v1.8 Release

Finish the release notes for the 1.8 release.

Signed-off-by: Zach Brown <zab@versity.com>

ReleaseNotes.md

@@ -1,6 +1,62 @@
 Versity ScoutFS Release Notes
 =============================
 
+---
+v1.8
+\
+*Oct 18, 2022*
+
+Add support for Linux POSIX Access Control Lists, as described in
+acl(5).  Mount options are added to enable ("acl") and disable ("noacl")
+support.  The default is to support ACLs.  ACLs are stored in the
+existing extended attribute scheme so adding support is does not require
+a format change.
+
+Add options to control data extent preallocation.  The default behavior
+does not change.  The options can relax the limits on preallocation
+which will then trigger under more write patterns and increase the risk
+of preallocated space which is never used.  The options are described in
+scoutfs(5).
+
+---
+v1.7
+\
+*Aug 26, 2022*
+
+* **Fixed possible persistent errors moving freed data extents**
+\
+  Fixed a case where the server could hit persistent errors trying to
+  move a client's freed extents in one commit.  The client had to free
+  a large number of extents that occupied distant positions in the
+  global free extent btree.  Very large fragmented files could cause
+  this.  The server now moves the freed extents in multiple commits and
+  can always ensure forward progress.
+
+* **Fixed possible persistent errors from freed duplicate extents**
+\
+  Background orphan deletion wasn't properly synchronizing with
+  foreground tasks deleting very large files.  If a deletion took long
+  enough then background deletion could also attempt to delete inode items
+  while the deletion was making progress.  This could create duplicate
+  deletions of data extent items which causes the server to abort when
+  it later discovers the duplicate extents as it merges free lists.
+
+---
+v1.6
+\
+*Jul 7, 2022*
+
+* **Fix memory leaks in rare corner cases**
+\
+  Analysis tools found a few corner cases that leaked small structures,
+  generally around error handling or startup and shutdown.
+
+* **Add --skip-likely-huge scoutfs print command option**
+\
+  Add an option to scoutfs print to reduce the size of the output
+  so that it can be used to see system-wide metadata without being
+  overwhelmed by file-level details.
+
 ---
 v1.5
 \

kmod/src/Makefile

@@ -8,6 +8,7 @@ CFLAGS_scoutfs_trace.o = -I$(src) # define_trace.h double include
 -include $(src)/Makefile.kernelcompat
  
 scoutfs-y +=			\
+	acl.o			\
 	avl.o			\
 	alloc.o			\
 	block.o			\

kmod/src/Makefile.kernelcompat

@@ -34,3 +34,12 @@ endif
 ifneq (,$(shell grep 'FMODE_KABI_ITERATE' include/linux/fs.h))
 ccflags-y += -DKC_FMODE_KABI_ITERATE
 endif
+
+#
+# v4.7-rc2-23-g0d4d717f2583
+#
+# Added user_ns argument to posix_acl_valid
+#
+ifneq (,$(shell grep 'posix_acl_valid.*user_ns,' include/linux/posix_acl.h))
+ccflags-y += -DKC_POSIX_ACL_VALID_USER_NS
+endif

kmod/src/acl.c

@@ -0,0 +1,355 @@
+/*
+ * Copyright (C) 2022 Versity Software, Inc.  All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public
+ * License v2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ */
+#include <linux/kernel.h>
+#include <linux/fs.h>
+#include <linux/slab.h>
+#include <linux/xattr.h>
+#include <linux/posix_acl.h>
+#include <linux/posix_acl_xattr.h>
+
+#include "format.h"
+#include "super.h"
+#include "scoutfs_trace.h"
+#include "xattr.h"
+#include "acl.h"
+#include "inode.h"
+#include "trans.h"
+
+/*
+ * POSIX draft ACLs are stored as full xattr items with the entries
+ * encoded as the kernel's posix_acl_xattr_{header,entry} value structs.
+ *
+ * They're accessed and modified via user facing synthetic xattrs, iops
+ * calls from the kernel, during inode mode changes, and during inode
+ * creation.
+ *
+ * ACL access devolves into xattr access which is relatively expensive
+ * so we maintain the cached native form in the vfs inode.  We drop the
+ * cache in lock invalidation which means that cached acl access must
+ * always be performed under cluster locking.
+ */
+
+static int acl_xattr_name_len(int type, char **name, size_t *name_len)
+{
+	int ret = 0;
+
+	switch (type) {
+	case ACL_TYPE_ACCESS:
+		*name = XATTR_NAME_POSIX_ACL_ACCESS;
+		if (name_len)
+			*name_len = sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1;
+		break;
+	case ACL_TYPE_DEFAULT:
+		*name = XATTR_NAME_POSIX_ACL_DEFAULT;
+		if (name_len)
+			*name_len = sizeof(XATTR_NAME_POSIX_ACL_DEFAULT) - 1;
+		break;
+	default:
+		ret = -EINVAL;
+		break;
+	}
+
+	return ret;
+}
+
+struct posix_acl *scoutfs_get_acl_locked(struct inode *inode, int type, struct scoutfs_lock *lock)
+{
+	struct posix_acl *acl;
+	char *value = NULL;
+	char *name;
+	int ret;
+
+	if (!IS_POSIXACL(inode))
+		return NULL;
+
+	acl = get_cached_acl(inode, type);
+	if (acl != ACL_NOT_CACHED)
+		return acl;
+
+	ret = acl_xattr_name_len(type, &name, NULL);
+	if (ret < 0)
+		return ERR_PTR(ret);
+
+	ret = scoutfs_xattr_get_locked(inode, name, NULL, 0, lock);
+	if (ret > 0) {
+		value = kzalloc(ret, GFP_NOFS);
+		if (!value)
+			ret = -ENOMEM;
+		else
+			ret = scoutfs_xattr_get_locked(inode, name, value, ret, lock);
+	}
+	if (ret > 0) {
+		acl = posix_acl_from_xattr(&init_user_ns, value, ret);
+	} else if (ret == -ENODATA || ret == 0) {
+		acl = NULL;
+	} else {
+		acl = ERR_PTR(ret);
+	}
+
+	/* can set null negative cache */
+	if (!IS_ERR(acl))
+		set_cached_acl(inode, type, acl);
+
+	kfree(value);
+
+	return acl;
+}
+
+struct posix_acl *scoutfs_get_acl(struct inode *inode, int type)
+{
+	struct super_block *sb = inode->i_sb;
+	struct scoutfs_lock *lock = NULL;
+	struct posix_acl *acl;
+	int ret;
+
+	if (!IS_POSIXACL(inode))
+		return NULL;
+
+	ret = scoutfs_lock_inode(sb, SCOUTFS_LOCK_READ, 0, inode, &lock);
+	if (ret < 0) {
+		acl = ERR_PTR(ret);
+	} else {
+		acl = scoutfs_get_acl_locked(inode, type, lock);
+		scoutfs_unlock(sb, lock, SCOUTFS_LOCK_READ);
+	}
+
+	return acl;
+}
+
+/*
+ * The caller has acquired the locks and dirtied the inode, they'll
+ * update the inode item if we return 0.
+ */
+int scoutfs_set_acl_locked(struct inode *inode, struct posix_acl *acl, int type,
+			   struct scoutfs_lock *lock, struct list_head *ind_locks)
+{
+	static const struct scoutfs_xattr_prefix_tags tgs = {0,}; /* never scoutfs. prefix */
+	bool set_mode = false;
+	char *value = NULL;
+	umode_t new_mode;
+	size_t name_len;
+	char *name;
+	int size = 0;
+	int ret;
+
+	ret = acl_xattr_name_len(type, &name, &name_len);
+	if (ret < 0)
+		return ret;
+
+	switch (type) {
+	case ACL_TYPE_ACCESS:
+		if (acl) {
+			ret = posix_acl_update_mode(inode, &new_mode, &acl);
+			if (ret < 0)
+				goto out;
+			set_mode = true;
+		}
+		break;
+	case ACL_TYPE_DEFAULT:
+		if (!S_ISDIR(inode->i_mode)) {
+			ret = acl ? -EINVAL : 0;
+			goto out;
+		}
+		break;
+	}
+
+	if (acl) {
+		size = posix_acl_xattr_size(acl->a_count);
+		value = kmalloc(size, GFP_NOFS);
+		if (!value) {
+			ret = -ENOMEM;
+			goto out;
+		}
+
+		ret = posix_acl_to_xattr(&init_user_ns, acl, value, size);
+		if (ret < 0)
+			goto out;
+	}
+
+	ret = scoutfs_xattr_set_locked(inode, name, name_len, value, size, 0, &tgs,
+				       lock, NULL, ind_locks);
+	if (ret == 0 && set_mode) {
+		inode->i_mode = new_mode;
+		if (!value) {
+			/* can be setting an acl that only affects mode, didn't need xattr */
+			inode_inc_iversion(inode);
+			inode->i_ctime = CURRENT_TIME;
+		}
+	}
+
+out:
+	if (!ret)
+		set_cached_acl(inode, type, acl);
+
+	kfree(value);
+
+	return ret;
+}
+
+int scoutfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
+{
+	struct super_block *sb = inode->i_sb;
+	struct scoutfs_lock *lock = NULL;
+	LIST_HEAD(ind_locks);
+	int ret;
+
+	ret = scoutfs_lock_inode(sb, SCOUTFS_LOCK_WRITE, SCOUTFS_LKF_REFRESH_INODE, inode, &lock) ?:
+	      scoutfs_inode_index_lock_hold(inode, &ind_locks, false, true);
+	if (ret == 0) {
+		ret = scoutfs_dirty_inode_item(inode, lock) ?:
+		      scoutfs_set_acl_locked(inode, acl, type, lock, &ind_locks);
+		if (ret == 0)
+			scoutfs_update_inode_item(inode, lock, &ind_locks);
+
+		scoutfs_release_trans(sb);
+		scoutfs_inode_index_unlock(sb, &ind_locks);
+	}
+
+	scoutfs_unlock(sb, lock, SCOUTFS_LOCK_WRITE);
+	return ret;
+}
+
+int scoutfs_acl_get_xattr(struct dentry *dentry, const char *name, void *value, size_t size,
+			  int type)
+{
+	struct posix_acl *acl;
+	int ret = 0;
+
+	if (!IS_POSIXACL(dentry->d_inode))
+		return -EOPNOTSUPP;
+
+	acl = scoutfs_get_acl(dentry->d_inode, type);
+	if (IS_ERR(acl))
+		return PTR_ERR(acl);
+	if (acl == NULL)
+		return -ENODATA;
+
+	ret = posix_acl_to_xattr(&init_user_ns, acl, value, size);
+	posix_acl_release(acl);
+
+	return ret;
+}
+
+int scoutfs_acl_set_xattr(struct dentry *dentry, const char *name, const void *value, size_t size,
+			  int flags, int type)
+{
+	struct posix_acl *acl = NULL;
+	int ret;
+
+	if (!inode_owner_or_capable(dentry->d_inode))
+		return -EPERM;
+
+	if (!IS_POSIXACL(dentry->d_inode))
+		return -EOPNOTSUPP;
+
+	if (value) {
+		acl = posix_acl_from_xattr(&init_user_ns, value, size);
+		if (IS_ERR(acl))
+			return PTR_ERR(acl);
+
+		if (acl) {
+			ret = kc_posix_acl_valid(&init_user_ns, acl);
+			if (ret)
+				goto out;
+		}
+	}
+
+	ret = scoutfs_set_acl(dentry->d_inode, acl, type);
+out:
+	posix_acl_release(acl);
+
+	return ret;
+}
+
+/*
+ * Apply the parent's default acl to new inodes access acl and inherit
+ * it as the default for new directories.  The caller holds locks and a
+ * transaction.
+ */
+int scoutfs_init_acl_locked(struct inode *inode, struct inode *dir,
+			    struct scoutfs_lock *lock, struct scoutfs_lock *dir_lock,
+			    struct list_head *ind_locks)
+{
+	struct posix_acl *acl = NULL;
+	int ret = 0;
+
+	if (!S_ISLNK(inode->i_mode)) {
+		if (IS_POSIXACL(dir)) {
+			acl = scoutfs_get_acl_locked(dir, ACL_TYPE_DEFAULT, dir_lock);
+			if (IS_ERR(acl))
+				return PTR_ERR(acl);
+		}
+
+		if (!acl)
+			inode->i_mode &= ~current_umask();
+	}
+
+	if (IS_POSIXACL(dir) && acl) {
+		if (S_ISDIR(inode->i_mode)) {
+			ret = scoutfs_set_acl_locked(inode, acl, ACL_TYPE_DEFAULT,
+						     lock, ind_locks);
+			if (ret)
+				goto out;
+		}
+		ret = posix_acl_create(&acl, GFP_NOFS, &inode->i_mode);
+		if (ret < 0)
+			return ret;
+		if (ret > 0)
+			ret = scoutfs_set_acl_locked(inode, acl, ACL_TYPE_ACCESS,
+						     lock, ind_locks);
+	} else {
+		cache_no_acl(inode);
+	}
+out:
+	posix_acl_release(acl);
+	return ret;
+}
+
+/*
+ * Update the access ACL based on a newly set mode.  If we return an
+ * error then the xattr wasn't changed.
+ *
+ * Annoyingly, setattr_copy has logic that transforms the final set mode
+ * that we want to use to update the acl.   But we don't want to modify
+ * the other inode fields while discovering the resulting mode.  We're
+ * relying on acl_chmod not caring about the transformation (currently
+ * just clears sgid).  It would be better if we could get the resulting
+ * mode to give to acl_chmod without modifying the other inode fields.
+ *
+ * The caller has the inode mutex, a cluster lock, transaction, and will
+ * update the inode item if we return success.
+ */
+int scoutfs_acl_chmod_locked(struct inode *inode, struct iattr *attr,
+			     struct scoutfs_lock *lock, struct list_head *ind_locks)
+{
+	struct posix_acl *acl;
+	int ret = 0;
+
+	if (!IS_POSIXACL(inode) || !(attr->ia_valid & ATTR_MODE))
+		return 0;
+
+	if (S_ISLNK(inode->i_mode))
+		return -EOPNOTSUPP;
+
+	acl = scoutfs_get_acl_locked(inode, ACL_TYPE_ACCESS, lock);
+	if (IS_ERR_OR_NULL(acl))
+		return PTR_ERR(acl);
+
+	ret = posix_acl_chmod(&acl, GFP_KERNEL, attr->ia_mode);
+	if (ret)
+		return ret;
+
+	ret = scoutfs_set_acl_locked(inode, acl, ACL_TYPE_ACCESS, lock, ind_locks);
+	posix_acl_release(acl);
+	return ret;
+}

