Re: [RFC] mm: optimise generic_file_read_iter

From: Dave Chinner <david@fromorbit.com>
To: Pavel Begunkov <asml.silence@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	linux-mm@kvack.org, Alexander Viro <viro@zeniv.linux.org.uk>,
	linux-fsdevel@vger.kernel.org, Jens Axboe <axboe@kernel.dk>,
	linux-kernel@vger.kernel.org
Subject: Re: [RFC] mm: optimise generic_file_read_iter
Date: Sat, 7 Aug 2021 09:49:08 +1000	[thread overview]
Message-ID: <20210806234908.GC2566745@dread.disaster.area> (raw)
In-Reply-To: <07bd408d6cad95166b776911823b40044160b434.1628248975.git.asml.silence@gmail.com>

On Fri, Aug 06, 2021 at 12:42:43PM +0100, Pavel Begunkov wrote:
> Unless direct I/O path of generic_file_read_iter() ended up with an
> error or a short read, it doesn't use inode. So, load inode and size
> later, only when they're needed. This cuts two memory reads and also
> imrpoves code generation, e.g. loads from stack.
> 
> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
> ---
> 
> NOTE: as a side effect, it reads inode->i_size after ->direct_IO(), and
> I'm not sure whether that's valid, so would be great to get feedback
> from someone who knows better.

I can see that it changes behaviour in a very subtle way. It depends
on what each individual filesystem does with direct IO as to whether
this may introduce potential data coherency/corruption issues, so I
can't say that it's a safe change. It doesn't affect XFS, because
XFS doesn't do direct IO through generic_file_read_iter().

Fundamentally, the issue is that ->direct_IO() can race with inode
size extensions due to write IO completions while the read IO is in
flight.

>  mm/filemap.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/mm/filemap.c b/mm/filemap.c
> index d1458ecf2f51..0030c454ec35 100644
> --- a/mm/filemap.c
> +++ b/mm/filemap.c
> @@ -2658,10 +2658,8 @@ generic_file_read_iter(struct kiocb *iocb, struct iov_iter *iter)
>  	if (iocb->ki_flags & IOCB_DIRECT) {
>  		struct file *file = iocb->ki_filp;
>  		struct address_space *mapping = file->f_mapping;
> -		struct inode *inode = mapping->host;
> -		loff_t size;
> +		struct inode *inode;
>  
> -		size = i_size_read(inode);
>  		if (iocb->ki_flags & IOCB_NOWAIT) {
>  			if (filemap_range_needs_writeback(mapping, iocb->ki_pos,
>  						iocb->ki_pos + count - 1))
> @@ -2693,8 +2691,10 @@ generic_file_read_iter(struct kiocb *iocb, struct iov_iter *iter)
>  		 * the rest of the read.  Buffered reads will not work for
>  		 * DAX files, so don't bother trying.
>  		 */
> -		if (retval < 0 || !count || iocb->ki_pos >= size ||
> -		    IS_DAX(inode))

Hence this check in the current code is determining if the IO file
offset *after* the IO completed is at or beyond the EOF *before the
IO was started*. i.e. it always detects a short read, because the
EOF can only ascend while a DIO is in progress - truncation cannot
run concurrently with DIO reads. Hence if we get less bytes read
than we ask for, and we are beyond the EOF we sampled at the start
of the IO, we know for certain we got a short read and we drop out
without going through the buffered read path.

> +		if (retval < 0 || !count)
> +			return retval;
> +		inode = mapping->host;
> +		if (iocb->ki_pos >= i_size_read(inode) || IS_DAX(inode))
>  			return retval;

This changes the check to read the inode size after the read IO
completed. This means the IO could have raced with size extensions
from other concurrent DIO writes (or even racing buffered IO
writeback), so despite getting less bytes than we asked for, we
won't detect it as a short DIO read. Hence we now fall through to the
buffered read path.

So at minimum, this is a _very subtle_ change of behaviour in the
direct IO code, resulting in short reads at EOF now sometimes
falling through to the buffered IO path where they never did before.
It may not be an issue but per-filesystem audits will be needed to
determine that....

Cheers,

Dave.
-- 
Dave Chinner
david@fromorbit.com