From: Dave Chinner <david@fromorbit.com> To: Jan Kara <jack@suse.cz> Cc: linux-fsdevel@vger.kernel.org, Christoph Hellwig <hch@infradead.org>, Amir Goldstein <amir73il@gmail.com>, Ted Tso <tytso@mit.edu>, ceph-devel@vger.kernel.org, Chao Yu <yuchao0@huawei.com>, Damien Le Moal <damien.lemoal@wdc.com>, "Darrick J. Wong" <darrick.wong@oracle.com>, Hugh Dickins <hughd@google.com>, Jaegeuk Kim <jaegeuk@kernel.org>, Jeff Layton <jlayton@kernel.org>, Johannes Thumshirn <jth@kernel.org>, linux-cifs@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mm@kvack.org, linux-xfs@vger.kernel.org, Miklos Szeredi <miklos@szeredi.hu>, Steve French <sfrench@samba.org> Subject: Re: [PATCH 02/12] mm: Protect operations adding pages to page cache with invalidate_lock Date: Sat, 24 Apr 2021 09:04:49 +1000 [thread overview] Message-ID: <20210423230449.GC1990290@dread.disaster.area> (raw) In-Reply-To: <20210423173018.23133-2-jack@suse.cz> On Fri, Apr 23, 2021 at 07:29:31PM +0200, Jan Kara wrote: > Currently, serializing operations such as page fault, read, or readahead > against hole punching is rather difficult. The basic race scheme is > like: > > fallocate(FALLOC_FL_PUNCH_HOLE) read / fault / .. > truncate_inode_pages_range() > <create pages in page > cache here> > <update fs block mapping and free blocks> > > Now the problem is in this way read / page fault / readahead can > instantiate pages in page cache with potentially stale data (if blocks > get quickly reused). Avoiding this race is not simple - page locks do > not work because we want to make sure there are *no* pages in given > range. inode->i_rwsem does not work because page fault happens under > mmap_sem which ranks below inode->i_rwsem. Also using it for reads makes > the performance for mixed read-write workloads suffer. > > So create a new rw_semaphore in the address_space - invalidate_lock - > that protects adding of pages to page cache for page faults / reads / > readahead. ..... > diff --git a/fs/inode.c b/fs/inode.c > index a047ab306f9a..43596dd8b61e 100644 > --- a/fs/inode.c > +++ b/fs/inode.c > @@ -191,6 +191,9 @@ int inode_init_always(struct super_block *sb, struct inode *inode) > mapping_set_gfp_mask(mapping, GFP_HIGHUSER_MOVABLE); > mapping->private_data = NULL; > mapping->writeback_index = 0; > + init_rwsem(&mapping->invalidate_lock); > + lockdep_set_class(&mapping->invalidate_lock, > + &sb->s_type->invalidate_lock_key); > inode->i_private = NULL; > inode->i_mapping = mapping; > INIT_HLIST_HEAD(&inode->i_dentry); /* buggered by rcu freeing */ Oh, lockdep. That might be a problem here. The XFS_MMAPLOCK has non-trivial lockdep annotations so that it is tracked as nesting properly against the IOLOCK and the ILOCK. When you end up using xfs_ilock(XFS_MMAPLOCK..) to lock this, XFS will add subclass annotations to the lock and they are going to be different to the locking that the VFS does. We'll see this from xfs_lock_two_inodes() (e.g. in xfs_swap_extents()) and xfs_ilock2_io_mmap() during reflink oper..... Oooooh. The page cache copy done when breaking a shared extent needs to lock out page faults on both the source and destination, but it still needs to be able to populate the page cache of both the source and destination file..... .... and vfs_dedupe_file_range_compare() has to be able to read pages from both the source and destination file to determine that the contents are identical and that's done while we hold the XFS_MMAPLOCK exclusively so the compare is atomic w.r.t. all other user data modification operations being run.... I now have many doubts that this "serialise page faults by locking out page cache instantiation" method actually works as a generic mechanism. It's not just page cache invalidation that relies on being able to lock out page faults: copy-on-write and deduplication both require the ability to populate the page cache with source data while page faults are locked out so the data can be compared/copied atomically with the extent level manipulations and so user data modifications cannot occur until the physical extent manipulation operation has completed. Having only just realised this is a problem, no solution has immediately popped into my mind. I'll chew on it over the weekend, but I'm not hopeful at this point... Cheers, Dave. -- Dave Chinner david@fromorbit.com
