lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <D1CDACE3-EC7E-43E4-8F49-EEA2B6E71A41@dilger.ca>
Date:   Tue, 16 Aug 2022 10:42:29 -0600
From:   Andreas Dilger <adilger@...ger.ca>
To:     Dave Chinner <david@...morbit.com>,
        Eric Biggers <ebiggers@...nel.org>
Cc:     Jaegeuk Kim <jaegeuk@...nel.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Ext4 Developers List <linux-ext4@...r.kernel.org>,
        linux-f2fs-devel@...ts.sourceforge.net,
        xfs <linux-xfs@...r.kernel.org>, linux-api@...r.kernel.org,
        linux-fscrypt@...r.kernel.org,
        linux-block <linux-block@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Keith Busch <kbusch@...nel.org>
Subject: Re: [PATCH v4 6/9] f2fs: don't allow DIO reads but not DIO writes

On Aug 16, 2022, at 3:03 AM, Dave Chinner <david@...morbit.com> wrote:
> 
> On Mon, Aug 15, 2022 at 05:55:45PM -0700, Eric Biggers wrote:
>> On Sat, Jul 30, 2022 at 08:08:26PM -0700, Jaegeuk Kim wrote:
>>> On 07/25, Eric Biggers wrote:
>>>> On Sat, Jul 23, 2022 at 07:01:59PM -0700, Jaegeuk Kim wrote:
>>>>> On 07/22, Eric Biggers wrote:
>>>>>> From: Eric Biggers <ebiggers@...gle.com>
>>>>>> 
>>>>>> Currently, if an f2fs filesystem is mounted with the mode=lfs and
>>>>>> io_bits mount options, DIO reads are allowed but DIO writes are not.
>>>>>> Allowing DIO reads but not DIO writes is an unusual restriction, which
>>>>>> is likely to be surprising to applications, namely any application that
>>>>>> both reads and writes from a file (using O_DIRECT).  This behavior is
>>>>>> also incompatible with the proposed STATX_DIOALIGN extension to statx.
>>>>>> Given this, let's drop the support for DIO reads in this configuration.
>>>>> 
>>>>> IIRC, we allowed DIO reads since applications complained a lower performance.
>>>>> So, I'm afraid this change will make another confusion to users. Could
>>>>> you please apply the new bahavior only for STATX_DIOALIGN?
>>>>> 
>>>> 
>>>> Well, the issue is that the proposed STATX_DIOALIGN fields cannot represent this
>>>> weird case where DIO reads are allowed but not DIO writes.  So the question is
>>>> whether this case actually matters, in which case we should make STATX_DIOALIGN
>>>> distinguish between DIO reads and DIO writes, or whether it's some odd edge case
>>>> that doesn't really matter, in which case we could just fix it or make
>>>> STATX_DIOALIGN report that DIO is unsupported.  I was hoping that you had some
>>>> insight here.  What sort of applications want DIO reads but not DIO writes?
>>>> Is this common at all?
>>> 
>>> I think there's no specific application to use the LFS mode at this
>>> moment, but I'd like to allow DIO read for zoned device which will be
>>> used for Android devices.
>>> 
>> 
>> So if the zoned device feature becomes widely adopted, then STATX_DIOALIGN will
>> be useless on all Android devices?  That sounds undesirable.  Are you sure that
>> supporting DIO reads but not DIO writes actually works?  Does it not cause
>> problems for existing applications?
> 
> What purpose does DIO in only one direction actually serve? All it
> means is that we're forcibly mixing buffered and direct IO to the
> same file and that simply never ends well from a data coherency POV.
> 
> Hence I'd suggest that mixing DIO reads and buffered writes like
> this ends up exposing uses to the worst of both worlds - all of the
> problems with none of the benefits...
> 
>> What we need to do is make a decision about whether this means we should
>> build in a stx_dio_direction field (indicating no support / readonly
>> support / writeonly support / readwrite support) into the API from the
>> beginning.  If we don't do that, then I don't think we could simply add
>> such a field later, as the statx_dio_*_align fields will have already
>> been assigned their meaning.  I think we'd instead have to "duplicate"
>> the API, with STATX_DIOROALIGN and statx_dio_ro_*_align fields.  That
>> seems uglier than building a directional indicator into the API from the
>> beginning.  On the other hand, requiring all programs to check
>> stx_dio_direction would add complexity to using the API.
>> 
>> Any thoughts on this?
> 
> Decide whether partial, single direction DIO serves a useful purpose
> before trying to work out what is needed in the API to indicate that
> this sort of crazy will be supported....

Using read-only O_DIRECT makes sense for backup and other filesystem
scanning tools that don't want to pollute the page cache of a system
(which may be in use by other programs) while reading many files once.

Using interfaces like posix_fadvise(FADV_DONTNEED) to drop file cache
afterward is both a hassle and problematic when reading very large files
that would push out more important pages from cache before the large
file's pages can be dropped.


IMHO, this whole discussion is putting the cart before the horse.
Changing existing (and useful) IO behavior to accommodate an API that
nobody has ever used, and is unlikely to even be widely used, doesn't
make sense to me.  Most applications won't check or care about the new
DIO size fields, since they've lived this long without statx() returning
this info, and will just pick a "large enough" size (4KB, 1MB, whatever)
that gives them the performance they need.  They *WILL* care if the app
is suddenly unable to read data from a file in ways that have worked for
a long time.

Even if apps are modified to check these new DIO size fields, and then
try to DIO write to a file in f2fs that doesn't allow it, then f2fs will
return an error, which is what it would have done without the statx()
changes, so no harm done AFAICS.

Even with a more-complex DIO status return that handles a "direction"
field (which IMHO is needlessly complex), there is always the potential
for a TOCTOU race where a file changes between checking and access, so
the userspace code would need to handle this.

Cheers, Andreas






Download attachment "signature.asc" of type "application/pgp-signature" (874 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