Re: [PATCH 2/3] afs: Fix afs_write_end() to handle short writes
From: Al Viro
Date: Thu Jun 17 2021 - 23:40:49 EST
On Mon, Jun 14, 2021 at 02:46:03PM +0100, Matthew Wilcox wrote:
> On Mon, Jun 14, 2021 at 02:37:12PM +0100, David Howells wrote:
> > Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
> >
> > > > (1) If the page is not up to date, then we should just return 0
> > > > (ie. indicating a zero-length copy). The loop in
> > > > generic_perform_write() will go around again, possibly breaking up the
> > > > iterator into discrete chunks.
> > >
> > > Does this actually work? What about the situation where you're reading
> > > the last page of a file and thus (almost) always reading fewer bytes
> > > than a PAGE_SIZE?
> >
> > Al Viro made such a change for Ceph - and we're writing, not reading.
>
> I'd feel better if you said "xfstests doesn't show any new problems"
> than arguing to authority.
>
> I know the operation which triggers this path is a call to write(),
> but if, say, the file is 32 bytes long, not in cache, and you write
> bytes 32-63, the client must READ bytes 0-31 from the server, which
> is less than a full page.
[as commented on IRC several days ago]
Short copy has nothing to do with destination; it's about failures on
source - e.g. source page we'd prefaulted before locking the destination
got evicted by the time we got around to copying; we can't afford
page faults while holding some pages locked, so we do it with
pagefault_disable() and get a short copy on #PF.
The story with short copies is this:
* write() is about to copy the next chunk of data into
page cache of the file we are writing into. We have decided what
part of the destination page will be copied over, faulted the
source in and locked the destination page.
* if the page is not uptodate, we might need to read
some parts before copying new data into it; the work that needs
to be done depends upon the part of page we are going to overwrite.
E.g. if we are going to copy over the entire thing, we do
_not_ want to bother reading anything into it - if copying
works, we'll destroy the previous contents anyway.
That's what ->write_begin() is about - it should
do whatever's needed in preparation to copying new data.
* NOW we can copy the data. Hopefully the copy will
be successful (i.e. we don't run into evicted source pages,
memory errors, races with munmap(), etc.), but it might fail
halfway through - we are doing that part with page faults
disabled.
* finally we can do write to disk/server/whatnot.
That's what ->write_end() is for. Ideally, it'll just
send the newly copied data on its way. However, in case of
short copy we might have problems. Consider e.g. a block
filesystem that has 4 blocks per page; the chunk we were
going to write went from the middle of the 1st to the
middle of the 4th block. ->write_begin() made sure that
1st and 4th blocks had been uptodate. It had not bothered
with the 2nd and the 3rd blocks, since we were going to
overwrite them anyway. And had the copy succeeded, we'd
be fine - page fully uptodate, can write the data to
disk and be done with that. However, the copy failed
halfway through the 3rd block. What do we have?
1st block: uptodate, partly old data, partly new one.
2nd block: uptodate, new data
3rd block: beginning is filled with new data, garbage in the rest
4th block: uptodate, old data.
What to do? Everything up to the beginning of the 3rd block
is fine, but the 3rd one is a hopeless mess. We can't write it
out - the garbage would end up on disk. We can't replace the
garbage with valid data without reading it from disk - and that'll
lose the new data we'd managed to copy there.
The best we can do in such situation is to treat that as
having advanced to the beginning of the third block, despite
having copied more than that. The caller (generic_perform_write())
will choose the next chunk starting at that point (beginning of
the 3rd block) and repeat the whole sequence for that chunk,
including the fault-in.
So ->write_end() gets 3 numbers - two describing the range we
prepared for (what ->write_begin() had received) and the third
telling how much had been actually copied. Again, "short copy"
here does not refer to any preparations done by ->write_begin() -
it's about having told ->write_begin() we would copy over given
range and only managing to fill a part of that range.
Note that if page is uptodate, we are fine - _everything_
in that page matches what we want in file, so we can deal with
sending it to disk/server/whatnot. If there'd been a short
copy the caller will obviously need to continue from the point
where the copy stopped, but that's not our problem.
What to do in case of short copy into non-uptodate page is
up to filesystem. Saying "sod it, I'm not taking any of
that, just repeat the entire thing" is always fine. We might
do better than that (see above for one such example), but
the caller will be OK if we don't. It's a rare case, and
you either need something like race with munmap() of part of
source buffer from another thread or severe memory pressure
for that to trigger in the first place.