kmod/src/acl.h

@@ -0,0 +1,18 @@
+#ifndef _SCOUTFS_ACL_H_
+#define _SCOUTFS_ACL_H_
+
+struct posix_acl *scoutfs_get_acl(struct inode *inode, int type);
+struct posix_acl *scoutfs_get_acl_locked(struct inode *inode, int type, struct scoutfs_lock *lock);
+int scoutfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
+int scoutfs_set_acl_locked(struct inode *inode, struct posix_acl *acl, int type,
+			   struct scoutfs_lock *lock, struct list_head *ind_locks);
+int scoutfs_acl_get_xattr(struct dentry *dentry, const char *name, void *value, size_t size,
+			  int type);
+int scoutfs_acl_set_xattr(struct dentry *dentry, const char *name, const void *value, size_t size,
+			  int flags, int type);
+int scoutfs_acl_chmod_locked(struct inode *inode, struct iattr *attr,
+			     struct scoutfs_lock *lock, struct list_head *ind_locks);
+int scoutfs_init_acl_locked(struct inode *inode, struct inode *dir,
+			    struct scoutfs_lock *lock, struct scoutfs_lock *dir_lock,
+			    struct list_head *ind_locks);
+#endif

kmod/src/alloc.c

@@ -892,12 +892,11 @@ static int find_zone_extent(struct super_block *sb, struct scoutfs_alloc_root *r
  * -ENOENT is returned if we run out of extents in the source tree
  * before moving the total.
  *
- * If meta_reserved is non-zero then -EINPROGRESS can be returned if the
- * current meta allocator's avail blocks or room for freed blocks would
- * have fallen under the reserved amount.  The could have been
- * successfully dirtied in this case but the number of blocks moved is
- * not returned.  The caller is expected to deal with the partial
- * progress by commiting the dirty trees and examining the resulting
+ * If meta_budget is non-zero then -EINPROGRESS can be returned if the
+ * the caller's budget is consumed in the allocator during this call
+ * (though not necessarily by us, we don't have per-thread tracking of
+ * allocator consumption :/).  The call can still have made progress and
+ * caller is expected commit the dirty trees and examining the resulting
  * modified trees to see if they need to continue moving extents.
  *
  * The caller can specify that extents in the source tree should first
@@ -914,7 +913,7 @@ int scoutfs_alloc_move(struct super_block *sb, struct scoutfs_alloc *alloc,
 		       struct scoutfs_block_writer *wri,
 		       struct scoutfs_alloc_root *dst,
 		       struct scoutfs_alloc_root *src, u64 total,
-		       __le64 *exclusive, __le64 *vacant, u64 zone_blocks, u64 meta_reserved)
+		       __le64 *exclusive, __le64 *vacant, u64 zone_blocks, u64 meta_budget)
 {
 	struct alloc_ext_args args = {
 		.alloc = alloc,
@@ -922,6 +921,8 @@ int scoutfs_alloc_move(struct super_block *sb, struct scoutfs_alloc *alloc,
 	};
 	struct scoutfs_extent found;
 	struct scoutfs_extent ext;
+	u32 avail_start = 0;
+	u32 freed_start = 0;
 	u64 moved = 0;
 	u64 count;
 	int ret = 0;
@@ -932,6 +933,9 @@ int scoutfs_alloc_move(struct super_block *sb, struct scoutfs_alloc *alloc,
 		vacant = NULL;
 	}
 
+	if (meta_budget != 0)
+		scoutfs_alloc_meta_remaining(alloc, &avail_start, &freed_start);
+
 	while (moved < total) {
 		count = total - moved;
 
@@ -964,10 +968,10 @@ int scoutfs_alloc_move(struct super_block *sb, struct scoutfs_alloc *alloc,
 		if (ret < 0)
 			break;
 
-		if (meta_reserved != 0 &&
-		    scoutfs_alloc_meta_low(sb, alloc, meta_reserved +
-					   extent_mod_blocks(src->root.height) +
-					   extent_mod_blocks(dst->root.height))) {
+		if (meta_budget != 0 &&
+		    scoutfs_alloc_meta_low_since(alloc, avail_start, freed_start, meta_budget,
+						 extent_mod_blocks(src->root.height) +
+						 extent_mod_blocks(dst->root.height))) {
 			ret = -EINPROGRESS;
 			break;
 		}
@@ -1351,6 +1355,27 @@ void scoutfs_alloc_meta_remaining(struct scoutfs_alloc *alloc, u32 *avail_total,
 	} while (read_seqretry(&alloc->seqlock, seq));
 }
 
+/*
+ * Returns true if the caller's consumption of nr from either avail or
+ * freed would end up exceeding their budget relative to the starting
+ * remaining snapshot they took.
+ */
+bool scoutfs_alloc_meta_low_since(struct scoutfs_alloc *alloc, u32 avail_start, u32 freed_start,
+				  u32 budget, u32 nr)
+{
+	u32 avail_use;
+	u32 freed_use;
+	u32 avail;
+	u32 freed;
+
+	scoutfs_alloc_meta_remaining(alloc, &avail, &freed);
+
+	avail_use = avail_start - avail;
+	freed_use = freed_start - freed;
+
+	return ((avail_use + nr) > budget) || ((freed_use + nr) > budget);
+}
+
 bool scoutfs_alloc_test_flag(struct super_block *sb,
 			    struct scoutfs_alloc *alloc, u32 flag)
 {

kmod/src/alloc.h

@@ -19,14 +19,11 @@
 	(128ULL * 1024 * 1024 >> SCOUTFS_BLOCK_SM_SHIFT)
 
 /*
- * The largest aligned region that we'll try to allocate at the end of
- * the file as it's extended.  This is also limited to the current file
- * size so we can only waste at most twice the total file size when
- * files are less than this.  We try to keep this around the point of
- * diminishing returns in streaming performance of common data devices
- * to limit waste.
+ * The default size that we'll try to preallocate.  This is trying to
+ * hit the limit of large efficient device writes while minimizing
+ * wasted preallocation that is never used.
  */
-#define SCOUTFS_DATA_EXTEND_PREALLOC_LIMIT \
+#define SCOUTFS_DATA_PREALLOC_DEFAULT_BLOCKS \
 	(8ULL * 1024 * 1024 >> SCOUTFS_BLOCK_SM_SHIFT)
 
 /*
@@ -131,7 +128,7 @@ int scoutfs_alloc_move(struct super_block *sb, struct scoutfs_alloc *alloc,
 		       struct scoutfs_block_writer *wri,
 		       struct scoutfs_alloc_root *dst,
 		       struct scoutfs_alloc_root *src, u64 total,
-		       __le64 *exclusive, __le64 *vacant, u64 zone_blocks, u64 meta_reserved);
+		       __le64 *exclusive, __le64 *vacant, u64 zone_blocks, u64 meta_budget);
 int scoutfs_alloc_insert(struct super_block *sb, struct scoutfs_alloc *alloc,
 			 struct scoutfs_block_writer *wri, struct scoutfs_alloc_root *root,
 			 u64 start, u64 len);
@@ -159,6 +156,8 @@ int scoutfs_alloc_splice_list(struct super_block *sb,
 bool scoutfs_alloc_meta_low(struct super_block *sb,
 			    struct scoutfs_alloc *alloc, u32 nr);
 void scoutfs_alloc_meta_remaining(struct scoutfs_alloc *alloc, u32 *avail_total, u32 *freed_space);
+bool scoutfs_alloc_meta_low_since(struct scoutfs_alloc *alloc, u32 avail_start, u32 freed_start,
+				  u32 budget, u32 nr);
 bool scoutfs_alloc_test_flag(struct super_block *sb,
 			    struct scoutfs_alloc *alloc, u32 flag);
 

kmod/src/data.c

@@ -366,27 +366,27 @@ static inline u64 ext_last(struct scoutfs_extent *ext)
 
 /*
  * The caller is writing to a logical iblock that doesn't have an
- * allocated extent.
+ * allocated extent.  The caller has searched for an extent containing
+ * iblock.  If it already existed then it must be unallocated and
+ * offline.
  *
- * We always allocate an extent starting at the logical iblock.  The
- * caller has searched for an extent containing iblock.  If it already
- * existed then it must be unallocated and offline.
+ * We implement two preallocation strategies.  Typically we only
+ * preallocate for simple streaming writes and limit preallocation while
+ * the file is small.   The largest efficient allocation size is
+ * typically large enough that it would be unreasonable to allocate that
+ * much for all small files.
  *
- * Preallocation is used if we're strictly contiguously extending
- * writes.  That is, if the logical block offset equals the number of
- * online blocks.  We try to preallocate the number of blocks existing
- * so that small files don't waste inordinate amounts of space and large
- * files will eventually see large extents.  This only works for
- * contiguous single stream writes or stages of files from the first
- * block.  It doesn't work for concurrent stages, releasing behind
- * staging, sparse files, multi-node writes, etc.  fallocate() is always
- * a better tool to use.
+ * Optionally, we can simply preallocate large empty aligned regions.
+ * This can waste a lot of space for small or sparse files but is
+ * reasonable when a file population is known to be large and dense but
+ * known to be written with non-streaming write patterns.
  */
 static int alloc_block(struct super_block *sb, struct inode *inode,
 		       struct scoutfs_extent *ext, u64 iblock,
 		       struct scoutfs_lock *lock)
 {
 	DECLARE_DATA_INFO(sb, datinf);
+	struct scoutfs_mount_options opts;
 	const u64 ino = scoutfs_ino(inode);
 	struct data_ext_args args = {
 		.ino = ino,
@@ -394,17 +394,22 @@ static int alloc_block(struct super_block *sb, struct inode *inode,
 		.lock = lock,
 	};
 	struct scoutfs_extent found;
-	struct scoutfs_extent pre;
+	struct scoutfs_extent pre = {0,};
+	bool undo_pre = false;
 	u64 blkno = 0;
 	u64 online;
 	u64 offline;
 	u8 flags;
+	u64 start;
 	u64 count;
+	u64 rem;
 	int ret;
 	int err;
 
 	trace_scoutfs_data_alloc_block_enter(sb, ino, iblock, ext);
 
+	scoutfs_options_read(sb, &opts);
+
 	/* can only allocate over existing unallocated offline extent */
 	if (WARN_ON_ONCE(ext->len &&
 			 !(iblock >= ext->start && iblock <= ext_last(ext) &&
@@ -413,66 +418,106 @@ static int alloc_block(struct super_block *sb, struct inode *inode,
 
 	mutex_lock(&datinf->mutex);
 
-	scoutfs_inode_get_onoff(inode, &online, &offline);
+	/* default to single allocation at the written block */
+	start = iblock;
+	count = 1;
+	/* copy existing flags for preallocated regions */
+	flags = ext->len ? ext->flags : 0;
 
 	if (ext->len) {
-		/* limit preallocation to remaining existing (offline) extent */
+		/*
+		 * Assume that offline writers are going to be writing
+		 * all the offline extents and try to preallocate the
+		 * rest of the unwritten extent.
+		 */
 		count = ext->len - (iblock - ext->start);
-		flags = ext->flags;
+
+	} else if (opts.data_prealloc_contig_only) {
+		/*
+		 * Only preallocate when a quick test of the online
+		 * block counts looks like we're a simple streaming
+		 * write.  Try to write until the next extent but limit
+		 * the preallocation size to the number of online
+		 * blocks.
+		 */
+		scoutfs_inode_get_onoff(inode, &online, &offline);
+		if (iblock > 1 && iblock == online) {
+			ret = scoutfs_ext_next(sb, &data_ext_ops, &args,
+					       iblock, 1, &found);
+			if (ret < 0 && ret != -ENOENT)
+				goto out;
+			if (found.len && found.start > iblock)
+				count = found.start - iblock;
+			else
+				count = opts.data_prealloc_blocks;
+
+			count = min(iblock, count);
+		}
+
 	} else {
-		/* otherwise alloc to next extent */
-		ret = scoutfs_ext_next(sb, &data_ext_ops, &args,
-				       iblock, 1, &found);
+		/*
+		 * Preallocation of aligned regions only preallocates if
+		 * the aligned region contains no extents at all.  This
+		 * could be fooled by offline sparse extents but we
+		 * don't want to iterate over all offline extents in the
+		 * aligned region.
+		 */
+		div64_u64_rem(iblock, opts.data_prealloc_blocks, &rem);
+		start = iblock - rem;
+		count = opts.data_prealloc_blocks;
+		ret = scoutfs_ext_next(sb, &data_ext_ops, &args, start, 1, &found);
 		if (ret < 0 && ret != -ENOENT)
 			goto out;
-		if (found.len && found.start > iblock)
-			count = found.start - iblock;
-		else
-			count = SCOUTFS_DATA_EXTEND_PREALLOC_LIMIT;
-		flags = 0;
+		if (found.len && found.start < start + count)
+			count = 1;
 	}
 
 	/* overall prealloc limit */
-	count = min_t(u64, count, SCOUTFS_DATA_EXTEND_PREALLOC_LIMIT);
-
-	/* only strictly contiguous extending writes will try to preallocate */
-	if (iblock > 1 && iblock == online)
-		count = min(iblock, count);
-	else
-		count = 1;
+	count = min_t(u64, count, opts.data_prealloc_blocks);
 
 	ret = scoutfs_alloc_data(sb, datinf->alloc, datinf->wri,
 				 &datinf->dalloc, count, &blkno, &count);
 	if (ret < 0)
 		goto out;
 
-	ret = scoutfs_ext_set(sb, &data_ext_ops, &args, iblock, 1, blkno, 0);
-	if (ret < 0)
-		goto out;
+	/*
+	 * An aligned prealloc attempt that gets a smaller extent can
+	 * fail to cover iblock, make sure that it does.  This is a
+	 * pathological case so we don't try to move the window past
+	 * iblock.  Just enough to cover it, which we know is safe.
+	 */
+	if (start + count <= iblock)
+		start += (iblock - (start + count) + 1);
 
 	if (count > 1) {
-		pre.start = iblock + 1;
-		pre.len = count - 1;
-		pre.map = blkno + 1;
+		pre.start = start;
+		pre.len = count;
+		pre.map = blkno;
 		pre.flags = flags | SEF_UNWRITTEN;
 		ret = scoutfs_ext_set(sb, &data_ext_ops, &args, pre.start,
 				      pre.len, pre.map, pre.flags);
-		if (ret < 0) {
-			err = scoutfs_ext_set(sb, &data_ext_ops, &args, iblock,
-					      1, 0, flags);
-			BUG_ON(err); /* couldn't restore original */
+		if (ret < 0)
 			goto out;
-		}
+		undo_pre = true;
 	}
 
+	ret = scoutfs_ext_set(sb, &data_ext_ops, &args, iblock, 1, blkno + (iblock - start), 0);
+	if (ret < 0)
+		goto out;
+
 	/* tell the caller we have a single block, could check next? */
 	ext->start = iblock;
 	ext->len = 1;
-	ext->map = blkno;
+	ext->map = blkno + (iblock - start);
 	ext->flags = 0;
 	ret = 0;
 out:
 	if (ret < 0 && blkno > 0) {
+		if (undo_pre) {
+			err = scoutfs_ext_set(sb, &data_ext_ops, &args,
+					      pre.start, pre.len, 0, flags);
+			BUG_ON(err); /* leaked preallocated extent */
+		}
 		err = scoutfs_free_data(sb, datinf->alloc, datinf->wri,
 				        &datinf->data_freed, blkno, count);
 		BUG_ON(err); /* leaked free blocks */

kmod/src/dir.c

@@ -32,6 +32,7 @@
 #include "hash.h"
 #include "omap.h"
 #include "forest.h"
+#include "acl.h"
 #include "counters.h"
 #include "scoutfs_trace.h"
 
