Re: [PATCH v7 2/8] dax: Introduce holder for dax_device

2021-10-19 Thread Shiyang Ruan




在 2021/10/15 2:00, Darrick J. Wong 写道:

On Fri, Sep 24, 2021 at 09:09:53PM +0800, Shiyang Ruan wrote:

To easily track filesystem from a pmem device, we introduce a holder for
dax_device structure, and also its operation.  This holder is used to
remember who is using this dax_device:
  - When it is the backend of a filesystem, the holder will be the
superblock of this filesystem.
  - When this pmem device is one of the targets in a mapped device, the
holder will be this mapped device.  In this case, the mapped device
has its own dax_device and it will follow the first rule.  So that we
can finally track to the filesystem we needed.

The holder and holder_ops will be set when filesystem is being mounted,
or an target device is being activated.

Signed-off-by: Shiyang Ruan 
---
  drivers/dax/super.c | 59 +
  include/linux/dax.h | 29 ++
  2 files changed, 88 insertions(+)

diff --git a/drivers/dax/super.c b/drivers/dax/super.c
index 48ce86501d93..7d4a11dcba90 100644
--- a/drivers/dax/super.c
+++ b/drivers/dax/super.c
@@ -23,7 +23,10 @@
   * @cdev: optional character interface for "device dax"
   * @host: optional name for lookups where the device path is not available
   * @private: dax driver private data
+ * @holder_data: holder of a dax_device: could be filesystem or mapped device
   * @flags: state and boolean properties
+ * @ops: operations for dax_device
+ * @holder_ops: operations for the inner holder
   */
  struct dax_device {
struct hlist_node list;
@@ -31,8 +34,10 @@ struct dax_device {
struct cdev cdev;
const char *host;
void *private;
+   void *holder_data;
unsigned long flags;
const struct dax_operations *ops;
+   const struct dax_holder_operations *holder_ops;
  };
  
  static dev_t dax_devt;

@@ -374,6 +379,29 @@ int dax_zero_page_range(struct dax_device *dax_dev, 
pgoff_t pgoff,
  }
  EXPORT_SYMBOL_GPL(dax_zero_page_range);
  
+int dax_holder_notify_failure(struct dax_device *dax_dev, loff_t offset,

+ size_t size, int flags)
+{
+   int rc;
+
+   dax_read_lock();
+   if (!dax_alive(dax_dev)) {
+   rc = -ENXIO;
+   goto out;
+   }
+
+   if (!dax_dev->holder_data) {
+   rc = -EOPNOTSUPP;
+   goto out;
+   }
+
+   rc = dax_dev->holder_ops->notify_failure(dax_dev, offset, size, flags);


Shouldn't this check if dax_dev->holder_ops != NULL before dereferencing
it for the function call?  Imagine an implementation that wants to
attach a ->notify_failure function to a dax_device, maintains its own
lookup table, and decides that it doesn't need to set holder_data.

(Or, imagine someone who writes a garbage into holder_data and *boom*)


My mistake. I should check @holder_ops instead of @holder_data.



How does the locking work here?  If there's a media failure, we'll take
dax_rwsem and call ->notify_failure.  If the ->notify_failure function
wants to access the pmem to handle the error by calling back into the
dax code, will that cause nested locking on dax_rwsem?


Won't for now.  I have tested it with my simple testcases.


Jumping ahead a bit, I think the rmap btree accesses that the xfs
implementation performs can cause xfs_buf(fer) cache IO, which would
trigger that if the buffers aren't already in memory, if I'm reading
this correctly?


I didn't think of this case.  But I think this uses read lock too.  It 
won't be blocked.  Only dax_set_holder() takes write lock.





+out:
+   dax_read_unlock();
+   return rc;
+}
+EXPORT_SYMBOL_GPL(dax_holder_notify_failure);
+
  #ifdef CONFIG_ARCH_HAS_PMEM_API
  void arch_wb_cache_pmem(void *addr, size_t size);
  void dax_flush(struct dax_device *dax_dev, void *addr, size_t size)
@@ -618,6 +646,37 @@ void put_dax(struct dax_device *dax_dev)
  }
  EXPORT_SYMBOL_GPL(put_dax);
  
+void dax_set_holder(struct dax_device *dax_dev, void *holder,

+   const struct dax_holder_operations *ops)
+{
+   dax_write_lock();
+   if (!dax_alive(dax_dev)) {
+   dax_write_unlock();
+   return;
+   }
+
+   dax_dev->holder_data = holder;
+   dax_dev->holder_ops = ops;
+   dax_write_unlock();


I guess this means that the holder has to detach itself before anyone
calls kill_dax, or else a dead dax device ends up with a dangling
reference to the holder?


Yes.




