lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1499344017.4812.10.camel@redhat.com>
Date:   Thu, 06 Jul 2017 08:26:57 -0400
From:   Jeff Layton <jlayton@...hat.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: [GIT PULL] writeback error handling fixes (pile #2)

The following changes since commit c86daad2c25bfd4a33d48b7691afaa96d9c5ab46:

  Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input (2017-05-26 16:45:13 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux.git tags/for-linus-v4.13-2

for you to fetch changes up to 333427a505be1e10d8da13427dc0c33ec1976b99:

  btrfs: minimal conversion to errseq_t writeback error reporting on fsync (2017-07-06 07:02:31 -0400)

----------------------------------------------------------------
Sorry for the long description, but I think it's important to give good
background here:

This pile represents the bulk of the writeback error handling fixes that
I have for this cycle. Some of the earlier patches in this pile may look
trivial but they are prerequisites for later patches in the series.

The aim of this set is to improve how we track and report writeback
errors to userland. Most applications that care about data integrity
will periodically call fsync/fdatasync/msync to ensure that their writes
have made it to the backing store.

For a very long time, we have tracked writeback errors using two flags
in the address_space: AS_EIO and AS_ENOSPC. Those flags are set when a
writeback error occurs (via mapping_set_error) and are cleared as a
side-effect of filemap_check_errors (as you noted yesterday). This model
really sucks for userland.

Only the first task to call fsync (or msync or fdatasync) will see the
error. Any subsequent task calling fsync on a file will get back 0
(unless another writeback error occurs in the interim). If I have
several tasks writing to a file and calling fsync to ensure that their
writes got stored, then I need to have them coordinate with one another.
That's difficult enough, but in a world of containerized setups that
coordination may even not be possible.

But wait...it gets worse!

The calls to filemap_check_errors can be buried pretty far down in the
call stack, and there are internal callers of filemap_write_and_wait and
the like that also end up clearing those errors. Many of those callers
ignore the error return from that function or return it to userland at
nonsensical times (e.g. truncate() or stat()). If I get back -EIO on a
truncate, there is no reason to think that it was because some previous
writeback failed, and a subsequent fsync() will (incorrectly) return 0.

This pile aims to do three things:

1) ensure that when a writeback error occurs that that error will be
reported to userland on a subsequent fsync/fdatasync/msync call,
regardless of what internal callers are doing

2) report writeback errors on all file descriptions that were open at
the time that the error occurred. This is a user-visible change, but I
think most applications are written to assume this behavior anyway.
Those that aren't are unlikely to be hurt by it.

3) document what filesystems should do when there is a writeback error.
Today, there is very little consistency between them, and a lot of
cargo-cult copying. We need to make it very clear what filesystems
should do in this situation.

To achieve this, the set adds a new data type (errseq_t) and then builds
new writeback error tracking infrastructure around that. Once all of
that is in place, we change the filesystems to use the new
infrastructure for reporting wb errors to userland.

Note that this is just the initial foray into cleaning up this mess.
There is a lot of work remaining here:

1) convert the rest of the filesystems in a similar fashion. Once the
initial set is in, then I think most other fs' will be fairly simple to
convert. Hopefully most of those can in via individual filesystem trees.

2) convert internal waiters on writeback to use errseq_t for detecting
errors instead of relying on the AS_* flags. I have some draft patches
for this for ext4, but they are not quite ready for prime time yet.

This was a discussion topic this year at LSF/MM too. If you're
interested in the gory details, LWN has some good articles about this:

https://lwn.net/Articles/718734/
https://lwn.net/Articles/724307/

----------------------------------------------------------------
Jeff Layton (17):
      mm: fix mapping_set_error call in me_pagecache_dirty
      buffer: use mapping_set_error instead of setting the flag
      fs: check for writeback errors after syncing out buffers in generic_file_fsync
      buffer: set errors in mapping at the time that the error occurs
      jbd2: don't clear and reset errors after waiting on writeback
      mm: clear AS_EIO/AS_ENOSPC when writeback initiation fails
      mm: don't TestClearPageError in __filemap_fdatawait_range
      lib: add errseq_t type and infrastructure for handling it
      fs: new infrastructure for writeback error handling and reporting
      mm: set both AS_EIO/AS_ENOSPC and errseq_t in mapping_set_error
      Documentation: flesh out the section in vfs.txt on storing and reporting writeback errors
      dax: set errors in mapping when writeback fails
      block: convert to errseq_t based writeback error tracking
      fs: convert __generic_file_fsync to use errseq_t based reporting
      ext4: use errseq_t based error handling for reporting data writeback errors
      xfs: minimal conversion to errseq_t writeback error reporting
      btrfs: minimal conversion to errseq_t writeback error reporting on fsync

 Documentation/filesystems/vfs.txt |  44 +++++++-
 MAINTAINERS                       |   6 ++
 drivers/dax/device.c              |   1 +
 fs/block_dev.c                    |   3 +-
 fs/btrfs/file.c                   |  13 ++-
 fs/buffer.c                       |  20 ++--
 fs/dax.c                          |   4 +-
 fs/ext2/file.c                    |   5 +-
 fs/ext4/fsync.c                   |   2 +-
 fs/file_table.c                   |   1 +
 fs/gfs2/lops.c                    |   2 +-
 fs/jbd2/commit.c                  |  16 +--
 fs/libfs.c                        |   6 +-
 fs/open.c                         |   3 +
 fs/xfs/xfs_file.c                 |   2 +-
 include/linux/buffer_head.h       |   1 +
 include/linux/errseq.h            |  19 ++++
 include/linux/fs.h                |  62 +++++++++++-
 include/linux/pagemap.h           |  31 ++++--
 include/trace/events/filemap.h    |  57 +++++++++++
 lib/Makefile                      |   2 +-
 lib/errseq.c                      | 208 ++++++++++++++++++++++++++++++++++++++
 mm/filemap.c                      | 126 +++++++++++++++++++----
 mm/memory-failure.c               |   2 +-
 24 files changed, 572 insertions(+), 64 deletions(-)
 create mode 100644 include/linux/errseq.h
 create mode 100644 lib/errseq.c

-- 
Jeff Layton <jlayton@...hat.com>
Download attachment "signature.asc" of type "application/pgp-signature" (863 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