@@ -765,7 +766,8 @@ retry:
 	if (ret)
 		goto out_unlock;
 
-	ret = scoutfs_new_inode(sb, dir, mode, rdev, ino, *inode_lock, &inode);
+	ret = scoutfs_new_inode(sb, dir, mode, rdev, ino, *inode_lock, &inode) ?:
+	      scoutfs_init_acl_locked(inode, dir, *inode_lock, *dir_lock, ind_locks);
 	if (ret < 0)
 		goto out;
 
@@ -1242,10 +1244,11 @@ const struct inode_operations scoutfs_symlink_iops = {
 	.put_link       = scoutfs_put_link,
 	.getattr	= scoutfs_getattr,
 	.setattr	= scoutfs_setattr,
-	.setxattr	= scoutfs_setxattr,
-	.getxattr	= scoutfs_getxattr,
+	.setxattr	= generic_setxattr,
+	.getxattr	= generic_getxattr,
 	.listxattr	= scoutfs_listxattr,
-	.removexattr	= scoutfs_removexattr,
+	.removexattr	= generic_removexattr,
+	.get_acl	= scoutfs_get_acl,
 };
 
 /*
@@ -1978,10 +1981,11 @@ const struct inode_operations_wrapper scoutfs_dir_iops = {
 	.rename		= scoutfs_rename,
 	.getattr	= scoutfs_getattr,
 	.setattr	= scoutfs_setattr,
-	.setxattr	= scoutfs_setxattr,
-	.getxattr	= scoutfs_getxattr,
+	.setxattr	= generic_setxattr,
+	.getxattr	= generic_getxattr,
 	.listxattr	= scoutfs_listxattr,
-	.removexattr	= scoutfs_removexattr,
+	.removexattr	= generic_removexattr,
+	.get_acl	= scoutfs_get_acl,
 	.symlink	= scoutfs_symlink,
 	.permission	= scoutfs_permission,
 	},

kmod/src/inode.c

@@ -36,6 +36,7 @@
 #include "omap.h"
 #include "forest.h"
 #include "btree.h"
+#include "acl.h"
 
 /*
  * XXX
@@ -136,20 +137,22 @@ void scoutfs_destroy_inode(struct inode *inode)
 static const struct inode_operations scoutfs_file_iops = {
 	.getattr	= scoutfs_getattr,
 	.setattr	= scoutfs_setattr,
-	.setxattr	= scoutfs_setxattr,
-	.getxattr	= scoutfs_getxattr,
+	.setxattr	= generic_setxattr,
+	.getxattr	= generic_getxattr,
 	.listxattr	= scoutfs_listxattr,
-	.removexattr	= scoutfs_removexattr,
+	.removexattr	= generic_removexattr,
+	.get_acl	= scoutfs_get_acl,
 	.fiemap		= scoutfs_data_fiemap,
 };
 
 static const struct inode_operations scoutfs_special_iops = {
 	.getattr	= scoutfs_getattr,
 	.setattr	= scoutfs_setattr,
-	.setxattr	= scoutfs_setxattr,
-	.getxattr	= scoutfs_getxattr,
+	.setxattr	= generic_setxattr,
+	.getxattr	= generic_getxattr,
 	.listxattr	= scoutfs_listxattr,
-	.removexattr	= scoutfs_removexattr,
+	.removexattr	= generic_removexattr,
+	.get_acl	= scoutfs_get_acl,
 };
 
 /*
@@ -507,10 +510,15 @@ retry:
 	if (ret)
 		goto out;
 
+	ret = scoutfs_acl_chmod_locked(inode, attr, lock, &ind_locks);
+	if (ret < 0)
+		goto release;
+
 	setattr_copy(inode, attr);
 	inode_inc_iversion(inode);
 	scoutfs_update_inode_item(inode, lock, &ind_locks);
 
+release:
 	scoutfs_release_trans(sb);
 	scoutfs_inode_index_unlock(sb, &ind_locks);
 out:
@@ -1685,6 +1693,7 @@ static int try_delete_inode_items(struct super_block *sb, u64 ino)
 	struct scoutfs_lock *lock = NULL;
 	struct scoutfs_inode sinode;
 	struct scoutfs_key key;
+	bool clear_trying = false;
 	u64 group_nr;
 	int bit_nr;
 	int ret;
@@ -1704,6 +1713,7 @@ static int try_delete_inode_items(struct super_block *sb, u64 ino)
 		ret = 0;
 		goto out;
 	}
+	clear_trying = true;
 
 	/* can't delete if it's cached in local or remote mounts */
 	if (scoutfs_omap_test(sb, ino) || test_bit_le(bit_nr, ldata->map.bits)) {
@@ -1730,7 +1740,7 @@ static int try_delete_inode_items(struct super_block *sb, u64 ino)
 
 	ret = delete_inode_items(sb, ino, &sinode, lock, orph_lock);
 out:
-	if (ldata)
+	if (clear_trying)
 		clear_bit(bit_nr, ldata->trying);
 
 	scoutfs_unlock(sb, lock, SCOUTFS_LOCK_WRITE);

kmod/src/kernelcompat.h

@@ -46,4 +46,10 @@ static inline int dir_emit_dots(struct file *file, void *dirent,
 }
 #endif
 
+#ifdef KC_POSIX_ACL_VALID_USER_NS
+#define kc_posix_acl_valid(user_ns, acl) posix_acl_valid(user_ns, acl)
+#else
+#define kc_posix_acl_valid(user_ns, acl) posix_acl_valid(acl)
+#endif
+
 #endif

kmod/src/lock.c

@@ -18,6 +18,7 @@
 #include <linux/mm.h>
 #include <linux/sort.h>
 #include <linux/ctype.h>
+#include <linux/posix_acl.h>
 
 #include "super.h"
 #include "lock.h"
@@ -156,6 +157,8 @@ static void invalidate_inode(struct super_block *sb, u64 ino)
 		if (!linfo->unmounting)
 			d_prune_aliases(inode);
 
+		forget_all_cached_acls(inode);
+
 		si->drop_invalidated = true;
 		if (scoutfs_lock_is_covered(sb, &si->ino_lock_cov) && inode->i_nlink > 0) {
 			iput(inode);

kmod/src/net.c

@@ -355,6 +355,7 @@ static int submit_send(struct super_block *sb,
 		}
 		if (rid != 0) {
 			spin_unlock(&conn->lock);
+			kfree(msend);
 			return -ENOTCONN;
 		}
 	}
@@ -1345,10 +1346,12 @@ scoutfs_net_alloc_conn(struct super_block *sb,
 	if (!conn)
 		return NULL;
 
-	conn->info = kzalloc(info_size, GFP_NOFS);
-	if (!conn->info) {
-		kfree(conn);
-		return NULL;
+	if (info_size) {
+		conn->info = kzalloc(info_size, GFP_NOFS);
+		if (!conn->info) {
+			kfree(conn);
+			return NULL;
+		}
 	}
 
 	conn->workq = alloc_workqueue("scoutfs_net_%s",

kmod/src/omap.c

@@ -157,6 +157,15 @@ static int free_rid(struct omap_rid_list *list, struct omap_rid_entry *entry)
 	return nr;
 }
 
+static void free_rid_list(struct omap_rid_list *list)
+{
+	struct omap_rid_entry *entry;
+	struct omap_rid_entry *tmp;
+
+	list_for_each_entry_safe(entry, tmp, &list->head, head)
+		free_rid(list, entry);
+}
+
 static int copy_rids(struct omap_rid_list *to, struct omap_rid_list *from, spinlock_t *from_lock)
 {
 	struct omap_rid_entry *entry;
@@ -804,6 +813,10 @@ void scoutfs_omap_server_shutdown(struct super_block *sb)
 	llist_for_each_entry_safe(req, tmp, requests, llnode)
 		kfree(req);
 
+	spin_lock(&ominf->lock);
+	free_rid_list(&ominf->rids);
+	spin_unlock(&ominf->lock);
+
 	synchronize_rcu();
 }
 
@@ -864,6 +877,10 @@ void scoutfs_omap_destroy(struct super_block *sb)
 		rhashtable_walk_stop(&iter);
 		rhashtable_walk_exit(&iter);
 
+		spin_lock(&ominf->lock);
+		free_rid_list(&ominf->rids);
+		spin_unlock(&ominf->lock);
+
 		rhashtable_destroy(&ominf->group_ht);
 		rhashtable_destroy(&ominf->req_ht);
 		kfree(ominf);

kmod/src/options.c

@@ -27,16 +27,25 @@
 #include "options.h"
 #include "super.h"
 #include "inode.h"
+#include "alloc.h"
 
 enum {
+	Opt_acl,
+	Opt_data_prealloc_blocks,
+	Opt_data_prealloc_contig_only,
 	Opt_metadev_path,
+	Opt_noacl,
 	Opt_orphan_scan_delay_ms,
 	Opt_quorum_slot_nr,
 	Opt_err,
 };
 
 static const match_table_t tokens = {
+	{Opt_acl, "acl"},
+	{Opt_data_prealloc_blocks, "data_prealloc_blocks=%s"},
+	{Opt_data_prealloc_contig_only, "data_prealloc_contig_only=%s"},
 	{Opt_metadev_path, "metadev_path=%s"},
+	{Opt_noacl, "noacl"},
 	{Opt_orphan_scan_delay_ms, "orphan_scan_delay_ms=%s"},
 	{Opt_quorum_slot_nr, "quorum_slot_nr=%s"},
 	{Opt_err, NULL}
@@ -106,11 +115,17 @@ static void free_options(struct scoutfs_mount_options *opts)
 #define DEFAULT_ORPHAN_SCAN_DELAY_MS	(10 * MSEC_PER_SEC)
 #define MAX_ORPHAN_SCAN_DELAY_MS	(60 * MSEC_PER_SEC)
 
+#define MIN_DATA_PREALLOC_BLOCKS	1ULL
+#define MAX_DATA_PREALLOC_BLOCKS	((unsigned long long)SCOUTFS_BLOCK_SM_MAX)
+
 static void init_default_options(struct scoutfs_mount_options *opts)
 {
 	memset(opts, 0, sizeof(*opts));
+
+	opts->data_prealloc_blocks = SCOUTFS_DATA_PREALLOC_DEFAULT_BLOCKS;
+	opts->data_prealloc_contig_only = 1;
 	opts->quorum_slot_nr = -1;
-	opts->orphan_scan_delay_ms = DEFAULT_ORPHAN_SCAN_DELAY_MS;
+	opts->orphan_scan_delay_ms = -1;
 }
 
 /*
@@ -122,6 +137,7 @@ static void init_default_options(struct scoutfs_mount_options *opts)
 static int parse_options(struct super_block *sb, char *options, struct scoutfs_mount_options *opts)
 {
 	substring_t args[MAX_OPT_ARGS];
+	u64 nr64;
 	int nr;
 	int token;
 	char *p;
@@ -134,12 +150,44 @@ static int parse_options(struct super_block *sb, char *options, struct scoutfs_m
 		token = match_token(p, tokens, args);
 		switch (token) {
 
+		case Opt_acl:
+			sb->s_flags |= MS_POSIXACL;
+			break;
+
+		case Opt_data_prealloc_blocks:
+			ret = match_u64(args, &nr64);
+			if (ret < 0 ||
+			    nr64 < MIN_DATA_PREALLOC_BLOCKS || nr64 > MAX_DATA_PREALLOC_BLOCKS) {
+				scoutfs_err(sb, "invalid data_prealloc_blocks option, must be between %llu and %llu",
+					    MIN_DATA_PREALLOC_BLOCKS, MAX_DATA_PREALLOC_BLOCKS);
+				if (ret == 0)
+					ret = -EINVAL;
+				return ret;
+			}
+			opts->data_prealloc_blocks = nr64;
+			break;
+
+		case Opt_data_prealloc_contig_only:
+			ret = match_int(args, &nr);
+			if (ret < 0 || nr < 0 || nr > 1) {
+				scoutfs_err(sb, "invalid data_prealloc_contig_only option, bool must only be 0 or 1");
+				if (ret == 0)
+					ret = -EINVAL;
+				return ret;
+			}
+			opts->data_prealloc_contig_only = nr;
+			break;
+
 		case Opt_metadev_path:
 			ret = parse_bdev_path(sb, &args[0], &opts->metadev_path);
 			if (ret < 0)
 				return ret;
 			break;
 
+		case Opt_noacl:
+			sb->s_flags &= ~MS_POSIXACL;
+			break;
+
 		case Opt_orphan_scan_delay_ms:
 			if (opts->orphan_scan_delay_ms != -1) {
 				scoutfs_err(sb, "multiple orphan_scan_delay_ms options provided, only provide one.");
@@ -181,6 +229,9 @@ static int parse_options(struct super_block *sb, char *options, struct scoutfs_m
 		}
 	}
 
+	if (opts->orphan_scan_delay_ms == -1)
+		opts->orphan_scan_delay_ms = DEFAULT_ORPHAN_SCAN_DELAY_MS;
+
 	if (!opts->metadev_path) {
 		scoutfs_err(sb, "Required mount option \"metadev_path\" not found");
 		return -EINVAL;
@@ -250,10 +301,17 @@ int scoutfs_options_show(struct seq_file *seq, struct dentry *root)
 {
 	struct super_block *sb = root->d_sb;
 	struct scoutfs_mount_options opts;
+	const bool is_acl = !!(sb->s_flags & MS_POSIXACL);
 
 	scoutfs_options_read(sb, &opts);
 
+	if (is_acl)
+		seq_puts(seq, ",acl");
+	seq_printf(seq, ",data_prealloc_blocks=%llu", opts.data_prealloc_blocks);
+	seq_printf(seq, ",data_prealloc_contig_only=%u", opts.data_prealloc_contig_only);
 	seq_printf(seq, ",metadev_path=%s", opts.metadev_path);
+	if (!is_acl)
+		seq_puts(seq, ",noacl");
 	seq_printf(seq, ",orphan_scan_delay_ms=%u", opts.orphan_scan_delay_ms);
 	if (opts.quorum_slot_nr >= 0)
 		seq_printf(seq, ",quorum_slot_nr=%d", opts.quorum_slot_nr);
@@ -261,6 +319,83 @@ int scoutfs_options_show(struct seq_file *seq, struct dentry *root)
 	return 0;
 }
 
