Re: fall back from direct to buffered I/O when stable writes are required

Next message: Simon Horman: "Re: [PATCH v2] ksmbd: server: avoid busy polling in accept loop"
Previous message: Peter Griffin: "Re: [PATCH 1/2] dt-bindings: soc: samsung: exynos-pmu: remove syscon for google,gs101-pmu"
In reply to: Kevin Wolf: "Re: fall back from direct to buffered I/O when stable writes are required"
Next in thread: Kevin Wolf: "Re: fall back from direct to buffered I/O when stable writes are required"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Christoph Hellwig

Date: Fri Nov 14 2025 - 07:02:00 EST

On Fri, Nov 14, 2025 at 10:29:39AM +0100, Kevin Wolf wrote:
> Right, but since this is direct I/O and the approach with only declaring
> I/O from the page cache safe without a bounce buffer means that RAID has
> to use a bounce buffer here anyway (with or without PI), doesn't this
> automatically solve it?
>
> So if it's only PI, it's the problem of userspace, and if you add RAID
> on top, then the normal rules for RAID apply. (And that the buffer
> doesn't get modified and PI doesn't become invalid until RAID does its
> thing is still a userspace problem.)

Well, only if we have different levels of I/O stability guarantees:

Level 0
- trusted caller guarantees pages are stable (buffered I/O,
in-kernel direct I/O callers that control the buffer)

Level 1:
- untrusted caller declares the pages are stable
(direct I/O with PI)

Level 2:
- no one guarantees nothing
(other direct I/O directly or indirectly fed from userspace)

PI formatted devices would only bounce for 1, parity would bounce for
1 and 2. Software checksums could probably get away with only 1,
although 2 would feel safer.