WARNING: multiple messages have this Message-ID (diff)
From: Dave Chinner <david@fromorbit.com> To: Jan Kara <jack@suse.cz> Cc: linux-cifs@vger.kernel.org, Damien Le Moal <damien.lemoal@wdc.com>, Ted Tso <tytso@mit.edu>, "Darrick J. Wong" <darrick.wong@oracle.com>, Jeff Layton <jlayton@kernel.org>, linux-ext4@vger.kernel.org, Amir Goldstein <amir73il@gmail.com>, Hugh Dickins <hughd@google.com>, linux-f2fs-devel@lists.sourceforge.net, Christoph Hellwig <hch@infradead.org>, linux-mm@kvack.org, Miklos Szeredi <miklos@szeredi.hu>, linux-fsdevel@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>, ceph-devel@vger.kernel.org, Johannes Thumshirn <jth@kernel.org>, Steve French <sfrench@samba.org>, linux-xfs@vger.kernel.org Subject: Re: [f2fs-dev] [PATCH 02/12] mm: Protect operations adding pages to page cache with invalidate_lock Date: Sat, 24 Apr 2021 09:04:49 +1000 [thread overview] Message-ID: <20210423230449.GC1990290@dread.disaster.area> (raw) In-Reply-To: <20210423173018.23133-2-jack@suse.cz> On Fri, Apr 23, 2021 at 07:29:31PM +0200, Jan Kara wrote: > Currently, serializing operations such as page fault, read, or readahead > against hole punching is rather difficult. The basic race scheme is > like: > > fallocate(FALLOC_FL_PUNCH_HOLE) read / fault / .. > truncate_inode_pages_range() > <create pages in page > cache here> > <update fs block mapping and free blocks> > > Now the problem is in this way read / page fault / readahead can > instantiate pages in page cache with potentially stale data (if blocks > get quickly reused). Avoiding this race is not simple - page locks do > not work because we want to make sure there are *no* pages in given > range. inode->i_rwsem does not work because page fault happens under > mmap_sem which ranks below inode->i_rwsem. Also using it for reads makes > the performance for mixed read-write workloads suffer. > > So create a new rw_semaphore in the address_space - invalidate_lock - > that protects adding of pages to page cache for page faults / reads / > readahead. ..... > diff --git a/fs/inode.c b/fs/inode.c > index a047ab306f9a..43596dd8b61e 100644 > --- a/fs/inode.c > +++ b/fs/inode.c > @@ -191,6 +191,9 @@ int inode_init_always(struct super_block *sb, struct inode *inode) > mapping_set_gfp_mask(mapping, GFP_HIGHUSER_MOVABLE); > mapping->private_data = NULL; > mapping->writeback_index = 0; > + init_rwsem(&mapping->invalidate_lock); > + lockdep_set_class(&mapping->invalidate_lock, > + &sb->s_type->invalidate_lock_key); > inode->i_private = NULL; > inode->i_mapping = mapping; > INIT_HLIST_HEAD(&inode->i_dentry); /* buggered by rcu freeing */ Oh, lockdep. That might be a problem here. The XFS_MMAPLOCK has non-trivial lockdep annotations so that it is tracked as nesting properly against the IOLOCK and the ILOCK. When you end up using xfs_ilock(XFS_MMAPLOCK..) to lock this, XFS will add subclass annotations to the lock and they are going to be different to the locking that the VFS does. We'll see this from xfs_lock_two_inodes() (e.g. in xfs_swap_extents()) and xfs_ilock2_io_mmap() during reflink oper..... Oooooh. The page cache copy done when breaking a shared extent needs to lock out page faults on both the source and destination, but it still needs to be able to populate the page cache of both the source and destination file..... .... and vfs_dedupe_file_range_compare() has to be able to read pages from both the