+static ssize_t data_prealloc_blocks_show(struct kobject *kobj, struct kobj_attribute *attr,
+					 char *buf)
+{
+	struct super_block *sb = SCOUTFS_SYSFS_ATTRS_SB(kobj);
+	struct scoutfs_mount_options opts;
+
+	scoutfs_options_read(sb, &opts);
+
+	return snprintf(buf, PAGE_SIZE, "%llu", opts.data_prealloc_blocks);
+}
+static ssize_t data_prealloc_blocks_store(struct kobject *kobj, struct kobj_attribute *attr,
+					  const char *buf, size_t count)
+{
+	struct super_block *sb = SCOUTFS_SYSFS_ATTRS_SB(kobj);
+	DECLARE_OPTIONS_INFO(sb, optinf);
+	char nullterm[30]; /* more than enough for octal -U64_MAX */
+	u64 val;
+	int len;
+	int ret;
+
+	len = min(count, sizeof(nullterm) - 1);
+	memcpy(nullterm, buf, len);
+	nullterm[len] = '\0';
+
+	ret = kstrtoll(nullterm, 0, &val);
+	if (ret < 0 || val < MIN_DATA_PREALLOC_BLOCKS || val > MAX_DATA_PREALLOC_BLOCKS) {
+		scoutfs_err(sb, "invalid data_prealloc_blocks option, must be between %llu and %llu",
+			    MIN_DATA_PREALLOC_BLOCKS, MAX_DATA_PREALLOC_BLOCKS);
+		return -EINVAL;
+	}
+
+	write_seqlock(&optinf->seqlock);
+	optinf->opts.data_prealloc_blocks = val;
+	write_sequnlock(&optinf->seqlock);
+
+	return count;
+}
+SCOUTFS_ATTR_RW(data_prealloc_blocks);
+
+static ssize_t data_prealloc_contig_only_show(struct kobject *kobj, struct kobj_attribute *attr,
+					 char *buf)
+{
+	struct super_block *sb = SCOUTFS_SYSFS_ATTRS_SB(kobj);
+	struct scoutfs_mount_options opts;
+
+	scoutfs_options_read(sb, &opts);
+
+	return snprintf(buf, PAGE_SIZE, "%u", opts.data_prealloc_contig_only);
+}
+static ssize_t data_prealloc_contig_only_store(struct kobject *kobj, struct kobj_attribute *attr,
+					  const char *buf, size_t count)
+{
+	struct super_block *sb = SCOUTFS_SYSFS_ATTRS_SB(kobj);
+	DECLARE_OPTIONS_INFO(sb, optinf);
+	char nullterm[20]; /* more than enough for octal -U32_MAX */
+	long val;
+	int len;
+	int ret;
+
+	len = min(count, sizeof(nullterm) - 1);
+	memcpy(nullterm, buf, len);
+	nullterm[len] = '\0';
+
+	ret = kstrtol(nullterm, 0, &val);
+	if (ret < 0 || val < 0 || val > 1) {
+		scoutfs_err(sb, "invalid data_prealloc_contig_only option, bool must be 0 or 1");
+		return -EINVAL;
+	}
+
+	write_seqlock(&optinf->seqlock);
+	optinf->opts.data_prealloc_contig_only = val;
+	write_sequnlock(&optinf->seqlock);
+
+	return count;
+}
+SCOUTFS_ATTR_RW(data_prealloc_contig_only);
+
 static ssize_t metadev_path_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
 {
 	struct super_block *sb = SCOUTFS_SYSFS_ATTRS_SB(kobj);
@@ -325,6 +460,8 @@ static ssize_t quorum_slot_nr_show(struct kobject *kobj, struct kobj_attribute *
 SCOUTFS_ATTR_RO(quorum_slot_nr);
 
 static struct attribute *options_attrs[] = {
+	SCOUTFS_ATTR_PTR(data_prealloc_blocks),
+	SCOUTFS_ATTR_PTR(data_prealloc_contig_only),
 	SCOUTFS_ATTR_PTR(metadev_path),
 	SCOUTFS_ATTR_PTR(orphan_scan_delay_ms),
 	SCOUTFS_ATTR_PTR(quorum_slot_nr),

kmod/src/options.h

@@ -6,6 +6,8 @@
 #include "format.h"
 
 struct scoutfs_mount_options {
+	u64 data_prealloc_blocks;
+	bool data_prealloc_contig_only;
 	char *metadev_path;
 	unsigned int orphan_scan_delay_ms;
 	int quorum_slot_nr;

kmod/src/server.c

@@ -694,13 +694,13 @@ static int alloc_move_refill_zoned(struct super_block *sb, struct scoutfs_alloc_
 
 static int alloc_move_empty(struct super_block *sb,
 			    struct scoutfs_alloc_root *dst,
-			    struct scoutfs_alloc_root *src, u64 meta_reserved)
+			    struct scoutfs_alloc_root *src, u64 meta_budget)
 {
 	DECLARE_SERVER_INFO(sb, server);
 
 	return scoutfs_alloc_move(sb, &server->alloc, &server->wri,
 				  dst, src, le64_to_cpu(src->total_len), NULL, NULL, 0,
-				  meta_reserved);
+				  meta_budget);
 }
 
 /*
@@ -1226,6 +1226,82 @@ static int finalize_and_start_log_merge(struct super_block *sb, struct scoutfs_l
 	return ret;
 }
 
+/*
+ * The calling get_log_trees ran out of available blocks in its commit's
+ * metadata allocator while moving extents from the log tree's
+ * data_freed into the core data_avail.  This finishes moving the
+ * extents in as many additional commits as it takes.   The logs mutex
+ * is nested inside holding commits so we recheck the persistent item
+ * each time we commit to make sure it's still what we think.   The
+ * caller is still going to send the item to the client so we update the
+ * caller's each time we make progress.  This is a best-effort attempt
+ * to clean up and it's valid to leave extents in data_freed we don't
+ * return errors to the caller.  The client will continue the work later
+ * in get_log_trees or as the rid is reclaimed.
+ */
+static void try_drain_data_freed(struct super_block *sb, struct scoutfs_log_trees *lt)
+{
+	DECLARE_SERVER_INFO(sb, server);
+	struct scoutfs_super_block *super = &SCOUTFS_SB(sb)->super;
+	const u64 rid = le64_to_cpu(lt->rid);
+	const u64 nr = le64_to_cpu(lt->nr);
+	struct scoutfs_log_trees drain;
+	struct scoutfs_key key;
+	COMMIT_HOLD(hold);
+	int ret = 0;
+	int err;
+
+	scoutfs_key_init_log_trees(&key, rid, nr);
+
+	while (lt->data_freed.total_len != 0) {
+		server_hold_commit(sb, &hold);
+		mutex_lock(&server->logs_mutex);
+
+		ret = find_log_trees_item(sb, &super->logs_root, false, rid, U64_MAX, &drain);
+		if (ret < 0)
+			break;
+
+		/* careful to only keep draining the caller's specific open trans */
+		if (drain.nr != lt->nr || drain.get_trans_seq != lt->get_trans_seq ||
+		    drain.commit_trans_seq != lt->commit_trans_seq || drain.flags != lt->flags) {
+			ret = -ENOENT;
+			break;
+		}
+
+		ret = scoutfs_btree_dirty(sb, &server->alloc, &server->wri,
+					  &super->logs_root, &key);
+		if (ret < 0)
+			break;
+
+		/* moving can modify and return errors, always update caller and item */
+		mutex_lock(&server->alloc_mutex);
+		ret = alloc_move_empty(sb, &super->data_alloc, &drain.data_freed,
+				       COMMIT_HOLD_ALLOC_BUDGET / 2);
+		mutex_unlock(&server->alloc_mutex);
+		if (ret == -EINPROGRESS)
+			ret = 0;
+
+		*lt = drain;
+		err = scoutfs_btree_force(sb, &server->alloc, &server->wri,
+					  &super->logs_root, &key, &drain, sizeof(drain));
+		BUG_ON(err < 0); /* dirtying must guarantee success */
+
+		mutex_unlock(&server->logs_mutex);
+
+		ret = server_apply_commit(sb, &hold, ret);
+		if (ret < 0) {
+			ret = 0; /* don't try to abort, ignoring ret */
+			break;
+		}
+	}
+
+	/* try to cleanly abort and write any partial dirty btree blocks, but ignore result */
+	if (ret < 0) {
+		mutex_unlock(&server->logs_mutex);
+		server_apply_commit(sb, &hold, 0);
+	}
+}
+
 /*
  * Give the client roots to all the trees that they'll use to build
  * their transaction.
@@ -1351,7 +1427,9 @@ static int server_get_log_trees(struct super_block *sb,
 		goto update;
 	}
 
-	ret = alloc_move_empty(sb, &super->data_alloc, &lt.data_freed, 0);
+	ret = alloc_move_empty(sb, &super->data_alloc, &lt.data_freed, 100);
+	if (ret == -EINPROGRESS)
+		ret = 0;
 	if (ret < 0) {
 		err_str = "emptying committed data_freed";
 		goto update;
@@ -1429,6 +1507,10 @@ out:
 		scoutfs_err(sb, "error %d getting log trees for rid %016llx: %s",
 			    ret, rid, err_str);
 
+	/* try to drain excessive data_freed with additional commits, if needed, ignoring err */
+	if (ret == 0)
+		try_drain_data_freed(sb, &lt);
+
 	return scoutfs_net_response(sb, conn, cmd, id, ret, &lt, sizeof(lt));
 }
 

kmod/src/super.c

@@ -47,6 +47,7 @@
 #include "omap.h"
 #include "volopt.h"
 #include "fence.h"
+#include "xattr.h"
 #include "scoutfs_trace.h"
 
 static struct dentry *scoutfs_debugfs_root;
@@ -483,7 +484,8 @@ static int scoutfs_fill_super(struct super_block *sb, void *data, int silent)
 	sb->s_maxbytes = MAX_LFS_FILESIZE;
 	sb->s_op = &scoutfs_super_ops;
 	sb->s_export_op = &scoutfs_export_ops;
-	sb->s_flags |= MS_I_VERSION;
+	sb->s_xattr = scoutfs_xattr_handlers;
+	sb->s_flags |= MS_I_VERSION | MS_POSIXACL;
 
 	/* btree blocks use long lived bh->b_data refs */
 	mapping_set_gfp_mask(sb->s_bdev->bd_inode->i_mapping, GFP_NOFS);
@@ -496,7 +498,7 @@ static int scoutfs_fill_super(struct super_block *sb, void *data, int silent)
 
 	ret = assign_random_id(sbi);
 	if (ret < 0)
-		return ret;
+		goto out;
 
 	spin_lock_init(&sbi->next_ino_lock);
 	spin_lock_init(&sbi->data_wait_root.lock);
@@ -505,7 +507,7 @@ static int scoutfs_fill_super(struct super_block *sb, void *data, int silent)
 	/* parse options early for use during setup */
 	ret = scoutfs_options_early_setup(sb, data);
 	if (ret < 0)
-		return ret;
+		goto out;
 	scoutfs_options_read(sb, &opts);
 
 	ret = sb_set_blocksize(sb, SCOUTFS_BLOCK_SM_SIZE);

kmod/src/xattr.c

@@ -15,6 +15,7 @@
 #include <linux/dcache.h>
 #include <linux/xattr.h>
 #include <linux/crc32c.h>
+#include <linux/posix_acl.h>
 
 #include "format.h"
 #include "inode.h"
@@ -26,6 +27,7 @@
 #include "xattr.h"
 #include "lock.h"
 #include "hash.h"
+#include "acl.h"
 #include "scoutfs_trace.h"
 
 /*
@@ -79,16 +81,6 @@ static void init_xattr_key(struct scoutfs_key *key, u64 ino, u32 name_hash,
 #define SCOUTFS_XATTR_PREFIX		"scoutfs."
 #define SCOUTFS_XATTR_PREFIX_LEN	(sizeof(SCOUTFS_XATTR_PREFIX) - 1)
 
-static int unknown_prefix(const char *name)
-{
-	return strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) &&
-	       strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) &&
-	       strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN) &&
-	       strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)&&
-	       strncmp(name, SCOUTFS_XATTR_PREFIX, SCOUTFS_XATTR_PREFIX_LEN);
-}
-
-
 #define HIDE_TAG	"hide."
 #define SRCH_TAG	"srch."
 #define TOTL_TAG	"totl."
@@ -455,22 +447,17 @@ out:
  * Copy the value for the given xattr name into the caller's buffer, if it
  * fits.  Return the bytes copied or -ERANGE if it doesn't fit.
  */
-ssize_t scoutfs_getxattr(struct dentry *dentry, const char *name, void *buffer,
-			 size_t size)
+int scoutfs_xattr_get_locked(struct inode *inode, const char *name, void *buffer, size_t size,
+			     struct scoutfs_lock *lck)
 {
-	struct inode *inode = dentry->d_inode;
 	struct scoutfs_inode_info *si = SCOUTFS_I(inode);
 	struct super_block *sb = inode->i_sb;
 	struct scoutfs_xattr *xat = NULL;
-	struct scoutfs_lock *lck = NULL;
 	struct scoutfs_key key;
 	unsigned int xat_bytes;
 	size_t name_len;
 	int ret;
 
-	if (unknown_prefix(name))
-		return -EOPNOTSUPP;
-
 	name_len = strlen(name);
 	if (name_len > SCOUTFS_XATTR_MAX_NAME_LEN)
 		return -ENODATA;
@@ -480,10 +467,6 @@ ssize_t scoutfs_getxattr(struct dentry *dentry, const char *name, void *buffer,
 	if (!xat)
 		return -ENOMEM;
 
-	ret = scoutfs_lock_inode(sb, SCOUTFS_LOCK_READ, 0, inode, &lck);
-	if (ret)
-		goto out;
-
 	down_read(&si->xattr_rwsem);
 
 	ret = get_next_xattr(inode, &key, xat, xat_bytes, name, name_len, 0, 0, lck);
@@ -509,12 +492,27 @@ ssize_t scoutfs_getxattr(struct dentry *dentry, const char *name, void *buffer,
 	ret = copy_xattr_value(sb, &key, xat, xat_bytes, buffer, size, lck);
 unlock:
 	up_read(&si->xattr_rwsem);
-	scoutfs_unlock(sb, lck, SCOUTFS_LOCK_READ);
-out:
+
 	kfree(xat);
 	return ret;
 }
 
+static int scoutfs_xattr_get(struct dentry *dentry, const char *name, void *buffer, size_t size)
+{
+	struct inode *inode = dentry->d_inode;
+	struct super_block *sb = inode->i_sb;
+	struct scoutfs_lock *lock = NULL;
+	int ret;
+
+	ret = scoutfs_lock_inode(sb, SCOUTFS_LOCK_READ, 0, inode, &lock);
+	if (ret == 0) {
+		ret = scoutfs_xattr_get_locked(inode, name, buffer, size, lock);
+		scoutfs_unlock(sb, lock, SCOUTFS_LOCK_READ);
+	}
+
+	return ret;
+}
+
 void scoutfs_xattr_init_totl_key(struct scoutfs_key *key, u64 *name)
 {
 	scoutfs_key_set_zeros(key);
@@ -619,30 +617,32 @@ int scoutfs_xattr_combine_totl(void *dst, int dst_len, void *src, int src_len)
  * cause creation to fail if the xattr already exists (_CREATE) or
  * doesn't already exist (_REPLACE).  xattrs can have a zero length
  * value.
+ *
+ * The caller has acquired cluster locks, holds a transaction, and has
+ * dirtied the inode item so that they can update it after we modify it.
+ * The caller has to know the tags to acquire cluster locks before
+ * holding the transaction so they pass in the parsed tags, or all 0s for
+ * non scoutfs. prefixes.
  */
-static int scoutfs_xattr_set(struct dentry *dentry, const char *name,
-			     const void *value, size_t size, int flags)
+int scoutfs_xattr_set_locked(struct inode *inode, const char *name, size_t name_len,
+			     const void *value, size_t size, int flags,
+			     const struct scoutfs_xattr_prefix_tags *tgs,
+			     struct scoutfs_lock *lck, struct scoutfs_lock *totl_lock,
+			     struct list_head *ind_locks)
 {
-	struct inode *inode = dentry->d_inode;
 	struct scoutfs_inode_info *si = SCOUTFS_I(inode);
 	struct super_block *sb = inode->i_sb;
 	const u64 ino = scoutfs_ino(inode);
 	struct scoutfs_xattr_totl_val tval = {0,};
-	struct scoutfs_xattr_prefix_tags tgs;
 	struct scoutfs_xattr *xat = NULL;
-	struct scoutfs_lock *lck = NULL;
-	struct scoutfs_lock *totl_lock = NULL;
-	size_t name_len = strlen(name);
 	struct scoutfs_key totl_key;
 	struct scoutfs_key key;
 	bool undo_srch = false;
 	bool undo_totl = false;
-	LIST_HEAD(ind_locks);
 	u8 found_parts;
 	unsigned int xat_bytes_totl;
 	unsigned int xat_bytes;
 	unsigned int val_len;
-	u64 ind_seq;
 	u64 total;
 	u64 hash = 0;
 	u64 id = 0;
@@ -651,6 +651,9 @@ static int scoutfs_xattr_set(struct dentry *dentry, const char *name,
 
 	trace_scoutfs_xattr_set(sb, name_len, value, size, flags);
 
