Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2526764pxj; Mon, 14 Jun 2021 00:20:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzv+PPsrPLZa3pMqKk4n86do/wco4qj+GCYwWU24db4mWsdeAk7Dlsw7hCFv2Wry7ATuASl X-Received: by 2002:a17:906:b0c8:: with SMTP id bk8mr14195128ejb.412.1623655222078; Mon, 14 Jun 2021 00:20:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623655222; cv=none; d=google.com; s=arc-20160816; b=Ackt2Ymrs371PmRK4xZz7C9hpD2lPEncRwm9S1/xt4LbO6KgwJobCzu8cRq6j8VZ5r 3WFLnc+JmJYpwQFpkFFmOPocf/HJ1ugiwEL9ay+EAoRZ5B1UGHvH+ZcPrx7KeP04RyMV amRS+Ux2lDHGBacZFX0Ay6/vEIa6b3ylCjH6Aj8StEDBRB/418fEQcHRdfSy5eh3Lan8 2y2vh3cojq+YGGJZIa6WtYumVzX8QxesEWVeHMNykV88rO3pvXtL58utTxkOICDbU/nJ uMOZ3HMqm9Fe+zT0evo+zl2Rcq4hbyicKGvQgCe4DFMGpOeyZxq01oVIC6jEYDb6bsyp 5thA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature:dkim-signature; bh=4fr5SDHy37EcRezWa7kOUkmOhocGu42HH+g7wJIzW7s=; b=UmU6HpC+x3k4AQLWxqZtFUZfWpnI+5TDqgIgItdYk2jGDdq4j8V8qGPJfNVXuhaIfp dUbaNUvp38TA3Ske2wx/2b/pPSaw8NDDZfBn53DDkE3GcKGBmJLVfWspc9+MSDb4+bZ2 /xdiqmEeXrWnO/URCsXF/QmmQ+L8A2Le3sDjVqtjrZ95OfcBsmPw4vcB25LgIDlxWXYq mZeIN4aTtGL7klLA3Zpli90QzgmkaAjc/ND2jw2ee5TLAPk7994VRSxTAY1OGe6AXtx6 EWYMBsqVEQiwzu4aKId0qnh5jAMiXZTFTs2bcTnlFEjGCMc2tjmNqFgU0IMCYDgaw2Tg 1Fhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@themaw.net header.s=fm3 header.b=uuiugjIQ; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=QCWThDql; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e6si10341273ejk.740.2021.06.14.00.19.58; Mon, 14 Jun 2021 00:20:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@themaw.net header.s=fm3 header.b=uuiugjIQ; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=QCWThDql; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232454AbhFNHTF (ORCPT + 99 others); Mon, 14 Jun 2021 03:19:05 -0400 Received: from new2-smtp.messagingengine.com ([66.111.4.224]:41851 "EHLO new2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232498AbhFNHTD (ORCPT ); Mon, 14 Jun 2021 03:19:03 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailnew.nyi.internal (Postfix) with ESMTP id 4802E580C24; Mon, 14 Jun 2021 03:17:01 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Mon, 14 Jun 2021 03:17:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=themaw.net; h= message-id:subject:from:to:cc:date:in-reply-to:references :content-type:mime-version:content-transfer-encoding; s=fm3; bh= 4fr5SDHy37EcRezWa7kOUkmOhocGu42HH+g7wJIzW7s=; b=uuiugjIQd2Bp5F5j BbUbhj2GCMiagWlQsQJCJ3E/dpPrZA7dpgCKFZmLBrhWeN9wTL2MkLn6ZPWfA/6e 55It0KVGjfeiv75nyNNaWMdO0XtV1Knk9wX/td1ZNX8TPZgnvUeXlucTD71qFd23 2ABtLnMeqACJXXWFi9EC6rBPeNZdtBazmV9OjzmfAbhwJvJGLJKEYuYeheVryeI3 Vc1UpI/zrEjGTkSyWZGDyWJQr9ao94Om11KMEIjongp5/l2wmUnXTkIYYS92FLmQ lumz9A4tMJYeynSXCBzCjAbsMjTjsd2f96GT1Kip2eYVpoYznFac/aBRmk/km/ru npl/9g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=4fr5SDHy37EcRezWa7kOUkmOhocGu42HH+g7wJIzW 7s=; b=QCWThDqlgfklmmLHwVZq1lMX2RWQ27cl1yuE9aT4bRXBPmDG2mtSVined gdRZz7mRNKZ+bSxoxwJXudh/ZCmVD6JEFG+ngGF7iVkF6p/qZrqRwaMu/xT7pbzA 1JDvlKPyZD5LzasALha25qxpBUXT1+s35b0cPRSWKCp5nB68vV+wyQfiGvs/zDOM jzIgsXwJQdUPtrlfj3ll26HK2eZBy8l3MeyAYfZM/RsBRnGKvQpMPrfk3vqXE6YL bM1vweJ7ZZy3QGw9JUBVUiLzh68i3OJi4T2E1zAQnaOxb8z6tx1921E92JxnJgs6 Zjj1jVyEvuojrI60YDd0sUTeRJHMg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfedvgedgudduhecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefkuffhvfffjghftggfggfgsehtkeertddtreejnecuhfhrohhmpefkrghn ucfmvghnthcuoehrrghvvghnsehthhgvmhgrfidrnhgvtheqnecuggftrfgrthhtvghrnh epgfelleekteehleegheeujeeuudfhueffgfelhefgvedthefhhffhhfdtudfgfeehnecu vehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprhgrvhgvnh esthhhvghmrgifrdhnvght X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 14 Jun 2021 03:16:55 -0400 (EDT) Message-ID: <83baef7ddeaf9d60885933683eeaff8511eff10e.camel@themaw.net> Subject: Re: [PATCH v6 5/7] kernfs: use i_lock to protect concurrent inode updates From: Ian Kent To: Al Viro Cc: Greg Kroah-Hartman , Tejun Heo , Eric Sandeen , Fox Chen , Brice Goglin , Rick Lindsley , David Howells , Miklos Szeredi , Marcelo Tosatti , "Eric W. Biederman" , Carlos Maiolino , linux-fsdevel , Kernel Mailing List Date: Mon, 14 Jun 2021 15:16:51 +0800 In-Reply-To: <4172edfc1e66a96efe687e94c18710682406f5d5.camel@themaw.net> References: <162322846765.361452.17051755721944717990.stgit@web.messagingengine.com> <162322868275.361452.17585267026652222121.stgit@web.messagingengine.com> <43fe46a18bdc2e46f62a07f1e4a9b3d042ef3c01.camel@themaw.net> <4172edfc1e66a96efe687e94c18710682406f5d5.camel@themaw.net> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.4 (3.38.4-1.fc33) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2021-06-14 at 14:52 +0800, Ian Kent wrote: > On Mon, 2021-06-14 at 09:32 +0800, Ian Kent wrote: > > On Sat, 2021-06-12 at 01:45 +0000, Al Viro wrote: > > > On Wed, Jun 09, 2021 at 04:51:22PM +0800, Ian Kent wrote: > > > > The inode operations .permission() and .getattr() use the > > > > kernfs > > > > node > > > > write lock but all that's needed is to keep the rb tree stable > > > > while > > > > updating the inode attributes as well as protecting the update > > > > itself > > > > against concurrent changes. > > > > > > Huh?  Where does it access the rbtree at all?  Confused... > > > > > > > diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c > > > > index 3b01e9e61f14e..6728ecd81eb37 100644 > > > > --- a/fs/kernfs/inode.c > > > > +++ b/fs/kernfs/inode.c > > > > @@ -172,6 +172,7 @@ static void kernfs_refresh_inode(struct > > > > kernfs_node *kn, struct inode *inode) > > > >  { > > > >         struct kernfs_iattrs *attrs = kn->iattr; > > > >   > > > > +       spin_lock(&inode->i_lock); > > > >         inode->i_mode = kn->mode; > > > >         if (attrs) > > > >                 /* > > > > @@ -182,6 +183,7 @@ static void kernfs_refresh_inode(struct > > > > kernfs_node *kn, struct inode *inode) > > > >   > > > >         if (kernfs_type(kn) == KERNFS_DIR) > > > >                 set_nlink(inode, kn->dir.subdirs + 2); > > > > +       spin_unlock(&inode->i_lock); > > > >  } > > > > > > Even more so - just what are you serializing here?  That code > > > synchronizes inode > > > metadata with those in kernfs_node.  Suppose you've got two > > > threads > > > doing > > > ->permission(); the first one gets through kernfs_refresh_inode() > > > and > > > goes into > > > generic_permission().  No locks are held, so > > > kernfs_refresh_inode() > > > from another > > > thread can run in parallel with generic_permission(). > > > > > > If that's not a problem, why two kernfs_refresh_inode() done in > > > parallel would > > > be a problem? > > > > > > Thread 1: > > >         permission > > >                 done refresh, all locks released now > > > Thread 2: > > >         change metadata in kernfs_node > > > Thread 2: > > >         permission > > >                 goes into refresh, copying metadata into inode > > > Thread 1: > > >                 generic_permission() > > > No locks in common between the last two operations, so > > > we generic_permission() might see partially updated metadata. > > > Either we don't give a fuck (in which case I don't understand > > > what purpose does that ->i_lock serve) *or* we need the exclusion > > > to cover a wider area. > > > > This didn't occur to me, obviously. > > > > It seems to me this can happen with the original code too although > > using a mutex might reduce the likelihood of it happening. > > > > Still ->permission() is meant to be a read-only function so the VFS > > shouldn't need to care about it. > > > > Do you have any suggestions on how to handle this. > > Perhaps the only way is to ensure the inode is updated only in > > functions that are expected to do this. > > IIRC Greg and Tejun weren't averse to adding a field to the > struct kernfs_iattrs, but there were concerns about increasing > memory usage. > > Because of this I think the best way to handle this would be to > broaden the scope of the i_lock to cover the generic calls in > kernfs_iop_getattr() and kernfs_iop_permission(). The only other > call to kernfs_refresh_inode() is at inode initialization and > then only for I_NEW inodes so that should be ok. Also both > generic_permission() and generic_fillattr() are reading from the > inode so not likely to need to take the i_lock any time soon (is > this a reasonable assumption Al?). > > Do you think this is a sensible way to go Al? Unless of course we don't care about taking a lock here at all, Greg, Tejun? Ian