source and destination file to determine that the contents are identical and that's done while we hold the XFS_MMAPLOCK exclusively so the compare is atomic w.r.t. all other user data modification operations being run.... I now have many doubts that this "serialise page faults by locking out page cache instantiation" method actually works as a generic mechanism. It's not just page cache invalidation that relies on being able to lock out page faults: copy-on-write and deduplication both require the ability to populate the page cache with source data while page faults are locked out so the data can be compared/copied atomically with the extent level manipulations and so user data modifications cannot occur until the physical extent manipulation operation has completed. Having only just realised this is a problem, no solution has immediately popped into my mind. I'll chew on it over the weekend, but I'm not hopeful at this point... Cheers, Dave. -- Dave Chinner david@fromorbit.com _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2021-04-23 23:04 UTC|newest] Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-04-23 17:29 [PATCH 0/12 v4] fs: Hole punch vs page cache filling races Jan Kara 2021-04-23 17:29 ` [PATCH 01/12] mm: Fix comments mentioning i_mutex Jan Kara 2021-04-23 17:29 ` [PATCH 02/12] mm: Protect operations adding pages to page cache with invalidate_lock Jan Kara 2021-04-23 18:30 ` Matthew Wilcox 2021-04-23 18:30 ` [f2fs-dev] " Matthew Wilcox 2021-04-23 23:04 ` Dave Chinner [this message] 2021-04-23 23:04 ` Dave Chinner 2021-04-26 15:46 ` Jan Kara 2021-04-26 15:46 ` [f2fs-dev] " Jan Kara 2021-04-23 17:29 ` [PATCH 03/12] ext4: Convert to use mapping->invalidate_lock Jan Kara 2021-04-23 17:29 ` [PATCH 04/12] ext2: Convert to using invalidate_lock Jan Kara 2021-04-23 17:29 ` [PATCH 05/12] xfs: Convert to use invalidate_lock Jan Kara 2021-04-23 22:39 ` Dave Chinner 2021-04-23 17:29 ` [PATCH 06/12] zonefs: Convert to using invalidate_lock Jan Kara 2021-04-26 6:40 ` Damien Le Moal 2021-04-26 16:24 ` Jan Kara 2021-04-23 17:29 ` [PATCH 07/12] f2fs: " Jan Kara 2021-04-23 19:15 ` kernel test robot 2021-04-23 19:15 ` kernel test robot 2021-04-23 20:05 ` kernel test robot 2021-04-23 20:05 ` kernel test robot 2021-04-23 17:29 ` [PATCH 08/12] fuse: " Jan Kara 2021-04-23 17:29 ` [PATCH 09/12] shmem: " Jan Kara 2021-04-29 4:12 ` Hugh Dickins 2021-04-29 4:12 ` Hugh Dickins 2021-04-29 9:30 ` Jan Kara 2021-04-23 17:29 ` [PATCH 10/12] shmem: Use invalidate_lock to protect fallocate Jan Kara 2021-04-23 19:27 ` kernel test robot 2021-04-23 19:27 ` kernel test robot 2021-04-29 3:24 ` Hugh Dickins 2021-04-29 3:24 ` Hugh Dickins 2021-04-29 9:20 ` Jan Kara 2021-04-23 17:29 ` [PATCH 11/12] ceph: Fix race between hole punch and page fault Jan Kara 2021-04-23 17:29 ` [PATCH 12/12] cifs: " Jan Kara 2021-04-23 22:07 ` [PATCH 0/12 v4] fs: Hole punch vs page cache filling races Dave Chinner 2021-04-23 22:07 ` [f2fs-dev] " Dave Chinner 2021-04-23 23:51 ` Matthew Wilcox 2021-04-23 23:51 ` [f2fs-dev] " Matthew Wilcox 2021-04-24 6:11 ` Christoph Hellwig 2021-04-24 6:11 ` [f2fs-dev] " Christoph Hellwig
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210423230449.GC1990290@dread.disaster.area \ --to=david@fromorbit.com \ --cc=amir73il@gmail.com \ --cc=ceph-devel@vger.kernel.org \ --cc=damien.lemoal@wdc.com \ --cc=darrick.wong@oracle.com \ --cc=hch@infradead.org \ --cc=hughd@google.com \ --cc=jack@suse.cz \ --cc=jaegeuk@kernel.org \ --cc=jlayton@kernel.org \ --cc=jth@kernel.org \ --cc=linux-cifs@vger.kernel.org \ --cc=linux-ext4@vger.kernel.org \ --cc=linux-f2fs-devel@lists.sourceforge.net \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=linux-xfs@vger.kernel.org \ --cc=miklos@szeredi.hu \ --cc=sfrench@samba.org \ --cc=tytso@mit.edu \ --cc=yuchao0@huawei.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.