Re: [PATCH V6 08/11] xfs: Check for extent overflow when remapping an extent

From: Chandan Babu R <chandanrlinux@gmail.com>
To: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: Christoph Hellwig <hch@infradead.org>,
	linux-xfs@vger.kernel.org, david@fromorbit.com
Subject: Re: [PATCH V6 08/11] xfs: Check for extent overflow when remapping an extent
Date: Fri, 16 Oct 2020 09:57:19 +0530	[thread overview]
Message-ID: <66787089.qbDNxTZFml@garuda> (raw)
In-Reply-To: <20201015184545.GC9832@magnolia>

On Friday 16 October 2020 12:15:45 AM IST Darrick J. Wong wrote:
> On Thu, Oct 15, 2020 at 03:31:26PM +0530, Chandan Babu R wrote:
> > On Thursday 15 October 2020 2:09:45 PM IST Christoph Hellwig wrote:
> > > This patch demonstrates very well why I think having these magic
> > > defines and the comments in a header makes no sense.
> > > 
> > > > +/*
> > > > + * Remapping an extent involves unmapping the existing extent and mapping in the
> > > > + * new extent.
> > > > + *
> > > > + * When unmapping, an extent containing the entire unmap range can be split into
> > > > + * two extents,
> > > > + * i.e. | Old extent | hole | Old extent |
> > > > + * Hence extent count increases by 1.
> > > > + *
> > > > + * Mapping in the new extent into the destination file can increase the extent
> > > > + * count by 1.
> > > > + */
> > > > +#define XFS_IEXT_REFLINK_REMAP_CNT(smap_real, dmap_written) \
> > > > +	(((smap_real) ? 1 : 0) + ((dmap_written) ? 1 : 0))
> > > > +
> > > >  /*
> > > >   * Fork handling.
> > > >   */
> > > > diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c
> > > > index 4f0198f636ad..c9f9ff68b5bb 100644
> > > > --- a/fs/xfs/xfs_reflink.c
> > > > +++ b/fs/xfs/xfs_reflink.c
> > > > @@ -1099,6 +1099,11 @@ xfs_reflink_remap_extent(
> > > >  			goto out_cancel;
> > > >  	}
> > > >  
> > > > +	error = xfs_iext_count_may_overflow(ip, XFS_DATA_FORK,
> > > > +			XFS_IEXT_REFLINK_REMAP_CNT(smap_real, dmap_written));
> > > > +	if (error)
> > > > +		goto out_cancel;
> > > > +
> > > 
> > > This is a completely mess.
> > > 
> > > If OTOH xfs_reflink_remap_extent had a local variable for the potential
> > > max number of extents, which is incremented near the initialization
> > > of smap_real and dmap_written, with a nice comment near to each
> > > increment it would make complete sense to the reader.
> > >
> > 
> > How about following the traits of XFS_IEXT_WRITE_UNWRITTEN_CNT (writing
> > to unwritten extent) and XFS_IEXT_REFLINK_END_COW_CNT (moving an extent
> > from cow fork to data fork) and setting XFS_IEXT_REFLINK_REMAP_CNT to a
> > worst case value of 2? A write spanning the entirety of an unwritten extent
> > does not change the extent count. Similarly, If there are no extents in the
> > data fork spanning the file range mapped by an extent in the cow
> > fork, moving the extent from cow fork to data fork increases the extent count
> > by just 1 and not by the worst case count of 2.
> 
> Probably not a huge deal, since at worst we bail out of reflink early
> and userspace can just decide to fall back to a pagecache copy or
> whatever.  It'd be harder to deal with if this was the cow path where we
> long ago returned from write() and even writeback...
> 
> ...though now that I think about it, what /does/ happens if
> _reflink_end_cow trips over this?  I wonder if inodes need to be able to
> reserve extent count for later, but ... hgnghghg that seems hard to
> reason about.

I am not sure if I am following you. Looks like you are asking about what
happens if xfs_reflink_end_cow_extent() trips over
XFS_IEXT_REFLINK_END_COW_CNT limit. If that occurs, then the end_io path would
set AS_EIO on mapping->flags which would in turn cause the upper layers of the
kernel to return -EIO to the corresponding fsync() call made by a userspace
program.

-- 
chandan