+	if (WARN_ON_ONCE(tgs->totl && !totl_lock))
+		return -EINVAL;
+
 	/* mirror the syscall's errors for large names and values */
 	if (name_len > SCOUTFS_XATTR_MAX_NAME_LEN)
 		return -ERANGE;
@@ -661,16 +664,10 @@ static int scoutfs_xattr_set(struct dentry *dentry, const char *name,
 	    (flags & ~(XATTR_CREATE | XATTR_REPLACE)))
 		return -EINVAL;
 
-	if (unknown_prefix(name))
-		return -EOPNOTSUPP;
-
-	if (scoutfs_xattr_parse_tags(name, name_len, &tgs) != 0)
-		return -EINVAL;
-
-	if ((tgs.hide | tgs.srch | tgs.totl) && !capable(CAP_SYS_ADMIN))
+	if ((tgs->hide | tgs->srch | tgs->totl) && !capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
-	if (tgs.totl && ((ret = parse_totl_key(&totl_key, name, name_len)) != 0))
+	if (tgs->totl && ((ret = parse_totl_key(&totl_key, name, name_len)) != 0))
 		return ret;
 
 	/* allocate enough to always read an existing xattr's totl */
@@ -679,51 +676,44 @@ static int scoutfs_xattr_set(struct dentry *dentry, const char *name,
 	/* but store partial first item that only includes the new xattr's value */
 	xat_bytes = first_item_bytes(name_len, size);
 	xat = kmalloc(xat_bytes_totl, GFP_NOFS);
-	if (!xat) {
-		ret = -ENOMEM;
-		goto out;
-	}
-
-	ret = scoutfs_lock_inode(sb, SCOUTFS_LOCK_WRITE,
-				 SCOUTFS_LKF_REFRESH_INODE, inode, &lck);
-	if (ret)
-		goto out;
+	if (!xat)
+		return -ENOMEM;
 
 	down_write(&si->xattr_rwsem);
 
 	/* find an existing xattr to delete, including possible totl value */
 	ret = get_next_xattr(inode, &key, xat, xat_bytes_totl, name, name_len, 0, 0, lck);
 	if (ret < 0 && ret != -ENOENT)
-		goto unlock;
+		goto out;
 
 	/* check existence constraint flags */
 	if (ret == -ENOENT && (flags & XATTR_REPLACE)) {
 		ret = -ENODATA;
-		goto unlock;
+		goto out;
 	} else if (ret >= 0 && (flags & XATTR_CREATE)) {
 		ret = -EEXIST;
-		goto unlock;
+		goto out;
 	}
 
 	/* not an error to delete something that doesn't exist */
 	if (ret == -ENOENT && !value) {
 		ret = 0;
-		goto unlock;
+		goto out;
 	}
 
 	/* s64 count delta if we create or delete */
-	if (tgs.totl)
+	if (tgs->totl)
 		tval.count = cpu_to_le64((u64)!!(value) - (u64)!!(ret != -ENOENT));
 
 	/* found fields in key will also be used */
 	found_parts = ret >= 0 ? xattr_nr_parts(xat) : 0;
 
-	if (found_parts && tgs.totl) {
+	if (found_parts && tgs->totl) {
 		/* parse old totl value before we clobber xat buf */
 		val_len = ret - offsetof(struct scoutfs_xattr, name[xat->name_len]);
 		ret = parse_totl_u64(&xat->name[xat->name_len], val_len, &total);
 		if (ret < 0)
-			goto unlock;
+			goto out;
 
 		le64_add_cpu(&tval.total, -total);
 	}
@@ -742,15 +732,90 @@ static int scoutfs_xattr_set(struct dentry *dentry, const char *name,
 		       min(size, SCOUTFS_XATTR_MAX_PART_SIZE -
 			         offsetof(struct scoutfs_xattr, name[name_len])));
 
-		if (tgs.totl) {
+		if (tgs->totl) {
 			ret = parse_totl_u64(value, size, &total);
 			if (ret < 0)
-				goto unlock;
+				goto out;
 		}
 
 		le64_add_cpu(&tval.total, total);
 	}
 
+	if (tgs->srch && !(found_parts && value)) {
+		if (found_parts)
+			id = le64_to_cpu(key.skx_id);
+		hash = scoutfs_hash64(name, name_len);
+		ret = scoutfs_forest_srch_add(sb, hash, ino, id);
+		if (ret < 0)
+			goto out;
+		undo_srch = true;
+	}
+
+	if (tgs->totl) {
+		ret = apply_totl_delta(sb, &totl_key, &tval, totl_lock);
+		if (ret < 0)
+			goto out;
+		undo_totl = true;
+	}
+
+	if (found_parts && value)
+		ret = change_xattr_items(inode, id, xat, xat_bytes, value, size,
+					 xattr_nr_parts(xat), found_parts, lck);
+	else if (found_parts)
+		ret = delete_xattr_items(inode, le64_to_cpu(key.skx_name_hash),
+					 le64_to_cpu(key.skx_id), found_parts,
+					 lck);
+	else
+		ret = create_xattr_items(inode, id, xat, xat_bytes, value, size,
+					 xattr_nr_parts(xat), lck);
+	if (ret < 0)
+		goto out;
+
+	/* XXX do these want i_mutex or anything? */
+	inode_inc_iversion(inode);
+	inode->i_ctime = CURRENT_TIME;
+	ret = 0;
+
+out:
+	if (ret < 0 && undo_srch) {
+		err = scoutfs_forest_srch_add(sb, hash, ino, id);
+		BUG_ON(err);
+	}
+	if (ret < 0 && undo_totl) {
+		/* _delta() on dirty items shouldn't fail */
+		tval.total = cpu_to_le64(-le64_to_cpu(tval.total));
+		tval.count = cpu_to_le64(-le64_to_cpu(tval.count));
+		err = apply_totl_delta(sb, &totl_key, &tval, totl_lock);
+		BUG_ON(err);
+	}
+
+	up_write(&si->xattr_rwsem);
+	kfree(xat);
+
+	return ret;
+}
+
+static int scoutfs_xattr_set(struct dentry *dentry, const char *name, const void *value,
+			     size_t size, int flags)
+{
+	struct inode *inode = dentry->d_inode;
+	struct super_block *sb = inode->i_sb;
+	struct scoutfs_xattr_prefix_tags tgs;
+	struct scoutfs_lock *totl_lock = NULL;
+	struct scoutfs_lock *lck = NULL;
+	size_t name_len = strlen(name);
+	LIST_HEAD(ind_locks);
+	u64 ind_seq;
+	int ret;
+
+	if (scoutfs_xattr_parse_tags(name, name_len, &tgs) != 0)
+		return -EINVAL;
+
+	ret = scoutfs_lock_inode(sb, SCOUTFS_LOCK_WRITE,
+				 SCOUTFS_LKF_REFRESH_INODE, inode, &lck);
+	if (ret)
+		goto unlock;
+
 	if (tgs.totl) {
 		ret = scoutfs_lock_xattr_totl(sb, SCOUTFS_LOCK_WRITE_ONLY, 0, &totl_lock);
 		if (ret)
@@ -770,80 +835,98 @@ retry:
 	if (ret < 0)
 		goto release;
 
-	if (tgs.srch && !(found_parts && value)) {
-		if (found_parts)
-			id = le64_to_cpu(key.skx_id);
-		hash = scoutfs_hash64(name, name_len);
-		ret = scoutfs_forest_srch_add(sb, hash, ino, id);
-		if (ret < 0)
-			goto release;
-		undo_srch = true;
-	}
-
-	if (tgs.totl) {
-		ret = apply_totl_delta(sb, &totl_key, &tval, totl_lock);
-		if (ret < 0)
-			goto release;
-		undo_totl = true;
-	}
-
-	if (found_parts && value)
-		ret = change_xattr_items(inode, id, xat, xat_bytes, value, size,
-					 xattr_nr_parts(xat), found_parts, lck);
-	else if (found_parts)
-		ret = delete_xattr_items(inode, le64_to_cpu(key.skx_name_hash),
-					 le64_to_cpu(key.skx_id), found_parts,
-					 lck);
-	else
-		ret = create_xattr_items(inode, id, xat, xat_bytes, value, size,
-					 xattr_nr_parts(xat), lck);
-	if (ret < 0)
-		goto release;
-
-	/* XXX do these want i_mutex or anything? */
-	inode_inc_iversion(inode);
-	inode->i_ctime = CURRENT_TIME;
-	scoutfs_update_inode_item(inode, lck, &ind_locks);
-	ret = 0;
+	ret = scoutfs_xattr_set_locked(dentry->d_inode, name, name_len, value, size, flags, &tgs,
+				       lck, totl_lock, &ind_locks);
+	if (ret == 0)
+		scoutfs_update_inode_item(inode, lck, &ind_locks);
 
 release:
-	if (ret < 0 && undo_srch) {
-		err = scoutfs_forest_srch_add(sb, hash, ino, id);
-		BUG_ON(err);
-	}
-	if (ret < 0 && undo_totl) {
-		/* _delta() on dirty items shouldn't fail */
-		tval.total = cpu_to_le64(-le64_to_cpu(tval.total));
-		tval.count = cpu_to_le64(-le64_to_cpu(tval.count));
-		err = apply_totl_delta(sb, &totl_key, &tval, totl_lock);
-		BUG_ON(err);
-	}
-
 	scoutfs_release_trans(sb);
 	scoutfs_inode_index_unlock(sb, &ind_locks);
 unlock:
-	up_write(&si->xattr_rwsem);
 	scoutfs_unlock(sb, lck, SCOUTFS_LOCK_WRITE);
 	scoutfs_unlock(sb, totl_lock, SCOUTFS_LOCK_WRITE_ONLY);
-out:
-	kfree(xat);
 
 	return ret;
 }
 
-int scoutfs_setxattr(struct dentry *dentry, const char *name,
-		     const void *value, size_t size, int flags)
+/*
+ * Future kernels have this amazing hack to rewind the name to get the
+ * skipped prefix.  We're back in the stone ages without the handler
+ * arg, so we Just Know that this is possible.  This will become a
+ * compat hook to either call the kernel's xattr_full_name(handler), or
+ * our hack to use the flags as the prefix length.
+ */
+static const char *full_name_hack(void *handler, const char *name, int len)
 {
-	if (size == 0)
-		value = ""; /* set empty value */
+	return name - len;
+}
 
+static int scoutfs_xattr_get_handler(struct dentry *dentry, const char *name,
+				     void *value, size_t size, int handler_flags)
+{
+	name = full_name_hack(NULL, name, handler_flags);
+	return scoutfs_xattr_get(dentry, name, value, size);
+}
+
+static int scoutfs_xattr_set_handler(struct dentry *dentry, const char *name,
+				     const void *value, size_t size, int flags, int handler_flags)
+{
+	name = full_name_hack(NULL, name, handler_flags);
 	return scoutfs_xattr_set(dentry, name, value, size, flags);
 }
 
-int scoutfs_removexattr(struct dentry *dentry, const char *name)
-{
-	return scoutfs_xattr_set(dentry, name, NULL, 0, XATTR_REPLACE);
-}
+static const struct xattr_handler scoutfs_xattr_user_handler = {
+	.prefix = XATTR_USER_PREFIX,
+	.flags = XATTR_USER_PREFIX_LEN,
+	.get = scoutfs_xattr_get_handler,
+	.set = scoutfs_xattr_set_handler,
+};
+
+static const struct xattr_handler scoutfs_xattr_scoutfs_handler = {
+	.prefix = SCOUTFS_XATTR_PREFIX,
+	.flags = SCOUTFS_XATTR_PREFIX_LEN,
+	.get = scoutfs_xattr_get_handler,
+	.set = scoutfs_xattr_set_handler,
+};
+
+static const struct xattr_handler scoutfs_xattr_trusted_handler = {
+	.prefix = XATTR_TRUSTED_PREFIX,
+	.flags = XATTR_TRUSTED_PREFIX_LEN,
+	.get = scoutfs_xattr_get_handler,
+	.set = scoutfs_xattr_set_handler,
+};
+
+static const struct xattr_handler scoutfs_xattr_security_handler = {
+	.prefix = XATTR_SECURITY_PREFIX,
+	.flags = XATTR_SECURITY_PREFIX_LEN,
+	.get = scoutfs_xattr_get_handler,
+	.set = scoutfs_xattr_set_handler,
+};
+
+static const struct xattr_handler scoutfs_xattr_acl_access_handler = {
+	.prefix = XATTR_NAME_POSIX_ACL_ACCESS,
+	.flags  = ACL_TYPE_ACCESS,
+	.get    = scoutfs_acl_get_xattr,
+	.set    = scoutfs_acl_set_xattr,
+};
+
+static const struct xattr_handler scoutfs_xattr_acl_default_handler = {
+	.prefix = XATTR_NAME_POSIX_ACL_DEFAULT,
+	.flags  = ACL_TYPE_DEFAULT,
+	.get    = scoutfs_acl_get_xattr,
+	.set    = scoutfs_acl_set_xattr,
+};
+
+const struct xattr_handler *scoutfs_xattr_handlers[] = {
+	&scoutfs_xattr_user_handler,
+	&scoutfs_xattr_scoutfs_handler,
+	&scoutfs_xattr_trusted_handler,
+	&scoutfs_xattr_security_handler,
+	&scoutfs_xattr_acl_access_handler,
+	&scoutfs_xattr_acl_default_handler,
+	NULL
+};
 
 ssize_t scoutfs_list_xattrs(struct inode *inode, char *buffer,
 			    size_t size, __u32 *hash_pos, __u64 *id_pos,

kmod/src/xattr.h

@@ -1,25 +1,29 @@
 #ifndef _SCOUTFS_XATTR_H_
 #define _SCOUTFS_XATTR_H_
 
-ssize_t scoutfs_getxattr(struct dentry *dentry, const char *name, void *buffer,
-			 size_t size);
-int scoutfs_setxattr(struct dentry *dentry, const char *name,
-		     const void *value, size_t size, int flags);
-int scoutfs_removexattr(struct dentry *dentry, const char *name);
-ssize_t scoutfs_listxattr(struct dentry *dentry, char *buffer, size_t size);
-ssize_t scoutfs_list_xattrs(struct inode *inode, char *buffer,
-			    size_t size, __u32 *hash_pos, __u64 *id_pos,
-			    bool e_range, bool show_hidden);
-
-int scoutfs_xattr_drop(struct super_block *sb, u64 ino,
-		       struct scoutfs_lock *lock);
-
 struct scoutfs_xattr_prefix_tags {
 	unsigned long hide:1,
 		      srch:1,
 		      totl:1;
 };
 
