Re: [PATCH 09/19] VFS: add _async versions of the various directory modifying inode_operations

[Al Viro]

On Thu, Feb 06, 2025 at 04:42:46PM +1100, NeilBrown wrote:
> These "_async" versions of various inode operations are only guaranteed
> a shared lock on the directory but if the directory isn't exclusively
> locked then they are guaranteed an exclusive lock on the dentry within
> the directory (which will be implemented in a later patch).
> 
> This will allow a graceful transition from exclusive to shared locking
> for directory updates, and even to async updates which can complete with
> no lock on the directory - only on the dentry.

I'm sorry, but I don't buy the "complete with no lock on directory"
part - not without a verifiable proof of correctness of the locking
scheme.  Especially if you are putting rename into the mix.

And your method prototypes pretty much bake that in.

*IF* we intend to try going that way (and I'm not at all convinced
that it's feasible - locking aside, there's also a shitload of fun
with fsnotify, audit, etc.), let's make those new methods take
a single argument - something like struct mkdir_args, etc., with
inlines for extracting individual arguments out of that.  Yes, it's
ugly, but it allows later changes without a massive headache on
each calling convention modification.

Said that, an explicit description of locking scheme and a proof of
correctness (at least on the "it can't deadlock" level) is, IMO,
a hard requirement for the entire thing, async or no async.

We *do* have such for the current locking scheme.