Received: by 10.223.176.5 with SMTP id f5csp4222277wra; Tue, 30 Jan 2018 04:07:51 -0800 (PST) X-Google-Smtp-Source: AH8x226+ht6rOxQo/i4hfkRlH8mOTa9sOafDIybPpyRhyBvSur95l/lT96uKw7vvWWI5qvFliFRv X-Received: by 2002:a17:902:7c97:: with SMTP id y23-v6mr25155676pll.439.1517314070984; Tue, 30 Jan 2018 04:07:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517314070; cv=none; d=google.com; s=arc-20160816; b=CCy+Q93DlXF0J2zY0JvcLx1vH5sUoz1LqVBPELt+fCzVm1b4wnFJGl3M0QXHGHG54A +ZZnf403ElVIZCxEuI1bTopaoEIaKyTRTppAlwdpUOTssrlmUI/0P+oabFfLMQgeHDA9 1wLuac9LzeltxUkgMhBdS4Wz0RGWlyQyum8AC1MfXn2NbnSJHvtX0A73mLVfpSkjOmtM TNAWKlXOT23zO6l0euVGGjUkUHsQU5xyqdhdSpNRET2dhd4Glh4pONHtuY1jTcoyBqRu dcP7PFxau7gF4DZAuYByr8pbghqCgEpuMQN9CzFt7GFDX1oJRI+hX2Eq9TU3AgD9Bg2H 1bjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :arc-authentication-results; bh=aTGlqov1aJ0keaHR6r5Mah8k2uZMumPEW4z/lXMQDGs=; b=T8K6FAMcJRH63s/KEKEJisZCAoDaEkuWMVz0fJ3azICSBh/mpBWDCatqOPpdXui7Hh qt8dy72AVHl7bAIfKfmYeFoNBnMivTQ0H3mJtrr4kDTHy7Wd/VVslfJlXIcdMyTZuEpN BOQj9I20u0zOglxh/9/wrYkl+xyCLglrbd1eA6Hbi0pAraLpVSXuv/MjNMGLPPhk04Dl mpsXXhW8LOFjs7GS7G+hj+i+vOTRW15xBttSrF7SZRbd0Mv8Pp53hRiVpyir7//1A2m6 UdhUOSCSAI5jqPffKW8UmLyLoFpv9EDxJpF5R4nL2o9NhBL7P/58WiUVzcyISzmvKLz5 jTag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 9-v6si2032980plb.509.2018.01.30.04.07.36; Tue, 30 Jan 2018 04:07:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751727AbeA3MFy (ORCPT + 99 others); Tue, 30 Jan 2018 07:05:54 -0500 Received: from mail-qk0-f171.google.com ([209.85.220.171]:33374 "EHLO mail-qk0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751451AbeA3MFv (ORCPT ); Tue, 30 Jan 2018 07:05:51 -0500 Received: by mail-qk0-f171.google.com with SMTP id i141so9728983qke.0 for ; Tue, 30 Jan 2018 04:05:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=aTGlqov1aJ0keaHR6r5Mah8k2uZMumPEW4z/lXMQDGs=; b=XTnCO/JfdbQ8NsA1T7+wFNw9iUqnb7MBcgxkeZF6w688M/GUcnhh2kkrlID5Mh+cZW bipIaAWiofZoa7J80X9AiHc+JoEuCgIkdmtHoTphI9TxTr2pz0QHdDA1TMbee6vcbvQQ JP/CBsVexeENbbf6xhehGgQ+Xr1tHZGHhAYm7ei5me3fTo2sqLJNfHuyZwCmHi1t3PFT 90XJqtbinlh88FNg3ZIlHCdf0xbzTa58R8ZcZ1+TqzJqQIO/gKlBXGI5s/x/+bPrxNG/ lP0nnmnAwAlmpsJYn0u9Qc7EVHjUX4Z4D74kEEvFtOMGd3fGaN8zRBFlYumOy63W3Bid tl4g== X-Gm-Message-State: AKwxytdDiEN9hCjHIMZamCoO1LEZOEs3ladkATIzxz/btqCnw6QEMatE hcvI21QWCHefIdYw408ZrfAgFw== X-Received: by 10.55.41.214 with SMTP id p83mr41171013qkp.183.1517313950473; Tue, 30 Jan 2018 04:05:50 -0800 (PST) Received: from tleilax.poochiereds.net (cpe-71-70-156-158.nc.res.rr.com. [71.70.156.158]) by smtp.gmail.com with ESMTPSA id u55sm11859626qtk.18.2018.01.30.04.05.49 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 30 Jan 2018 04:05:49 -0800 (PST) Message-ID: <1517313948.3658.8.camel@redhat.com> Subject: Re: [GIT PULL] inode->i_version rework for v4.16 From: Jeff Layton To: Linus Torvalds Cc: open list , "" , Al Viro , xfs , "open list:NFS, SUNRPC, AND..." , linux-btrfs , linux-integrity , Andrew Morton , "linux-ext4@vger.kernel.org" Date: Tue, 30 Jan 2018 07:05:48 -0500 In-Reply-To: References: <1517228795.5965.24.camel@redhat.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.4 (3.26.4-1.fc27) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2018-01-29 at 13:50 -0800, Linus Torvalds wrote: > On Mon, Jan 29, 2018 at 4:26 AM, Jeff Layton wrote: > > > > This pile of patches is a rework of the inode->i_version field. We have > > traditionally incremented that field on every inode data or metadata > > change. Typically this increment needs to be logged on disk even when > > nothing else has changed, which is rather expensive. > > Hmm. I have pulled this, but it is really really broken in one place, > to the degree that I always went "no, I won't pull this garbage". > > But the breakage is potential, not actual, and can be fixed trivially, > so I'll let it slide - but I do require it to be fixed. And I require > people to *think* about it. > > So what's to horribly horribly wrong? > > The inode_cmp_iversion{+raw}() functions are pure and utter crap. > > Why? > > You say that they return 0/negative/positive, but they do so in a > completely broken manner. They return that ternary value as the > sequence number difference in a 's64', which means that if you > actually care about that ternary value, and do the *sane* thing that > the kernel-doc of the function implies is the right thing, you would > do > > int cmp = inode_cmp_iversion(inode, old); > > if (cmp < 0 ... > > and as a result you get code that looks sane, but that doesn't > actually *WORK* right. > My intent here was to have this handle wraparound using the same sort of method that the time_before/time_after macros do. Obviously, I didn't document that well. I want to make sure I understand what's actually broken here thoug. Is it only broken when the two values are more than 2**63 apart, or is there something else more fundamentally wrong here? > To make it even worse, it will actually work in practice by accident > in 99.99999% of all cases, so now you have > > (a) subtly buggy code > (b) that looks fine > (c) and that works in testing > > which is just about the worst possible case for any code. The > interface is simply garbage that encourages bugs. > > And the bug wouldn't be in the user, the bug would be in this code you > just sent me. The interface is simply wrong. > > So this absolutely needs to be fixed. I see two fixes: > > - just return a boolean. That's all that any current user actually > wants, so the ternary value seems pointless. > > - make it return an 'int', and not just any int, but -1/0/1. That way > there is no worry about uses, and if somebody *really* cares about the > ternary value, they can now use a "switch" statement to get it > (alternatively, make it return an enum, but whatever). > > That "ternary" function that has 18446744069414584320 incorrect return > values really is unacceptable. > I think I'll just make it return a boolean value like you suggested first. I'll send a patch to fix it once I've done some basic testing with it. Many thanks, -- Jeff Layton