+extern const struct xattr_handler *scoutfs_xattr_handlers[];
+
+int scoutfs_xattr_get_locked(struct inode *inode, const char *name, void *buffer, size_t size,
+			     struct scoutfs_lock *lck);
+int scoutfs_xattr_set_locked(struct inode *inode, const char *name, size_t name_len,
+			     const void *value, size_t size, int flags,
+			     const struct scoutfs_xattr_prefix_tags *tgs,
+			     struct scoutfs_lock *lck, struct scoutfs_lock *totl_lock,
+			     struct list_head *ind_locks);
+
+ssize_t scoutfs_listxattr(struct dentry *dentry, char *buffer, size_t size);
+ssize_t scoutfs_list_xattrs(struct inode *inode, char *buffer,
+			    size_t size, __u32 *hash_pos, __u64 *id_pos,
+			    bool e_range, bool show_hidden);
+int scoutfs_xattr_drop(struct super_block *sb, u64 ino,
+		       struct scoutfs_lock *lock);
+
 int scoutfs_xattr_parse_tags(const char *name, unsigned int name_len,
 			     struct scoutfs_xattr_prefix_tags *tgs);
 

tests/Makefile

@@ -10,7 +10,8 @@ BIN := src/createmany			\
 	src/bulk_create_paths		\
 	src/stage_tmpfile		\
 	src/find_xattrs			\
-	src/create_xattr_loop
+	src/create_xattr_loop		\
+	src/fragmented_data_extents
 
 DEPS := $(wildcard src/*.d)
 

tests/funcs/fs.sh

@@ -405,7 +405,7 @@ t_save_all_sysfs_mount_options() {
 
 	for i in $(t_fs_nrs); do
 		opt="$(t_sysfs_path $i)/mount_options/$name"
-		ind="$name_$i"
+		ind="${name}_${i}"
 
 		_saved_opts[$ind]="$(cat $opt)"
 	done
@@ -417,7 +417,7 @@ t_restore_all_sysfs_mount_options() {
 	local i
 
 	for i in $(t_fs_nrs); do
-		ind="$name_$i"
+		ind="${name}_${i}"
 
 		t_set_sysfs_mount_option $i $name "${_saved_opts[$ind]}"
 	done

tests/golden/data-prealloc

@@ -0,0 +1,26 @@
+== initial writes smaller than prealloc grow to prealloc size
+/mnt/test/test/data-prealloc/file-1: 7 extents found
+/mnt/test/test/data-prealloc/file-2: 7 extents found
+== larger files get full prealloc extents
+/mnt/test/test/data-prealloc/file-1: 9 extents found
+/mnt/test/test/data-prealloc/file-2: 9 extents found
+== non-streaming writes with contig have per-block extents
+/mnt/test/test/data-prealloc/file-1: 32 extents found
+/mnt/test/test/data-prealloc/file-2: 32 extents found
+== any writes to region prealloc get full extents
+/mnt/test/test/data-prealloc/file-1: 4 extents found
+/mnt/test/test/data-prealloc/file-2: 4 extents found
+/mnt/test/test/data-prealloc/file-1: 4 extents found
+/mnt/test/test/data-prealloc/file-2: 4 extents found
+== streaming offline writes get full extents either way
+/mnt/test/test/data-prealloc/file-1: 4 extents found
+/mnt/test/test/data-prealloc/file-2: 4 extents found
+/mnt/test/test/data-prealloc/file-1: 4 extents found
+/mnt/test/test/data-prealloc/file-2: 4 extents found
+== goofy preallocation amounts work
+/mnt/test/test/data-prealloc/file-1: 5 extents found
+/mnt/test/test/data-prealloc/file-2: 5 extents found
+/mnt/test/test/data-prealloc/file-1: 5 extents found
+/mnt/test/test/data-prealloc/file-2: 5 extents found
+/mnt/test/test/data-prealloc/file-1: 3 extents found
+/mnt/test/test/data-prealloc/file-2: 3 extents found

tests/golden/large-fragmented-free

@@ -0,0 +1,3 @@
+== creating fragmented extents
+== unlink file with moved extents to free extents per block
+== cleanup

tests/golden/xfstests

@@ -40,6 +40,7 @@ generic/092
 generic/098
 generic/101
 generic/104
+generic/105
 generic/106
 generic/107
 generic/117
@@ -51,6 +52,7 @@ generic/184
 generic/221
 generic/228
 generic/236
+generic/237
 generic/245
 generic/249
 generic/257
@@ -63,6 +65,7 @@ generic/308
 generic/309
 generic/313
 generic/315
+generic/319
 generic/322
 generic/335
 generic/336
@@ -72,6 +75,7 @@ generic/342
 generic/343
 generic/348
 generic/360
+generic/375
 generic/376
 generic/377
 Not
@@ -282,4 +286,4 @@ shared/004
 shared/032
 shared/051
 shared/289
-Passed all 75 tests
+Passed all 79 tests

tests/run-tests.sh

@@ -58,6 +58,7 @@ $(basename $0) options:
     -m        | Run mkfs on the device before mounting and running
               | tests.  Implies unmounting existing mounts first.
     -n <nr>   | The number of devices and mounts to test.
+    -o <opts> | Add option string to all mounts during all tests.
     -P        | Enable trace_printk.
     -p        | Exit script after preparing mounts only, don't run tests.
     -q <nr>   | The first <nr> mounts will be quorum members.  Must be
@@ -68,6 +69,7 @@ $(basename $0) options:
     -s        | Skip git repo checkouts.
     -t        | Enabled trace events that match the given glob argument.
               | Multiple options enable multiple globbed events.
+    -T <nr>   | Multiply the original trace buffer size by nr during the run.
     -X        | xfstests git repo. Used by tests/xfstests.sh.
     -x        | xfstests git branch to checkout and track.
     -y        | xfstests ./check additional args
@@ -136,6 +138,12 @@ while true; do
 		T_NR_MOUNTS="$2"
 		shift
 		;;
+	-o)
+		test -n "$2" || die "-o must have option string argument"
+		# always appending to existing options
+		T_MNT_OPTIONS+=",$2"
+		shift
+		;;
 	-P)
 		T_TRACE_PRINTK="1"
 		;;
@@ -160,6 +168,11 @@ while true; do
 		T_TRACE_GLOB+=("$2")
 		shift
 		;;
+	-T)
+		test -n "$2" || die "-T must have trace buffer size multiplier argument"
+		T_TRACE_MULT="$2"
+		shift
+		;;
 	-X)
 		test -n "$2" || die "-X requires xfstests git repo dir argument"
 		T_XFSTESTS_REPO="$2"
@@ -345,6 +358,13 @@ if [ -n "$T_INSMOD" ]; then
 	cmd insmod "$T_KMOD/src/scoutfs.ko"
 fi
 
+if [ -n "$T_TRACE_MULT" ]; then
+	orig_trace_size=$(cat /sys/kernel/debug/tracing/buffer_size_kb)
+	mult_trace_size=$((orig_trace_size * T_TRACE_MULT))
+	msg "increasing trace buffer size from $orig_trace_size KiB to $mult_trace_size KiB"
+	echo $mult_trace_size > /sys/kernel/debug/tracing/buffer_size_kb
+fi
+
 nr_globs=${#T_TRACE_GLOB[@]}
 if [ $nr_globs -gt 0 ]; then
 	echo 0 > /sys/kernel/debug/tracing/events/scoutfs/enable
@@ -374,6 +394,7 @@ fi
 # always describe tracing in the logs
 cmd cat /sys/kernel/debug/tracing/set_event
 cmd grep .  /sys/kernel/debug/tracing/options/trace_printk \
+	    /sys/kernel/debug/tracing/buffer_size_kb \
 	    /proc/sys/kernel/ftrace_dump_on_oops
 
 #
@@ -430,6 +451,7 @@ for i in $(seq 0 $((T_NR_MOUNTS - 1))); do
 	if [ "$i" -lt "$T_QUORUM" ]; then
 		opts="$opts,quorum_slot_nr=$i"
 	fi
+	opts="${opts}${T_MNT_OPTIONS}"
 
 	msg "mounting $meta_dev|$data_dev on $dir"
 	cmd mount -t scoutfs $opts "$data_dev" "$dir" &
@@ -604,6 +626,9 @@ if [ -n "$T_TRACE_GLOB" -o -n "$T_TRACE_PRINTK" ]; then
 	echo 0 > /sys/kernel/debug/tracing/events/scoutfs/enable
 	echo 0 > /sys/kernel/debug/tracing/options/trace_printk
 	cat /sys/kernel/debug/tracing/trace > "$T_RESULTS/traces"
+	if [ -n "$orig_trace_size" ]; then
+		echo $orig_trace_size > /sys/kernel/debug/tracing/buffer_size_kb
+	fi
 fi
 
 if [ "$skipped" == 0 -a "$failed" == 0 ]; then

tests/sequence

@@ -6,9 +6,11 @@ simple-inode-index.sh
 simple-staging.sh
 simple-release-extents.sh
 fallocate.sh
+data-prealloc.sh
 setattr_more.sh
 offline-extent-waiting.sh
 move-blocks.sh
+large-fragmented-free.sh
 enospc.sh
 srch-basic-functionality.sh
 simple-xattr-unit.sh

tests/src/fragmented_data_extents.c

@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2021 Versity Software, Inc.  All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public
+ * License v2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ */
+
+/*
+ * This creates fragmented data extents.
+ *
+ * A file is created that has alternating free and allocated extents.
+ * This also results in the global allocator having the matching
+ * fragmented free extent pattern.  While that file is being created,
+ * occasionally an allocated extent is moved to another file.   This
+ * results in a file that has fragmented extents at a given stride that
+ * can be deleted to create free data extents with a given stride.
+ *
+ * We don't have hole punching so to do this quickly we use a goofy
+ * combination of fallocate, truncate, and our move_blocks ioctl.
+ */
+
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <linux/types.h>
+#include <assert.h>
+
+#include "ioctl.h"
+
+#define BLOCK_SIZE 4096
+
+int main(int argc, char **argv)
+{
+	struct scoutfs_ioctl_move_blocks mb = {0,};
+	unsigned long long freed_extents;
+	unsigned long long move_stride;
+	unsigned long long i;
+	int alloc_fd;
+	int trunc_fd;
+	off_t off;
+	int ret;
+
+	if (argc != 5) {
+		printf("%s <freed_extents> <move_stride> <alloc_file> <trunc_file>\n", argv[0]);
+		return 1;
+	}
+
+	freed_extents = strtoull(argv[1], NULL, 0);
+	move_stride = strtoull(argv[2], NULL, 0);
+
+	alloc_fd = open(argv[3], O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+	if (alloc_fd == -1) {
+		fprintf(stderr, "error opening %s: %d (%s)\n", argv[3], errno, strerror(errno));
+		exit(1);
+	}
+
+	trunc_fd = open(argv[4], O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+	if (trunc_fd == -1) {
+		fprintf(stderr, "error opening %s: %d (%s)\n", argv[4], errno, strerror(errno));
+		exit(1);
+	}
+
+	for (i = 0, off = 0; i < freed_extents; i++, off += BLOCK_SIZE * 2) {
+
+		ret = fallocate(alloc_fd, 0, off, BLOCK_SIZE * 2);
+		if (ret < 0) {
+			fprintf(stderr, "fallocate at off %llu error: %d (%s)\n",
+				(unsigned long long)off, errno, strerror(errno));
+			exit(1);
+		}
+
+		ret = ftruncate(alloc_fd, off + BLOCK_SIZE);
+		if (ret < 0) {
+			fprintf(stderr, "truncate to off %llu error: %d (%s)\n",
+				(unsigned long long)off + BLOCK_SIZE, errno, strerror(errno));
+			exit(1);
+		}
+
+		if ((i % move_stride) == 0) {
+			mb.from_fd = alloc_fd;
+			mb.from_off = off;
+			mb.len = BLOCK_SIZE;
+			mb.to_off = i * BLOCK_SIZE;
+
+			ret = ioctl(trunc_fd, SCOUTFS_IOC_MOVE_BLOCKS, &mb);
+			if (ret < 0) {
+				fprintf(stderr, "move from off %llu error: %d (%s)\n",
+					(unsigned long long)off,
+					errno, strerror(errno));
+			}
+		}
+	}
+
+	if (alloc_fd > -1)
+		close(alloc_fd);
+	if (trunc_fd > -1)
+		close(trunc_fd);
+
+	return 0;
+}