+}
+EXPORT_SYMBOL_GPL(dax_set_holder);
+
+void *dax_get_holder(struct dax_device *dax_dev)
+{
+   void *holder;
+
+   dax_read_lock();
+   if (!dax_alive(dax_dev)) {
+   dax_read_unlock();
+   return NULL;
+   }
+
+   holder = dax_dev->holder_data;
+   dax_read_unlock();
+   return holder;
+}
+EXPORT_SYMBOL_GPL(dax_get_holder);
+
  /**
   * inode_dax: convert a public inode into its dax_dev
   * @inode: An inode with i_cdev pointing to a dax_dev
diff --git a/incl

Re: [PATCH v7 2/8] dax: Introduce holder for dax_device

2021-10-14 Thread Darrick J. Wong
On Fri, Sep 24, 2021 at 09:09:53PM +0800, Shiyang Ruan wrote:
> To easily track filesystem from a pmem device, we introduce a holder for
> dax_device structure, and also its operation.  This holder is used to
> remember who is using this dax_device:
>  - When it is the backend of a filesystem, the holder will be the
>superblock of this filesystem.
>  - When this pmem device is one of the targets in a mapped device, the
>holder will be this mapped device.  In this case, the mapped device
>has its own dax_device and it will follow the first rule.  So that we
>can finally track to the filesystem we needed.
> 
> The holder and holder_ops will be set when filesystem is being mounted,
> or an target device is being activated.
> 
> Signed-off-by: Shiyang Ruan 
> ---
>  drivers/dax/super.c | 59 +
>  include/linux/dax.h | 29 ++
>  2 files changed, 88 insertions(+)
> 
> diff --git a/drivers/dax/super.c b/drivers/dax/super.c
> index 48ce86501d93..7d4a11dcba90 100644
> --- a/drivers/dax/super.c
> +++ b/drivers/dax/super.c
> @@ -23,7 +23,10 @@
>   * @cdev: optional character interface for "device dax"
>   * @host: optional name for lookups where the device path is not available
>   * @private: dax driver private data
> + * @holder_data: holder of a dax_device: could be filesystem or mapped device
>   * @flags: state and boolean properties
> + * @ops: operations for dax_device
> + * @holder_ops: operations for the inner holder
>   */
>  struct dax_device {
>   struct hlist_node list;
> @@ -31,8 +34,10 @@ struct dax_device {
>   struct cdev cdev;
>   const char *host;
>   void *private;
> + void *holder_data;
>   unsigned long flags;
>   const struct dax_operations *ops;
> + const struct dax_holder_operations *holder_ops;
>  };
>  
>  static dev_t dax_devt;
> @@ -374,6 +379,29 @@ int dax_zero_page_range(struct dax_device *dax_dev, 
> pgoff_t pgoff,
>  }
>  EXPORT_SYMBOL_GPL(dax_zero_page_range);
>  
> +int dax_holder_notify_failure(struct dax_device *dax_dev, loff_t offset,
> +   size_t size, int flags)
> +{
> + int rc;
> +
> + dax_read_lock();
> + if (!dax_alive(dax_dev)) {
> + rc = -ENXIO;
> + goto out;
> + }
> +
> + if (!dax_dev->holder_data) {
> + rc = -EOPNOTSUPP;
> + goto out;
> + }
> +
> + rc = dax_dev->holder_ops->notify_failure(dax_dev, offset, size, flags);

Shouldn't this check if dax_dev->holder_ops != NULL before dereferencing
it for the function call?  Imagine an implementation that wants to
attach a ->notify_failure function to a dax_device, maintains its own
lookup table, and decides that it doesn't need to set holder_data.

(Or, imagine someone who writes a garbage into holder_data and *boom*)

How does the locking work here?  If there's a media failure, we'll take
dax_rwsem and call ->notify_failure.  If the ->notify_failure function
wants to access the pmem to handle the error by calling back into the
dax code, will that cause nested locking on dax_rwsem?

Jumping ahead a bit, I think the rmap btree accesses that the xfs
implementation performs can cause xfs_buf(fer) cache IO, which would
trigger that if the buffers aren't already in memory, if I'm reading
this correctly?

> +out:
> + dax_read_unlock();
> + return rc;
> +}
> +EXPORT_SYMBOL_GPL(dax_holder_notify_failure);
> +
>  #ifdef CONFIG_ARCH_HAS_PMEM_API
>  void arch_wb_cache_pmem(void *addr, size_t size);
>  void dax_flush(struct dax_device *dax_dev, void *addr, size_t size)
> @@ -618,6 +646,37 @@ void put_dax(struct dax_device *dax_dev)
>  }
>  EXPORT_SYMBOL_GPL(put_dax);
>  
> +void dax_set_holder(struct dax_device *dax_dev, void *holder,
> + const struct dax_holder_operations *ops)
> +{
> + dax_write_lock();
> + if (!dax_alive(dax_dev)) {
> + dax_write_unlock();
> + return;
> + }
> +
> + dax_dev->holder_data = holder;
> + dax_dev->holder_ops = ops;
> + dax_write_unlock();

I guess this means that the holder has to detach itself before anyone
calls kill_dax, or else a dead dax device ends up with a dangling
reference to the holder?

> +}
> +EXPORT_SYMBOL_GPL(dax_set_holder);
> +
> +void *dax_get_holder(struct dax_device *dax_dev)
> +{
> + void *holder;
> +
> + dax_read_lock();
> + if (!dax_alive(dax_dev)) {
> + dax_read_unlock();
> + return NULL;
> + }
> +
> + holder = dax_dev->holder_data;
> + dax_read_unlock();
> + return holder;
> +}
> +EXPORT_SYMBOL_GPL(dax_get_holder);
> +
>  /**
>   * inode_dax: convert a public inode into its dax_dev
>   * @inode: An inode with i_cdev pointing to a dax_dev
> diff --git a/include/linux/dax.h b/include/linux/dax.h
> index 097b3304f9b9..d273d59723cd 100644
> --- a/include/linux/dax.h
> +++ b/include/linux/dax.h
> @@ -38,9 +38,24 @@ struct dax_operations {
>   int (*zero_page_ra