| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Mar 2023 18:02:05 +0800
From: Shiyang Ruan <ruansy.fnst@...itsu.com>
To: "Darrick J. Wong" <djwong@...nel.org>
CC: <linux-xfs@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>,
<nvdimm@...ts.linux.dev>, <linux-kernel@...r.kernel.org>,
<david@...morbit.com>, <dan.j.williams@...el.com>,
<akpm@...ux-foundation.org>
Subject: Re: [RFC PATCH] xfs: check shared state of when CoW, update reflink
flag when io ends
在 2023/3/18 4:35, Darrick J. Wong 写道:
> On Fri, Mar 17, 2023 at 03:59:48AM +0000, Shiyang Ruan wrote:
>> As is mentioned[1] before, the generic/388 will randomly fail with dmesg
>> warning. This case uses fsstress with a lot of random operations. It is hard
>> to reproduce. Finally I found a 100% reproduce condition, which is setting
>> the seed to 1677104360. So I changed the generic/388 code: removed the loop
>> and used the code below instad:
>> ```
>> ($FSSTRESS_PROG $FSSTRESS_AVOID -d $SCRATCH_MNT -v -s 1677104360 -n 221 -p 1 >> $seqres.full) > /dev/null 2>&1
>> ($FSSTRESS_PROG $FSSTRESS_AVOID -d $SCRATCH_MNT -v -s 1677104360 -n 221 -p 1 >> $seqres.full) > /dev/null 2>&1
>> _check_dmesg_for dax_insert_entry
>> ```
>>
>> According to the operations log, and kernel debug log I added, I found that
>> the reflink flag of one inode won't be unset even if there's no more shared
>> extents any more.
>> Then write to this file again. Because of the reflink flag, xfs thinks it
>> needs cow, and extent(called it extA) will be CoWed to a new
>> extent(called it extB) incorrectly. And extA is not used any more,
>> but didn't be unmapped (didn't do dax_disassociate_entry()).
>
> IOWs, dax_iomap_copy_around (or something very near it) should be
> calling dax_disassociate_entry on the source range after copying extA's
> contents to extB to drop its page->shared count?
If extA is a shared extent, its pages will be disassociated correctly by
invalidate_inode_pages2_range() in dax_iomap_iter().
But the problem is that extA is not shared but now be CoWed,
invalidate_inode_pages2_range() is also called but it can't disassociate
the old page (because the page is marked dirty, can't be invalidated)
Is the behavior to do CoW on a non-shared extent allowed?
>
>> The next time we mapwrite to another file, xfs will allocate extA for it,
>> page fault handler do dax_associate_entry(). BUT bucause the extA didn't
>> be unmapped, it still stores old file's info in page->mapping,->index.
>> Then, It reports dmesg warning when it try to sotre the new file's info.
>>
>> So, I think:
>> 1. reflink flag should be updated after CoW operations.
>> 2. xfs_reflink_allocate_cow() should add "if extent is shared" to determine
>> xfs do CoW or not.
>>
>> I made the fix patch, it can resolve the fail of generic/388. But it causes
>> other cases fail: generic/127, generic/263, generic/616, xfs/315 xfs/421. I'm
>> not sure if the fix is right, or I have missed something somewhere. Please
>> give me some advice.
>>
>> Thank you very much!!
>>
>> [1]: https://lore.kernel.org/linux-xfs/1669908538-55-1-git-send-email-ruansy.fnst@fujitsu.com/
>>
>> Signed-off-by: Shiyang Ruan <ruansy.fnst@...itsu.com>
>> ---
>> fs/xfs/xfs_reflink.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
>> fs/xfs/xfs_reflink.h | 2 ++
>> 2 files changed, 46 insertions(+)
>>
>> diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c
>> index f5dc46ce9803..a6b07f5c1db2 100644
>> --- a/fs/xfs/xfs_reflink.c
>> +++ b/fs/xfs/xfs_reflink.c
>> @@ -154,6 +154,40 @@ xfs_reflink_find_shared(
>> return error;
>> }
>>
>> +int xfs_reflink_extent_is_shared(
>> + struct xfs_inode *ip,
>> + struct xfs_bmbt_irec *irec,
>> + bool *shared)
>> +{
>> + struct xfs_mount *mp = ip->i_mount;
>> + struct xfs_perag *pag;
>> + xfs_agblock_t agbno;
>> + xfs_extlen_t aglen;
>> + xfs_agblock_t fbno;
>> + xfs_extlen_t flen;
>> + int error = 0;
>> +
>> + *shared = false;
>> +
