From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89DCDC4361B for ; Wed, 12 May 2021 13:46:39 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id E2D356112F for ; Wed, 12 May 2021 13:46:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E2D356112F Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id E0F496B0070; Wed, 12 May 2021 09:46:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CF6B66B0073; Wed, 12 May 2021 09:46:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 733F76B0071; Wed, 12 May 2021 09:46:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0147.hostedemail.com [216.40.44.147]) by kanga.kvack.org (Postfix) with ESMTP id 455596B006E for ; Wed, 12 May 2021 09:46:36 -0400 (EDT) Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 0A2A998BB for ; Wed, 12 May 2021 13:46:36 +0000 (UTC) X-FDA: 78132703992.18.5050D67 Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) by imf12.hostedemail.com (Postfix) with ESMTP id 27D353CA for ; Wed, 12 May 2021 13:46:19 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 5897EB1B1; Wed, 12 May 2021 13:46:32 +0000 (UTC) Received: by quack2.suse.cz (Postfix, from userid 1000) id D2B801E0A4C; Wed, 12 May 2021 15:46:31 +0200 (CEST) From: Jan Kara To: Cc: Christoph Hellwig , Dave Chinner , ceph-devel@vger.kernel.org, Chao Yu , Damien Le Moal , "Darrick J. Wong" , Jaegeuk Kim , Jeff Layton , Johannes Thumshirn , linux-cifs@vger.kernel.org, , linux-f2fs-devel@lists.sourceforge.net, , , Miklos Szeredi , Steve French , Ted Tso , Matthew Wilcox , Jan Kara Subject: [PATCH 0/11 v5] fs: Hole punch vs page cache filling races Date: Wed, 12 May 2021 15:46:08 +0200 Message-Id: <20210512101639.22278-1-jack@suse.cz> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Authentication-Results: imf12.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf12.hostedemail.com: domain of jack@suse.cz designates 195.135.220.15 as permitted sender) smtp.mailfrom=jack@suse.cz X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 27D353CA X-Stat-Signature: 1ht1erorw3ycoryc8xac1rrgkka5x77x Received-SPF: none (suse.cz>: No applicable sender policy available) receiver=imf12; identity=mailfrom; envelope-from=""; helo=mx2.suse.de; client-ip=195.135.220.15 X-HE-DKIM-Result: none/none X-HE-Tag: 1620827179-602768 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hello, here is another version of my patches to address races between hole punch= ing and page cache filling functions for ext4 and other filesystems. The bigg= est change since the last time is update of the documentation to reflect the = fact Dave Chinner spotted that some places also use this type of lock to block changes to existing page cache pages through memory mappings. Out of all filesystem supporting hole punching, only GFS2 and OCFS2 remai= n unresolved. GFS2 people are working on their own solution (cluster lockin= g is involved), OCFS2 has even bigger issues (maintainers informed, looking in= to it). As a next step, I'd like to actually make sure all calls to truncate_inode_pages() happen under mapping->invalidate_lock, add the ass= ert and then we can also get rid of i_size checks in some places (truncate ca= n use the same serialization scheme as hole punch). But that step is mostly a cleanup so I'd like to get these functional fixes in first. Note that the first patch of the series is already in mm tree but I'm submitting it here so that the series applies to Linus' tree cleanly. Changes since v4: * Rebased onto 5.13-rc1 * Removed shmfs conversion patches * Fixed up zonefs changelog * Fixed up XFS comments * Added patch fixing up definition of file_operations in Documentation/vf= s/ * Updated documentation and comments to explain invalidate_lock is used a= lso to prevent changes through memory mappings to existing pages for some V= FS operations. Changes since v3: * Renamed and moved lock to struct address_space * Added conversions of tmpfs, ceph, cifs, fuse, f2fs * Fixed error handling path in filemap_read() * Removed .page_mkwrite() cleanup from the series for now Changes since v2: * Added documentation and comments regarding lock ordering and how the lo= ck is supposed to be used * Added conversions of ext2, xfs, zonefs * Added patch removing i_mapping_sem protection from .page_mkwrite handle= rs Changes since v1: * Moved to using inode->i_mapping_sem instead of aops handler to acquire appropriate lock --- Motivation: Amir has reported [1] a that ext4 has a potential issues when reads can r= ace with hole punching possibly exposing stale data from freed blocks or even corrupting filesystem when stale mapping data gets used for writeout. The problem is that during hole punching, new page cache pages can get instan= tiated and block mapping from the looked up in a punched range after truncate_inode_pages() has run but before the filesystem removes blocks f= rom the file. In principle any filesystem implementing hole punching thus nee= ds to implement a mechanism to block instantiating page cache pages during hole punching to avoid this race. This is further complicated by the fact that= there are multiple places that can instantiate pages in page cache. We can hav= e regular read(2) or page fault doing this but fadvise(2) or madvise(2) can= also result in reading in page cache pages through force_page_cache_readahead(= ). There are couple of ways how to fix this. First way (currently implemente= d by XFS) is to protect read(2) and *advise(2) calls with i_rwsem so that they= are serialized with hole punching. This is easy to do but as a result all rea= ds would then be serialized with writes and thus mixed read-write workloads = suffer heavily on ext4. Thus this series introduces inode->i_mapping_sem and use= s it when creating new pages in the page cache and looking up their correspond= ing block mapping. We also replace EXT4_I(inode)->i_mmap_sem with this new rw= sem which provides necessary serialization with hole punching for ext4. Honza [1] https://lore.kernel.org/linux-fsdevel/CAOQ4uxjQNmxqmtA_VbYW0Su9rKRk2z= obJmahcyeaEVOFKVQ5dw@mail.gmail.com/ Previous versions: Link: https://lore.kernel.org/linux-fsdevel/20210208163918.7871-1-jack@su= se.cz/ Link: http://lore.kernel.org/r/20210413105205.3093-1-jack@suse.cz Link: http://lore.kernel.org/r/20210423171010.12-1-jack@suse.cz