tests/tests/data-prealloc.sh

@@ -0,0 +1,136 @@
+#
+# test that the data prealloc options behave as expected.  We write to
+# two files a block at a time so that a single file doesn't naturally
+# merge adjacent consecutive allocations.  (we don't have multiple
+# allocation cursors)
+#
+t_require_commands scoutfs stat filefrag dd touch truncate
+
+write_forwards()
+{
+	local prefix="$1"
+	local nr="$2"
+	local blk
+
+	touch "$prefix"-{1,2}
+	truncate -s 0 "$prefix"-{1,2}
+
+	for blk in $(seq 0 1 $((nr - 1))); do
+		dd if=/dev/zero of="$prefix"-1 bs=4096 seek=$blk count=1 conv=notrunc status=none
+		dd if=/dev/zero of="$prefix"-2 bs=4096 seek=$blk count=1 conv=notrunc status=none
+	done
+}
+
+write_backwards()
+{
+	local prefix="$1"
+	local nr="$2"
+	local blk
+
+	touch "$prefix"-{1,2}
+	truncate -s 0 "$prefix"-{1,2}
+
+	for blk in $(seq $((nr - 1)) -1 0); do
+		dd if=/dev/zero of="$prefix"-1 bs=4096 seek=$blk count=1 conv=notrunc status=none
+		dd if=/dev/zero of="$prefix"-2 bs=4096 seek=$blk count=1 conv=notrunc status=none
+	done
+}
+
+release_files() {
+	local prefix="$1"
+	local size=$(($2 * 4096))
+	local vers
+	local f
+
+	for f in "$prefix"*; do
+		size=$(stat -c "%s" "$f")
+		vers=$(scoutfs stat -s data_version "$f")
+		scoutfs release "$f" -V "$vers" -o 0 -l $size
+	done
+}
+
+stage_files() {
+	local prefix="$1"
+	local nr="$2"
+	local vers
+	local f
+
+	for blk in $(seq 0 1 $((nr - 1))); do
+		for f in "$prefix"*; do
+			vers=$(scoutfs stat -s data_version "$f")
+			scoutfs stage /dev/zero "$f" -V "$vers" -o $((blk * 4096)) -l 4096
+		done
+	done
+}
+
+print_extents_found()
+{
+	local prefix="$1"
+
+	filefrag "$prefix"* 2>&1 | grep "extent.*found" | t_filter_fs
+}
+
+t_save_all_sysfs_mount_options data_prealloc_blocks
+t_save_all_sysfs_mount_options data_prealloc_contig_only
+restore_options()
+{
+	t_restore_all_sysfs_mount_options data_prealloc_blocks
+	t_restore_all_sysfs_mount_options data_prealloc_contig_only
+}
+trap restore_options EXIT
+
+prefix="$T_D0/file"
+
+echo "== initial writes smaller than prealloc grow to prealloc size"
+t_set_sysfs_mount_option 0 data_prealloc_blocks 32
+t_set_sysfs_mount_option 0 data_prealloc_contig_only 1
+write_forwards $prefix 64
+print_extents_found $prefix
+
+echo "== larger files get full prealloc extents"
+t_set_sysfs_mount_option 0 data_prealloc_blocks 32
+t_set_sysfs_mount_option 0 data_prealloc_contig_only 1
+write_forwards $prefix 128
+print_extents_found $prefix
+
+echo "== non-streaming writes with contig have per-block extents"
+t_set_sysfs_mount_option 0 data_prealloc_blocks 32
+t_set_sysfs_mount_option 0 data_prealloc_contig_only 1
+write_backwards $prefix 32
+print_extents_found $prefix
+
+echo "== any writes to region prealloc get full extents"
+t_set_sysfs_mount_option 0 data_prealloc_blocks 16
+t_set_sysfs_mount_option 0 data_prealloc_contig_only 0
+write_forwards $prefix 64
+print_extents_found $prefix
+write_backwards $prefix 64
+print_extents_found $prefix
+
+echo "== streaming offline writes get full extents either way"
+t_set_sysfs_mount_option 0 data_prealloc_blocks 16
+t_set_sysfs_mount_option 0 data_prealloc_contig_only 1
+write_forwards $prefix 64
+release_files $prefix 64
+stage_files $prefix 64
+print_extents_found $prefix
+t_set_sysfs_mount_option 0 data_prealloc_contig_only 0
+release_files $prefix 64
+stage_files $prefix 64
+print_extents_found $prefix
+
+echo "== goofy preallocation amounts work"
+t_set_sysfs_mount_option 0 data_prealloc_blocks 7
+t_set_sysfs_mount_option 0 data_prealloc_contig_only 1
+write_forwards $prefix 14
+print_extents_found $prefix
+t_set_sysfs_mount_option 0 data_prealloc_blocks 13
+t_set_sysfs_mount_option 0 data_prealloc_contig_only 0
+write_forwards $prefix 53
+print_extents_found $prefix
+t_set_sysfs_mount_option 0 data_prealloc_blocks 1
+t_set_sysfs_mount_option 0 data_prealloc_contig_only 0
+write_forwards $prefix 3
+print_extents_found $prefix
+
+t_pass

tests/tests/large-fragmented-free.sh

@@ -0,0 +1,22 @@
+#
+# Make sure the server can handle a transaction with a data_freed whose
+# blocks all hit different btree blocks in the main free list.  It
+# probably has to be merged in multiple commits.
+#
+
+t_require_commands fragmented_data_extents
+
+EXTENTS_PER_BTREE_BLOCK=600
+EXTENTS_PER_LIST_BLOCK=8192
+FREED_EXTENTS=$((EXTENTS_PER_BTREE_BLOCK * EXTENTS_PER_LIST_BLOCK))
+
+echo "== creating fragmented extents"
+fragmented_data_extents $FREED_EXTENTS $EXTENTS_PER_BTREE_BLOCK "$T_D0/alloc" "$T_D0/move"
+
+echo "== unlink file with moved extents to free extents per block"
+rm -f "$T_D0/move"
+
+echo "== cleanup"
+rm -f "$T_D0/alloc"
+
+t_pass

tests/tests/simple-xattr-unit.sh

@@ -36,7 +36,8 @@ test_xattr_lengths() {
 	else
 		echo "$name=\"$val\"" > "$T_TMP.good"
 	fi
-	cmp "$T_TMP.good" "$T_TMP.got" || exit 1
+	cmp "$T_TMP.good" "$T_TMP.got" || \
+		t_fail "cmp failed name len $name_len val len $val_len"
 
 	setfattr -x $name "$FILE"
 }

tests/tests/xfstests.sh

@@ -65,7 +65,6 @@ generic/030	# mmap missing
 generic/075	# file content mismatch failures (fds, etc)
 generic/080	# mmap missing
 generic/103	# enospc causes trans commit failures
-generic/105	# needs trigage: something about acls
 generic/108	# mount fails on failing device?
 generic/112	# file content mismatch failures (fds, etc)
 generic/120	# (can't exec 'cause no mmap)
@@ -73,17 +72,14 @@ generic/126	# (can't exec 'cause no mmap)
 generic/141	# mmap missing
 generic/213	# enospc causes trans commit failures
 generic/215	# mmap missing
-generic/237	# wrong error return from failing setfacl?
 generic/246	# mmap missing
 generic/247	# mmap missing
 generic/248	# mmap missing
-generic/319	# utils output change?  update branch?
 generic/321	# requires selinux enabled for '+' in ls?
 generic/325	# mmap missing
 generic/338	# BUG_ON update inode error handling
 generic/346	# mmap missing
 generic/347	# _dmthin_mount doesn't work?
-generic/375	# utils output change?  update branch?
 EOF
 
 t_restore_output

utils/fenced/ipmi-remote-host

@@ -1,140 +0,0 @@
-#!/usr/bin/bash
-# /usr/libexec/scoutfs-fenced/run/ipmi-remote-host
-
-# ipmi configuration
-SCOUTFS_IPMI_CONFIG_FILE=${SCOUTFS_IPMI_CONFIG_FILE:-/etc/scoutfs/scoutfs-ipmi.conf}
-SCOUTFS_IPMI_HOSTS_FILE=${SCOUTFS_IPMI_HOSTS_FILE:-/etc/scoutfs/scoutfs-ipmi-hosts.conf}
-
-## hosts file format
-## SCOUTFS_HOST_IP IPMI_ADDRESS
-## ex:
-#  192.168.1.1     192.168.10.1
-
-# command setup
-IPMI_POWER="/sbin/ipmipower"
-SSH_CMD="ssh -o ConnectTimeout=3 -o BatchMode=yes -o StrictHostKeyChecking=no"
-LOGGER="/bin/logger -p local3.crit -t scoutfs-fenced"
-
-$LOGGER "ipmi fence script invoked: IP: $SCOUTFS_FENCED_REQ_IP RID: $SCOUTFS_FENCED_REQ_RID TEST: $IPMITEST"
-
-echo_fail() {
-    echo "$@" >&2
-    $LOGGER "fence failed: $@"
-    exit 1
-}
-
-echo_log() {
-    echo "$@" >&2
-    $LOGGER "fence info: $@"
-}
-
-echo_test_pass() {
-    echo -e "\xE2\x9C\x94 $@"
-}
-
-echo_test_fail() {
-    echo -e "\xE2\x9D\x8C $@"
-}
-
-test -n "$SCOUTFS_IPMI_CONFIG_FILE" || \
-    echo_fail "SCOUTFS_IPMI_CONFIG_FILE isn't set"
-test -r "$SCOUTFS_IPMI_CONFIG_FILE" || \
-    echo_fail "$SCOUTFS_IPMI_CONFIG_FILE isn't readable file"
-. "$SCOUTFS_IPMI_CONFIG_FILE"
-test -n "$SCOUTFS_IPMI_HOSTS_FILE" || \
-    echo_fail "SCOUTFS_IPMI_HOSTS_FILE isn't set"
-test -r "$SCOUTFS_IPMI_HOSTS_FILE" || \
-    echo_fail "$SCOUTFS_IPMI_HOSTS_FILE isn't readable file"
-test -x "$IPMI_POWER" || \
-    echo_fail "$IPMI_POWER not found, need to install freeimpi?"
-
-export ip="$SCOUTFS_FENCED_REQ_IP"
-export rid="$SCOUTFS_FENCED_REQ_RID"
-
-getIPMIhost () {
-    host=$(awk -v ip="$1" '$1 == ip {print $2}' "$SCOUTFS_IPMI_HOSTS_FILE") || \
-        echo_fail "lookup ipmi host failed"
-    echo "$host"
-}
-
-powerOffHost() {
-    # older versions of ipmipower inverted wait-until-off/wait-until-on, so specify both
-    $IPMI_POWER $IPMI_OPTS -h "$1" --wait-until-off --wait-until-on --off || \
-        echo_fail "ipmi power off $1 failed"
-
-    ipmioutput=$($IPMI_POWER $IPMI_OPTS -h "$1" --stat) || \
-        echo_fail "ipmi power stat $1 failed"
-
-    if [[ ! "$ipmioutput" =~ off ]]; then
-        echo_fail "ipmi stat $1 not off"
-    fi
-
-    $LOGGER "ipmi fence power down $1 success"
-
-    exit 0
-}
-
-if [ -n "$IPMITEST" ]; then
-    for i in $(awk '!/^($|[[:space:]]*#)/ {print $1}' "$SCOUTFS_IPMI_HOSTS_FILE"); do
-        if ! $SSH_CMD "$i" /bin/true; then
-            echo_test_fail "ssh $i"
-        else
-            echo_test_pass "ssh $i"
-        fi
-	host=$(getIPMIhost "$i")
-        if [ -z "$host" ]; then
-            echo_test_fail "ipmi config $i $host"
-        else
-            if ! $IPMI_POWER $IPMI_OPTS -h "$host" --stat; then
-                echo_test_fail "ipmi $i"
-            else
-                echo_test_pass "ipmi $i"
-            fi
-        fi
-    done
-    exit 0
-fi
-
-if [ -z "$ip" ]; then
-    echo_fail "no IP given for fencing"
-fi
-
-host=$(getIPMIhost "$ip")
-if [ -z "$host" ]; then
-    echo_fail "no IPMI host found for fence IP"
-fi
-
-# first check via ssh if the mount still exists
-# if ssh succeeds, we will only power down the node if mounted
-if ! output=$($SSH_CMD "$ip" "echo BEGIN; LC_ALL=C egrep -m 1 '(^0x*|^$rid$)' /sys/kernel/boot_params/version /sys/fs/scoutfs/f*r*/rid; echo END"); then
-    # ssh not working, just power down host
-    powerOffHost "$host"
-fi
-
-if [[ ! "$output" =~ BEGIN ]]; then
-    # ssh failure
-    echo_log "no BEGIN"
-    powerOffHost "$host"
-fi
-
-if [[ ! "$output" =~ \/boot_params\/ ]]; then
-    # ssh failure
-    echo_log "no boot params"
-    powerOffHost "$host"
-fi
-
-if [[ ! "$output" =~ END ]]; then
-    # ssh failure
-    echo_log "no END"
-    powerOffHost "$host"
-fi
-
-if [[ "$output" =~ "rid:$rid" ]]; then
-    # rid still mounted, power down
-    echo_log "rid $rid still mounted"
-    powerOffHost "$host"
-fi
-
-$LOGGER "ipmi fence host $ip/$host success (rid $rid not mounted)"
-exit 0
-

utils/fenced/local-force-unmount

@@ -1,36 +0,0 @@
-#!/usr/bin/bash
-# /usr/libexec/scoutfs-fenced/run/local-force-umount
-
-echo_fail() {
-	echo "$@" > /dev/stderr
-	exit 1
-}
-
-rid="$SCOUTFS_FENCED_REQ_RID"
-
-#
-# Look for a local mount with the rid to fence.  Typically we'll at
-# least find the mount with the server that requested the fence that
-# we're processing.   But it's possible that mounts are unmounted
-# before, or while, we're running.
-#
-mnts=$(findmnt -l -n -t scoutfs -o TARGET) || \
-	echo_fail "findmnt -t scoutfs failed" > /dev/stderr
-
-for mnt in $mnts; do
-	mnt_rid=$(scoutfs statfs -p "$mnt" -s rid) || \
-		echo_fail "scoutfs statfs $mnt failed"
-
-	if [ "$mnt_rid" == "$rid" ]; then
-		umount -f "$mnt" || \
-			echo_fail "umout -f $mnt"
-
-		exit 0
-	fi
-done
-
-#
-# If the mount doesn't exist on this host then it can't access the
-# devices by definition and can be considered fenced.
-#
-exit 0

