All of lore.kernel.org
 help / color / mirror / Atom feed
From: Brian Foster <bfoster@redhat.com>
To: Christoph Hellwig <hch@lst.de>
Cc: "Darrick J. Wong" <darrick.wong@oracle.com>,
	Eric Sandeen <sandeen@sandeen.net>,
	Eric Sandeen <sandeen@redhat.com>,
	linux-xfs <linux-xfs@vger.kernel.org>
Subject: Re: [PATCH, RFC] xfs: re-enable FIBMAP on reflink; disable for swap
Date: Fri, 31 Aug 2018 08:36:40 -0400	[thread overview]
Message-ID: <20180831123639.GA39825@bfoster> (raw)
In-Reply-To: <20180831062813.GA7280@lst.de>

On Fri, Aug 31, 2018 at 08:28:13AM +0200, Christoph Hellwig wrote:
> On Thu, Aug 30, 2018 at 11:28:49AM -0700, Darrick J. Wong wrote:
> > I prefer to have FIBMAP return errors to *cough* encourage people to use
> > FIEMAP.  If code are going to abuse the FI[BE]MAP interface they could
> > at least abuse the one that gives it enough context to avoid fs
> > corruption.  (A proper fs driver would be preferable, though very
> > difficult).
> 
> I think Carlos was looking into implementing the FIBMAP ioctl
> using ->fiemap.  In that case we could return sensible errors,
> and centralize policy in a single place..
> 

So basically ioctl_fibmap() either prioritizes ->fiemap() or looks for
some special combination of (fiemap && !bmap) to translate the call..

> > Granted, grub's blocklist code doesn't seem to check for shared blocks
> > when it writes grubenv.... yuck, though TBH I don't have the eye budget
> > to spend on digging through grub2.  Frankly I think FIBMAP comes verrry
> > close to "this API is unfixably stupid and shouldn't be enabled for new
> > use cases and should go away some day".
> 
> .. and that policy should be: always return an error for the slightest
> unusual file layout (shared, encrypted, inline, etc).

... and then return some error if the associate extent is in some state
that cannot be described by fibmap..? That sounds like a nice option to
me. Carlos..?

Maybe it's too late for this, but I think even dropping ->bmap
completely for the time being on XFS reflink=1 filesystems is preferable
to the current behavior where we return a perfectly valid result and
pretend that somehow represents an error to userspace.

The arguments for the current behavior essentially apply the "known
fibmap usecase of direct block writes" as justification for implementing
this policy in the kernel. In practice, the current behavior just trades
off one problem (data corruption) for another where the end result is
probably the same for that particular use case: the system doesn't boot.
If we dropped bmap, then at least there's an obvious error and the user
can decide whether to update to fiemap or disable reflink (as opposed to
us having to continue to chase down these odd bootloader issues).

Brian

  reply	other threads:[~2018-08-31 16:44 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-30 16:10 [PATCH, RFC] xfs: re-enable FIBMAP on reflink; disable for swap Eric Sandeen
2018-08-30 16:25 ` Christoph Hellwig
2018-08-30 16:31   ` Eric Sandeen
2018-08-30 16:36     ` Christoph Hellwig
2018-08-30 16:35       ` Eric Sandeen
2018-08-30 18:02         ` Brian Foster
2018-08-30 18:28           ` Darrick J. Wong
2018-08-30 18:51             ` Eric Sandeen
2018-08-30 19:39               ` Brian Foster
2018-08-30 19:47                 ` Eric Sandeen
2018-08-30 19:58                   ` Brian Foster
2018-08-31  0:11               ` Dave Chinner
2018-08-31  1:34                 ` Eric Sandeen
2018-08-31  3:05                   ` Dave Chinner
2018-08-31 13:08                     ` Eric Sandeen
2018-09-01  8:32                       ` Christoph Hellwig
2018-08-31  6:28             ` Christoph Hellwig
2018-08-31 12:36               ` Brian Foster [this message]
2018-09-01  8:31                 ` Christoph Hellwig
2018-09-02 14:08                 ` Carlos Maiolino
2018-09-02 17:52                   ` Eric Sandeen
2018-09-03 10:21                     ` Carlos Maiolino

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180831123639.GA39825@bfoster \
    --to=bfoster@redhat.com \
    --cc=darrick.wong@oracle.com \
    --cc=hch@lst.de \
    --cc=linux-xfs@vger.kernel.org \
    --cc=sandeen@redhat.com \
    --cc=sandeen@sandeen.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.