future attempt
to map or write it blocks.
But some reservations might have already happened.
We need to allow them to commit.  When?
We need to know precisely what is being waited for,
and ensure that once we hit problems things start to fail
so we back out or commit quickly.

--------------------------------
We don't have multiple locks on a datablock. It is either locked for
writing or not.

If we want a datablock to be written in a particular checkpoint
we:
     checkpointlock
     try to lock
     If that fails, either give up, or
         unlock,
         wait for a checkpoint
         retry

We give up if there are any new-block allocations.  We only retry
if all blocks we try to write have been allocated space previously.
(*)

If we don't care when a datablock is written we
 Try to lock outside the checkpoint, blocking if appropriate
 On success we allow writes to happen, either via syscall
   or mmap
 When a flush or whatever finally writes the block we either
 relock or unmap the block thus blocking future writes.
As 'locking' reserves enough space for 2 writes we don't have to
unmap before writing unless a previous refill failed.



(*) If we take a snapshot then updating existing blocks may not be
 possible - no amount of cleaning will free up space until a snapshot
 is dropped.  I guess that is primarily a sysadmin problem.  If space
 runs out that badly snapshots must be dropped before progress is
 possible.