utils/fenced/powerman-remote-host

@@ -1,139 +0,0 @@
-#!/usr/bin/bash
-# /usr/libexec/scoutfs-fenced/run/powerman-remote-host
-
-# powerman configuration
-SCOUTFS_PM_CONFIG_FILE=${SCOUTFS_PM_CONFIG_FILE:-/etc/scoutfs/scoutfs-pm.conf}
-SCOUTFS_PM_HOSTS_FILE=${SCOUTFS_PM_HOSTS_FILE:-/etc/scoutfs/scoutfs-pm-hosts.conf}
-
-## hosts file format
-## SCOUTFS_HOST_IP POWERMAN_NODE_NAME
-## ex:
-#  192.168.1.1     dm1
-
-# command setup
-PM_CMD="/usr/bin/pm"
-SSH_CMD="ssh -o ConnectTimeout=3 -o BatchMode=yes -o StrictHostKeyChecking=no"
-LOGGER="/bin/logger -p local3.crit -t scoutfs-fenced"
-
-$LOGGER "ipmi fence script invoked: IP: $SCOUTFS_FENCED_REQ_IP RID: $SCOUTFS_FENCED_REQ_RID TEST: $IPMITEST"
-
-echo_fail() {
-    echo "$@" >&2
-    $LOGGER "fence failed: $@"
-    exit 1
-}
-
-echo_log() {
-    echo "$@" >&2
-    $LOGGER "fence info: $@"
-}
-
-echo_test_pass() {
-    echo -e "\xE2\x9C\x94 $@"
-}
-
-echo_test_fail() {
-    echo -e "\xE2\x9D\x8C $@"
-}
-
-test -n "$SCOUTFS_PM_CONFIG_FILE" || \
-    echo_fail "SCOUTFS_PM_CONFIG_FILE isn't set"
-test -r "$SCOUTFS_PM_CONFIG_FILE" || \
-    echo_fail "$SCOUTFS_PM_CONFIG_FILE isn't readable file"
-. "$SCOUTFS_PM_CONFIG_FILE"
-test -n "$SCOUTFS_PM_HOSTS_FILE" || \
-    echo_fail "SCOUTFS_PM_HOSTS_FILE isn't set"
-test -r "$SCOUTFS_PM_HOSTS_FILE" || \
-    echo_fail "$SCOUTFS_PM_HOSTS_FILE isn't readable file"
-test -x "$PM_CMD" || \
-    echo_fail "$PMCMD not found, need to install powerman?"
-
-export ip="$SCOUTFS_FENCED_REQ_IP"
-fence_rid="$SCOUTFS_FENCED_REQ_RID"
-
-getPMhost () {
-    host=$(awk -v ip="$1" '$1 == ip {print $2}' "$SCOUTFS_PM_HOSTS_FILE") || \
-        echo_fail "lookup pm host failed"
-    echo "$host"
-}
-
-powerOffHost() {
-    $PM_CMD $PM_OPTS "$1" -0 || \
-        echo_fail "pm power off $host failed"
-
-    pmoutput=$($PM_CMD $PM_OPTS "$1" -q | grep "$1") || \
-        echo_fail "powerman power stat $1 failed"
-
-    if [[ ! "$pmoutput" =~ off ]]; then
-        echo_fail "powerman stat $1 not off"
-    fi
-
-    $LOGGER "powerman fence power down $1 success"
-
-    exit 0
-}
-
-if [ -n "$PMTEST" ]; then
-    for i in $(awk '!/^($|[[:space:]]*#)/ {print $1}' "$SCOUTFS_PM_HOSTS_FILE"); do
-        if ! $SSH_CMD "$i" /bin/true; then
-            echo_test_fail "ssh $i"
-        else
-            echo_test_pass "ssh $i"
-        fi
-	host=$(getPMhost "$i")
-        if [ -z "$host" ]; then
-            echo_test_fail "pm config $i $host"
-        else
-            if ! $PM_CMD $PM_OPTS "$host" -q; then
-                echo_test_fail "pm $i"
-            else
-                echo_test_pass "pm $i"
-            fi
-        fi
-    done
-    exit 0
-fi
-
-if [ -z "$ip" ]; then
-    echo_fail "no IP given for fencing"
-fi
-
-host=$(getPMhost "$ip")
-if [ -z "$host" ]; then
-    echo_fail "no host found for fence IP"
-fi
-
-# first check via ssh if the mount still exists
-# if ssh succeeds, we will only power down the node if mounted
-if ! output=$($SSH_CMD "$ip" "echo BEGIN; LC_ALL=C egrep -m 1 '(^0x*|^$rid$)' /sys/kernel/boot_params/version /sys/fs/scoutfs/f*r*/rid; echo END"); then
-    # ssh not working, just power down host
-    powerOffHost "$host"
-fi
-
-if [[ ! "$output" =~ BEGIN ]]; then
-    # ssh failure
-    echo_log "no BEGIN"
-    powerOffHost "$host"
-fi
-
-if [[ ! "$output" =~ \/boot_params\/ ]]; then
-    # ssh failure
-    echo_log "no boot params"
-    powerOffHost "$host"
-fi
-
-if [[ ! "$output" =~ END ]]; then
-    # ssh failure
-    echo_log "no END"
-    powerOffHost "$host"
-fi
-
-if [[ "$output" =~ "rid:$rid" ]]; then
-    # rid still mounted, power down
-    echo_log "rid $rid still mounted"
-    powerOffHost "$host"
-fi
-
-$LOGGER "powerman fence host $ip/$host success (rid $rid not mounted)"
-exit 0
-

utils/fenced/scoutfs-ipmi-hosts.conf

@@ -1,11 +0,0 @@
-# /etc/scoutfs/scoutfs-ipmi-hosts.conf
-
-## config file format
-##
-## SCOUTFS_HOST_IP must match the interface used for scoutfs
-## leader/follower communications
-##
-## SCOUTFS_HOST_IP IPMI_ADDRESS
-## ex:
-#192.168.1.1     192.168.10.1
-

utils/fenced/scoutfs-ipmi.conf

@@ -1,10 +0,0 @@
-#!/usr/bin/bash
-# /etc/scoutfs/scoutfs-ipmi.conf
-
-IPMI_USER="admin"
-IPMI_PASSWORD="password"
-IPMI_OPTS="-D LAN_2_0 -u $IPMI_USER -p $IPMI_PASSWORD"
-
-# some Intel BMCs need -I 17
-# IPMI_OPTS="-D LAN_2_0 -u $IPMI_USER -p $IPMI_PASSWORD -I 17"
-

utils/fenced/scoutfs-pm-hosts.conf

@@ -1,11 +0,0 @@
-# /etc/scoutfs/scoutfs-ipmi-hosts.conf
-
-## config file format
-##
-## SCOUTFS_HOST_IP must match the interface used for scoutfs
-## leader/follower communications
-##
-## SCOUTFS_HOST_IP POWERMAN_NODE_NAME
-## ex:
-#192.168.1.1     node1
-

utils/fenced/scoutfs-pm.conf

@@ -1,8 +0,0 @@
-#!/usr/bin/bash
-# /etc/scoutfs/scoutfs-pm.conf
-
-PM_OPTS=""
-
-# optionally specify remote powerman server
-#PM_OPTS="-h pm-server.localdomain"
-

utils/man/scoutfs.5

@@ -15,12 +15,61 @@ general mount options described in the
 .BR mount (8)
 manual page.
 .TP
+.B acl
+The acl mount option enables support for POSIX Access Control Lists
+as detailed in
+.BR acl (5) .
+Support for POSIX ACLs is the default.
+.TP
+.B data_prealloc_blocks=<blocks>
+Set the size of preallocation regions of data files, in 4KiB blocks.
+Writes to these regions that contain no extents will attempt to
+preallocate the size of the full region.  This can waste a lot of space
+with small files, files with sparse regions, and files whose final
+length isn't a multiple of the preallocation size.  The following
+data_prealloc_contig_only option, which is the default, restricts this
+behaviour to waste less space.
+.sp
+All the preallocation options can be changed in an active mount by
+writing to their respective files in the options directory in the
+mount's sysfs directory.
+.sp
+It is worth noting that it is always more efficient in every way to use 
+.BR fallocate (2)
+to precisely allocate large extents for the resulting size of the file.
+Always attempt to enable it in software that supports it.
+.TP
+.B data_prealloc_contig_only=<0|1>
+This option, currently the default, limits file data preallocation in
+two ways.  First, it will only preallocate when extending a fully
+allocated file.  Second, it will limit the size of preallocation to the
+existing length of the file.  These limits reduce the amount of
+preallocation wasted per file at the cost of multiple initial extents in
+all files.  It only supports simple streaming writes, any other write
+pattern will not be recognized and could result in many fragmented
+extent allocations.
+.sp
+This option can be disabled to encourage large allocated extents
+regardless of write patterns.  This can be helpful if files are written
+with initial sparse regions (perhaps by multiple threads writing to
+different regions) and wasted space isn't an issue (perhaps because the
+file population contains few small files).
+.TP
 .B metadev_path=<device>
 The metadev_path option specifies the path to the block device that
 contains the filesystem's metadata.
 .sp
 This option is required.
 .TP
+.B noacl
+The noacl mount option disables the default support for POSIX Access
+Control Lists.  Any existing system.posix_acl_default and
+system.posix_acl_access extended attributes remain in inodes.   They
+will appear in listings from
+.BR listxattr (5)
+but specific retrieval or reomval operations will fail.  They will be
+used for enforcement again if ACL support is later enabled.
+.TP
 .B orphan_scan_delay_ms=<number>
 This option sets the average expected delay, in milliseconds, between
 each mount's scan of the global orphaned inode list.  Jitter is added to

utils/man/scoutfs.8

@@ -597,7 +597,7 @@ format.
 .PD
 
 .TP
-.BI "print META-DEVICE"
+.BI "print {-S|--skip-likely-huge} META-DEVICE"
 .sp
 Prints out all of the metadata in the file system.  This makes no effort
 to ensure that the structures are consistent as they're traversed and
@@ -607,6 +607,20 @@ output.
 .PD 0
 .TP
 .sp
+.B "-S, --skip-likely-huge"
+Skip printing structures that are likely to be very large.  The
+structures that are skipped tend to be global and whose size tends to be
+related to the size of the volume.   Examples of skipped structures include
+the global fs items, srch files, and metadata and data
+allocators.  Similar structures that are not skipped are related to the
+number of mounts and are maintained at a relatively reasonable size.
+These include per-mount log trees, srch files, allocators, and the
+metadata allocators used by server commits.
+.sp
+Skipping the larger structures limits the print output to a relatively
+constant size rather than being a large multiple of the used metadata
+space of the volume making the output much more useful for inspection.
+.TP
 .B "META-DEVICE"
 The path to the metadata device for the filesystem whose metadata will be
 printed.  Since this command reads via the host's buffer cache, it may not

utils/scoutfs-utils.spec.in

@@ -55,21 +55,14 @@ install -m 755 -D src/scoutfs $RPM_BUILD_ROOT%{_sbindir}/scoutfs
 install -m 644 -D src/ioctl.h $RPM_BUILD_ROOT%{_includedir}/scoutfs/ioctl.h
 install -m 644 -D src/format.h $RPM_BUILD_ROOT%{_includedir}/scoutfs/format.h
 install -m 755 -D fenced/scoutfs-fenced $RPM_BUILD_ROOT%{_libexecdir}/scoutfs-fenced/scoutfs-fenced
-install -m 755 -D fenced/local-force-unmount $RPM_BUILD_ROOT%{_libexecdir}/scoutfs-fenced/run/local-force-unmount
-install -m 755 -D fenced/ipmi-remote-host $RPM_BUILD_ROOT%{_libexecdir}/scoutfs-fenced/run/ipmi-remote-host
-install -m 755 -D fenced/powerman-remote-host $RPM_BUILD_ROOT%{_libexecdir}/scoutfs-fenced/run/powerman-remote-host
 install -m 644 -D fenced/scoutfs-fenced.service $RPM_BUILD_ROOT%{_unitdir}/scoutfs-fenced.service
 install -m 644 -D fenced/scoutfs-fenced.conf.example $RPM_BUILD_ROOT%{_sysconfdir}/scoutfs/scoutfs-fenced.conf.example
-install -m 644 -D fenced/scoutfs-ipmi.conf $RPM_BUILD_ROOT%{_sysconfdir}/scoutfs/scoutfs-ipmi.conf
-install -m 644 -D fenced/scoutfs-ipmi-hosts.conf $RPM_BUILD_ROOT%{_sysconfdir}/scoutfs/scoutfs-ipmi-hosts.conf
-install -m 644 -D fenced/scoutfs-pm.conf $RPM_BUILD_ROOT%{_sysconfdir}/scoutfs/scoutfs-pm.conf
-install -m 644 -D fenced/scoutfs-pm-hosts.conf $RPM_BUILD_ROOT%{_sysconfdir}/scoutfs/scoutfs-pm-hosts.conf
 
 %files
 %defattr(644,root,root,755)
 %{_mandir}/man*/scoutfs*.gz
 %{_unitdir}/scoutfs-fenced.service
-%config(noreplace) %{_sysconfdir}/scoutfs
+%{_sysconfdir}/scoutfs
 %defattr(755,root,root,755)
 %{_sbindir}/scoutfs
 %{_libexecdir}/scoutfs-fenced

utils/src/print.c

@@ -8,6 +8,7 @@
 #include <errno.h>
 #include <string.h>
 #include <stdarg.h>
+#include <stdbool.h>
 #include <ctype.h>
 #include <uuid/uuid.h>
 #include <sys/socket.h>
@@ -989,9 +990,10 @@ static void print_super_block(struct scoutfs_super_block *super, u64 blkno)
 
 struct print_args {
 	char *meta_device;
+	bool skip_likely_huge;
 };
 
-static int print_volume(int fd)
+static int print_volume(int fd, struct print_args *args)
 {
 	struct scoutfs_super_block *super = NULL;
 	struct print_recursion_args pa;
@@ -1041,23 +1043,26 @@ static int print_volume(int fd)
 			ret = err;
 	}
 
-	for (i = 0; i < array_size(super->meta_alloc); i++) {
-		snprintf(str, sizeof(str), "meta_alloc[%u]", i);
-		err = print_btree(fd, super, str, &super->meta_alloc[i].root,
+	if (!args->skip_likely_huge) {
+		for (i = 0; i < array_size(super->meta_alloc); i++) {
+			snprintf(str, sizeof(str), "meta_alloc[%u]", i);
+			err = print_btree(fd, super, str, &super->meta_alloc[i].root,
+					  print_alloc_item, NULL);
+			if (err && !ret)
+				ret = err;
+		}
+
+		err = print_btree(fd, super, "data_alloc", &super->data_alloc.root,
 				  print_alloc_item, NULL);
 		if (err && !ret)
 			ret = err;
 	}
 
-	err = print_btree(fd, super, "data_alloc", &super->data_alloc.root,
-			  print_alloc_item, NULL);
-	if (err && !ret)
-		ret = err;
-
 	err = print_btree(fd, super, "srch_root", &super->srch_root,
 			  print_srch_root_item, NULL);
 	if (err && !ret)
 		ret = err;
+
 	err = print_btree(fd, super, "logs_root", &super->logs_root,
 			  print_log_trees_item, NULL);
 	if (err && !ret)
@@ -1065,19 +1070,23 @@ static int print_volume(int fd)
 
 	pa.super = super;
 	pa.fd = fd;
-	err = print_btree_leaf_items(fd, super, &super->srch_root.ref,
-				     print_srch_root_files, &pa);
-	if (err && !ret)
-		ret = err;
+	if (!args->skip_likely_huge) {
+		err = print_btree_leaf_items(fd, super, &super->srch_root.ref,
+					     print_srch_root_files, &pa);
+		if (err && !ret)
+			ret = err;
+	}
 	err = print_btree_leaf_items(fd, super, &super->logs_root.ref,
 				     print_log_trees_roots, &pa);
 	if (err && !ret)
 		ret = err;
 
-	err = print_btree(fd, super, "fs_root", &super->fs_root,
-			  print_fs_item, NULL);
-	if (err && !ret)
-		ret = err;
+	if (!args->skip_likely_huge) {
+		err = print_btree(fd, super, "fs_root", &super->fs_root,
+				  print_fs_item, NULL);
+		if (err && !ret)
+			ret = err;
+	}
 
 out:
 	free(super);
@@ -1098,7 +1107,7 @@ static int do_print(struct print_args *args)
 		return ret;
 	}
 
-	ret = print_volume(fd);
+	ret = print_volume(fd, args);
 	close(fd);
 	return ret;
 };
@@ -1108,6 +1117,9 @@ static int parse_opt(int key, char *arg, struct argp_state *state)
 	struct print_args *args = state->input;
 
 	switch (key) {
+	case 'S':
+		args->skip_likely_huge = true;
+		break;
 	case ARGP_KEY_ARG:
 		if (!args->meta_device)
 			args->meta_device = strdup_or_error(state, arg);
@@ -1125,8 +1137,13 @@ static int parse_opt(int key, char *arg, struct argp_state *state)
 	return 0;
 }
 
+static struct argp_option options[] = {
+	{ "skip-likely-huge", 'S', NULL, 0, "Skip large structures to minimize output size"},
+	{ NULL }
+};
+
 static struct argp argp = {
-	NULL,
+	options,
 	parse_opt,
 	"META-DEV",
 	"Print metadata structures"