>> + /* Holes, unwritten, and delalloc extents cannot be shared */
>> + if (!xfs_bmap_is_written_extent(irec))
>> + return 0;
>> +
>> + pag = xfs_perag_get(mp, XFS_FSB_TO_AGNO(mp, irec->br_startblock));
>> + agbno = XFS_FSB_TO_AGBNO(mp, irec->br_startblock);
>> + aglen = irec->br_blockcount;
>> + error = xfs_reflink_find_shared(pag, NULL, agbno, aglen, &fbno, &flen,
>> + true);
>> + xfs_perag_put(pag);
>> + if (error)
>> + return error;
>> +
>> + if (fbno != NULLAGBLOCK)
>> + *shared = true;
>> +
>> + return 0;
>> +}
>> +
>> /*
>> * Trim the mapping to the next block where there's a change in the
>> * shared/unshared status. More specifically, this means that we
>> @@ -533,6 +567,12 @@ xfs_reflink_allocate_cow(
>> xfs_ifork_init_cow(ip);
>> }
>>
>> + error = xfs_reflink_extent_is_shared(ip, imap, shared);
>> + if (error)
>> + return error;
>> + if (!*shared)
>> + return 0;
>> +
>> error = xfs_find_trim_cow_extent(ip, imap, cmap, shared, &found);
>> if (error || !*shared)
>> return error;
>> @@ -834,6 +874,10 @@ xfs_reflink_end_cow_extent(
>> /* Remove the mapping from the CoW fork. */
>> xfs_bmap_del_extent_cow(ip, &icur, &got, &del);
>>
>> + error = xfs_reflink_clear_inode_flag(ip, &tp);
>
> This will disable COW on /all/ blocks in the entire file, including the
> shared ones. At a bare minimum you'd have to scan the entire data fork
> to ensure there are no shared extents. That's probably why doing this
> causes so many new regressions.
This function will search for shared extent before actually clearing the
flag. If no shared extent found, the flag won't be cleared. The name
of this function is not very accurate.
BTW, in my thought, the reflink flag is to indicate if a file is now
containing any shared extents or not. So, it should be cleared
immediately if no extents shared any more. Is this right?
--
Thanks,
Ruan.
PS: Let me paste the log of failed tests:
generic/127, generic/263, generic/616 are fsx tests. Their fail message
are meaningless. I am looking into their difference between good/bad
results.
xfs/315 0s ... - output mismatch (see
/root/xts/results//dax_reflink/xfs/315.out.bad)
--- tests/xfs/315.out 2022-08-03 10:56:02.696212673 +0800
+++ /root/xts/results//dax_reflink/xfs/315.out.bad 2023-03-20
17:48:01.780369739 +0800
@@ -7,7 +7,6 @@
Inject error
CoW a few blocks
FS should be shut down, touch will fail
-touch: cannot touch 'SCRATCH_MNT/badfs': Input/output error
Remount to replay log
FS should be online, touch should succeed
Check files again
...
(Run 'diff -u /root/xts/tests/xfs/315.out
/root/xts/results//dax_reflink/xfs/315.out.bad' to see the entire diff)
xfs/421 1s ... - output mismatch (see
/root/xts/results//dax_reflink/xfs/421.out.bad)
--- tests/xfs/421.out 2022-08-03 10:56:02.706212718 +0800
+++ /root/xts/results//dax_reflink/xfs/421.out.bad 2023-03-20
17:48:02.222369739 +0800
@@ -14,8 +14,6 @@
Whence Result
DATA 0
HOLE 131072
-DATA 196608
-HOLE 262144
Compare files
c2803804acc9936eef8aab42c119bfac SCRATCH_MNT/test-421/file1
...
(Run 'diff -u /root/xts/tests/xfs/421.out
/root/xts/results//dax_reflink/xfs/421.out.bad' to see the entire diff)
>
> --D
>
>> + if (error)
>> + goto out_cancel;
>> +
>> error = xfs_trans_commit(tp);
>> xfs_iunlock(ip, XFS_ILOCK_EXCL);
>> if (error)
>> diff --git a/fs/xfs/xfs_reflink.h b/fs/xfs/xfs_reflink.h
>> index 65c5dfe17ecf..d5835814bce6 100644
>> --- a/fs/xfs/xfs_reflink.h
>> +++ b/fs/xfs/xfs_reflink.h
>> @@ -16,6 +16,8 @@ static inline bool xfs_is_cow_inode(struct xfs_inode *ip)
>> return xfs_is_reflink_inode(ip) || xfs_is_always_cow_inode(ip);
>> }
>>
>> +int xfs_reflink_extent_is_shared(struct xfs_inode *ip,
>> + struct xfs_bmbt_irec *irec, bool *shared);
>> extern int xfs_reflink_trim_around_shared(struct xfs_inode *ip,
>> struct xfs_bmbt_irec *irec, bool *shared);
>> int xfs_bmap_trim_cow(struct xfs_inode *ip, struct xfs_bmbt_irec *imap,
>> --
>> 2.39.2
>>
Powered by blists - more mailing lists