Matthew Wilcox
2020-Feb-19 06:04 UTC
[Ocfs2-devel] [PATCH v6 17/19] iomap: Restructure iomap_readpages_actor
On Wed, Feb 19, 2020 at 02:29:00PM +1100, Dave Chinner wrote:> On Mon, Feb 17, 2020 at 10:46:11AM -0800, Matthew Wilcox wrote: > > @@ -418,6 +412,15 @@ iomap_readpages_actor(struct inode *inode, loff_t pos, loff_t length, > > } > > ret = iomap_readpage_actor(inode, pos + done, length - done, > > ctx, iomap, srcmap); > > + if (WARN_ON(ret == 0)) > > + break; > > This error case now leaks ctx->cur_page....Yes ... and I see the consequence. I mean, this is a "shouldn't happen", so do we want to put effort into cleanup here ...> > @@ -451,11 +454,7 @@ iomap_readpages(struct address_space *mapping, struct list_head *pages, > > done: > > if (ctx.bio) > > submit_bio(ctx.bio); > > - if (ctx.cur_page) { > > - if (!ctx.cur_page_in_bio) > > - unlock_page(ctx.cur_page); > > - put_page(ctx.cur_page); > > - } > > + BUG_ON(ctx.cur_page); > > And so will now trigger both a warn and a bug....... or do we just want to run slap bang into this bug? Option 1: Remove the check for 'ret == 0' altogether, as we had it before. That puts us into endless loop territory for a failure mode, and it's not parallel with iomap_readpage(). Option 2: Remove the WARN_ON from the check. Then we just hit the BUG_ON, but we don't know why we did it. Option 3: Set cur_page to NULL. We'll hit the WARN_ON, avoid the BUG_ON, might end up with a page in the page cache which is never unlocked. Option 4: Do the unlock/put page dance before setting the cur_page to NULL. We might double-unlock the page. There are probably other options here too.
Dave Chinner
2020-Feb-19 06:40 UTC
[Ocfs2-devel] [PATCH v6 17/19] iomap: Restructure iomap_readpages_actor
On Tue, Feb 18, 2020 at 10:04:15PM -0800, Matthew Wilcox wrote:> On Wed, Feb 19, 2020 at 02:29:00PM +1100, Dave Chinner wrote: > > On Mon, Feb 17, 2020 at 10:46:11AM -0800, Matthew Wilcox wrote: > > > @@ -418,6 +412,15 @@ iomap_readpages_actor(struct inode *inode, loff_t pos, loff_t length, > > > } > > > ret = iomap_readpage_actor(inode, pos + done, length - done, > > > ctx, iomap, srcmap); > > > + if (WARN_ON(ret == 0)) > > > + break; > > > > This error case now leaks ctx->cur_page.... > > Yes ... and I see the consequence. I mean, this is a "shouldn't happen", > so do we want to put effort into cleanup here ...Well, the normal thing for XFS is that a production kernel cleans up and handles the error gracefully with a WARN_ON_ONCE, while a debug kernel build will chuck a tanty and burn the house down so to make the developers aware that there is a "should not happen" situation occurring....> > > @@ -451,11 +454,7 @@ iomap_readpages(struct address_space *mapping, struct list_head *pages, > > > done: > > > if (ctx.bio) > > > submit_bio(ctx.bio); > > > - if (ctx.cur_page) { > > > - if (!ctx.cur_page_in_bio) > > > - unlock_page(ctx.cur_page); > > > - put_page(ctx.cur_page); > > > - } > > > + BUG_ON(ctx.cur_page); > > > > And so will now trigger both a warn and a bug.... > > ... or do we just want to run slap bang into this bug? > > Option 1: Remove the check for 'ret == 0' altogether, as we had it before. > That puts us into endless loop territory for a failure mode, and it's not > parallel with iomap_readpage(). > > Option 2: Remove the WARN_ON from the check. Then we just hit the BUG_ON, > but we don't know why we did it. > > Option 3: Set cur_page to NULL. We'll hit the WARN_ON, avoid the BUG_ON, > might end up with a page in the page cache which is never unlocked.None of these are appealing.> Option 4: Do the unlock/put page dance before setting the cur_page to NULL. > We might double-unlock the page.why would we double unlock the page? Oh, the readahead cursor doesn't handle the case of partial page submission, which would result in IO completion unlocking the page. Ok, that's what the ctx.cur_page_in_bio check is used to detect i.e. if we've got a page that the readahead cursor points at, and we haven't actually added it to a bio, then we can leave it to the read_pages() to unlock and clean up. If it's in a bio, then IO completion will unlock it and so we only have to drop the submission reference and move the readahead cursor forwards so read_pages() doesn't try to unlock this page. i.e: /* clean up partial page submission failures */ if (ctx.cur_page && ctx.cur_page_in_bio) { put_page(ctx.cur_page); readahead_next(rac); } looks to me like it will handle the case of "ret == 0" in the actor function just fine. Cheers, Dave. -- Dave Chinner david at fromorbit.com