From: Chao Yu <yuchao0@huawei.com>
To: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: <linux-f2fs-devel@lists.sourceforge.net>,
<linux-kernel@vger.kernel.org>, <chao@kernel.org>
Subject: Re: [PATCH] f2fs: set deadline to drop expired inmem pages
Date: Tue, 17 Apr 2018 14:44:22 +0800 [thread overview]
Message-ID: <b4aba32d-e57a-add4-19d5-7d19a8ccd90c@huawei.com> (raw)
In-Reply-To: <20180416201603.GA76077@jaegeuk-macbookpro.roam.corp.google.com>
On 2018/4/17 4:16, Jaegeuk Kim wrote:
> On 04/13, Chao Yu wrote:
>> On 2018/4/13 12:05, Jaegeuk Kim wrote:
>>> On 04/13, Chao Yu wrote:
>>>> On 2018/4/13 9:04, Jaegeuk Kim wrote:
>>>>> On 04/10, Chao Yu wrote:
>>>>>> Hi Jaegeuk,
>>>>>>
>>>>>> On 2018/4/8 16:13, Chao Yu wrote:
>>>>>>> f2fs doesn't allow abuse on atomic write class interface, so except
>>>>>>> limiting in-mem pages' total memory usage capacity, we need to limit
>>>>>>> start-commit time as well, otherwise we may run into infinite loop
>>>>>>> during foreground GC because target blocks in victim segment are
>>>>>>> belong to atomic opened file for long time.
>>>>>>>
>>>>>>> Now, we will check the condition with f2fs_balance_fs_bg in
>>>>>>> background threads, once if user doesn't commit data exceeding 30
>>>>>>> seconds, we will drop all cached data, so I expect it can keep our
>>>>>>> system running safely to prevent Dos attack.
>>>>>>
>>>>>> Is it worth to add this patch to avoid abuse on atomic write interface by user?
>>>>>
>>>>> Hmm, hope to see a real problem first in this case.
>>>>
>>>> I think this can be a more critical security leak instead of a potential issue
>>>> which we can wait for someone reporting that can be too late.
>>>>
>>>> For example, user can simply write a huge file whose data spread in all f2fs
>>>> segments, once user open that file as atomic, foreground GC will suffer
>>>> deadloop, causing denying any further service of f2fs.
>>>
>>> How can you guarantee it won't happen within 30sec? If you want to avoid that,
>>
>> Now the value is smaller than generic hang task threshold in order to avoid
>> foreground GC helding gc_mutex too long, we can tune that parameter?
>>
>>> you have to take a look at foreground gc.
>>
>> What do you mean? let GC moves blocks of atomic write opened file?
>
> I thought that we first need to detect when foreground GC is stuck by such the
> huge number of atomic writes. Then, we need to do something like dropping all
> the atomic writes.
Yup, that will be reasonable. :)
Thanks,
>
>>
>> Thanks,
>>
>>>
>>>>
>>>> Thanks,
>>>>
>>>>>
>>>>>> Thanks,
>>>>>
>>>>> .
>>>>>
>>>
>>> .
>>>
>
> .
>
WARNING: multiple messages have this Message-ID (diff)
From: Chao Yu <yuchao0@huawei.com>
To: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: linux-f2fs-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org, chao@kernel.org
Subject: Re: [PATCH] f2fs: set deadline to drop expired inmem pages
Date: Tue, 17 Apr 2018 14:44:22 +0800 [thread overview]
Message-ID: <b4aba32d-e57a-add4-19d5-7d19a8ccd90c@huawei.com> (raw)
In-Reply-To: <20180416201603.GA76077@jaegeuk-macbookpro.roam.corp.google.com>
On 2018/4/17 4:16, Jaegeuk Kim wrote:
> On 04/13, Chao Yu wrote:
>> On 2018/4/13 12:05, Jaegeuk Kim wrote:
>>> On 04/13, Chao Yu wrote:
>>>> On 2018/4/13 9:04, Jaegeuk Kim wrote:
>>>>> On 04/10, Chao Yu wrote:
>>>>>> Hi Jaegeuk,
>>>>>>
>>>>>> On 2018/4/8 16:13, Chao Yu wrote:
>>>>>>> f2fs doesn't allow abuse on atomic write class interface, so except
>>>>>>> limiting in-mem pages' total memory usage capacity, we need to limit
>>>>>>> start-commit time as well, otherwise we may run into infinite loop
>>>>>>> during foreground GC because target blocks in victim segment are
>>>>>>> belong to atomic opened file for long time.
>>>>>>>
>>>>>>> Now, we will check the condition with f2fs_balance_fs_bg in
>>>>>>> background threads, once if user doesn't commit data exceeding 30
>>>>>>> seconds, we will drop all cached data, so I expect it can keep our
>>>>>>> system running safely to prevent Dos attack.
>>>>>>
>>>>>> Is it worth to add this patch to avoid abuse on atomic write interface by user?
>>>>>
>>>>> Hmm, hope to see a real problem first in this case.
>>>>
>>>> I think this can be a more critical security leak instead of a potential issue
>>>> which we can wait for someone reporting that can be too late.
>>>>
>>>> For example, user can simply write a huge file whose data spread in all f2fs
>>>> segments, once user open that file as atomic, foreground GC will suffer
>>>> deadloop, causing denying any further service of f2fs.
>>>
>>> How can you guarantee it won't happen within 30sec? If you want to avoid that,
>>
>> Now the value is smaller than generic hang task threshold in order to avoid
>> foreground GC helding gc_mutex too long, we can tune that parameter?
>>
>>> you have to take a look at foreground gc.
>>
>> What do you mean? let GC moves blocks of atomic write opened file?
>
> I thought that we first need to detect when foreground GC is stuck by such the
> huge number of atomic writes. Then, we need to do something like dropping all
> the atomic writes.
Yup, that will be reasonable. :)
Thanks,
>
>>
>> Thanks,
>>
>>>
>>>>
>>>> Thanks,
>>>>
>>>>>
>>>>>> Thanks,
>>>>>
>>>>> .
>>>>>
>>>
>>> .
>>>
>
> .
>
next prev parent reply other threads:[~2018-04-17 6:44 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-08 8:13 [PATCH] f2fs: set deadline to drop expired inmem pages Chao Yu
2018-04-08 8:13 ` Chao Yu
2018-04-10 7:38 ` Chao Yu
2018-04-10 7:38 ` Chao Yu
2018-04-13 1:04 ` Jaegeuk Kim
2018-04-13 1:25 ` Chao Yu
2018-04-13 1:25 ` Chao Yu
2018-04-13 4:05 ` Jaegeuk Kim
2018-04-13 6:08 ` Chao Yu
2018-04-13 6:08 ` Chao Yu
2018-04-16 20:16 ` Jaegeuk Kim
2018-04-17 6:44 ` Chao Yu [this message]
2018-04-17 6:44 ` Chao Yu
2018-04-17 11:45 ` Chao Yu
2018-04-17 11:45 ` Chao Yu
2018-04-18 4:14 ` Jaegeuk Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b4aba32d-e57a-add4-19d5-7d19a8ccd90c@huawei.com \
--to=yuchao0@huawei.com \
--cc=chao@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.