Re: [PATCH 03/11] fs: add frozen sb state helpers
On Thu, Nov 30, 2017 at 06:13:10PM +0100, Jan Kara wrote: > On Wed 29-11-17 15:23:48, Luis R. Rodriguez wrote: > > The question of whether or not a superblock is frozen needs to be > > augmented in the future to account for differences between a user > > initiated freeze and a kernel initiated freeze done automatically > > on behalf of the kernel. > > > > Provide helpers so that these can be used instead so that we don't > > have to expand checks later in these same call sites as we expand > > the definition of a frozen superblock. > > > > Signed-off-by: Luis R. Rodriguez> > So helpers are fine but... > > > +/** > > + * sb_is_frozen_by_user - is superblock frozen by a user call > > + * @sb: the super to check > > + * > > + * Returns true if the super freeze was initiated by userspace, for > > instance, > > + * an ioctl call. > > + */ > > +static inline bool sb_is_frozen_by_user(struct super_block *sb) > > +{ > > + return sb->s_writers.frozen == SB_FREEZE_COMPLETE; > > +} > > ... I dislike the _by_user() suffix as there may be different places that > call freeze_super() (e.g. device mapper does this during some operations). > Clearly we need to distinguish "by system suspend" and "the other" cases. > So please make this clear in the naming. > > In fact, what might be a cleaner solution is to introduce a 'freeze_count' > for superblock freezing (we already do have this for block devices). Then > you don't need to differentiate these two cases - but you'd still need to > properly handle cleanup if freezing of all superblocks fails in the middle. > So I'm not 100% this works out nicely in the end. But it's certainly worth > a consideration. Seems reasonable. Luis
Re: [PATCH 03/11] fs: add frozen sb state helpers
On Sun, Apr 22, 2018 at 01:53:23AM +0200, Jan Kara wrote: > On Fri 20-04-18 11:49:32, Luis R. Rodriguez wrote: > > On Tue, Apr 17, 2018 at 05:59:36PM -0700, Luis R. Rodriguez wrote: > > > On Thu, Dec 21, 2017 at 12:03:29PM +0100, Jan Kara wrote: > > > > Hello, > > > > > > > > I think I owe you a reply here... Sorry that it took so long. > > > > > > Took me just as long :) > > > > > > > On Fri 01-12-17 22:13:27, Luis R. Rodriguez wrote: > > > > > > > > > > I'll note that its still not perfectly clear if really the semantics > > > > > behind > > > > > freeze_bdev() match what I described above fully. That still needs to > > > > > be > > > > > vetted for. For instance, does thaw_bdev() keep a superblock frozen > > > > > if we > > > > > an ioctl initiated freeze had occurred before? If so then great. > > > > > Otherwise > > > > > I think we'll need to distinguish the ioctl interface. Worst possible > > > > > case > > > > > is that bdev semantics and in-kernel semantics differ somehow, then > > > > > that > > > > > will really create a holy fucking mess. > > > > > > > > I believe nobody really thought about mixing those two interfaces to fs > > > > freezing and so the behavior is basically defined by the implementation. > > > > That is: > > > > > > > > freeze_bdev() on sb frozen by ioctl_fsfreeze() -> EBUSY > > > > freeze_bdev() on sb frozen by freeze_bdev() -> success > > > > ioctl_fsfreeze() on sb frozen by freeze_bdev() -> EBUSY > > > > ioctl_fsfreeze() on sb frozen by ioctl_fsfreeze() -> EBUSY > > > > > > > > thaw_bdev() on sb frozen by ioctl_fsfreeze() -> EINVAL > > > > > > Phew, so this is what we want for the in-kernel freezing so we're good > > > and *can* combine these then. > > > > I double checked, and I don't see where you get EINVAL for this case. > > We *do* keep the sb frozen though, which is good, and the worst fear > > I had was that we did not. However we return 0 if there was already > > a prior freeze_bdev() or ioctl_fsfreeze() other than the context that > > started the prior freeze (--bdev->bd_fsfreeze_count > 0). > > > > The -EINVAL is only returned currently if there were no freezers. > > > > int thaw_bdev(struct block_device *bdev, struct super_block *sb) > > { > > int error = -EINVAL; > > > > mutex_lock(>bd_fsfreeze_mutex); > > if (!bdev->bd_fsfreeze_count) > > goto out; > > But this is precisely where we'd bail if we freeze sb by ioctl_fsfreeze() > but try to thaw by thaw_bdev(). ioctl_fsfreeze() does not touch > bd_fsfreeze_count... Ah, yes, I see that now, thanks! Luis
Re: [PATCH 03/11] fs: add frozen sb state helpers
On Fri 20-04-18 11:49:32, Luis R. Rodriguez wrote: > On Tue, Apr 17, 2018 at 05:59:36PM -0700, Luis R. Rodriguez wrote: > > On Thu, Dec 21, 2017 at 12:03:29PM +0100, Jan Kara wrote: > > > Hello, > > > > > > I think I owe you a reply here... Sorry that it took so long. > > > > Took me just as long :) > > > > > On Fri 01-12-17 22:13:27, Luis R. Rodriguez wrote: > > > > > > > > I'll note that its still not perfectly clear if really the semantics > > > > behind > > > > freeze_bdev() match what I described above fully. That still needs to be > > > > vetted for. For instance, does thaw_bdev() keep a superblock frozen if > > > > we > > > > an ioctl initiated freeze had occurred before? If so then great. > > > > Otherwise > > > > I think we'll need to distinguish the ioctl interface. Worst possible > > > > case > > > > is that bdev semantics and in-kernel semantics differ somehow, then that > > > > will really create a holy fucking mess. > > > > > > I believe nobody really thought about mixing those two interfaces to fs > > > freezing and so the behavior is basically defined by the implementation. > > > That is: > > > > > > freeze_bdev() on sb frozen by ioctl_fsfreeze() -> EBUSY > > > freeze_bdev() on sb frozen by freeze_bdev() -> success > > > ioctl_fsfreeze() on sb frozen by freeze_bdev() -> EBUSY > > > ioctl_fsfreeze() on sb frozen by ioctl_fsfreeze() -> EBUSY > > > > > > thaw_bdev() on sb frozen by ioctl_fsfreeze() -> EINVAL > > > > Phew, so this is what we want for the in-kernel freezing so we're good > > and *can* combine these then. > > I double checked, and I don't see where you get EINVAL for this case. > We *do* keep the sb frozen though, which is good, and the worst fear > I had was that we did not. However we return 0 if there was already > a prior freeze_bdev() or ioctl_fsfreeze() other than the context that > started the prior freeze (--bdev->bd_fsfreeze_count > 0). > > The -EINVAL is only returned currently if there were no freezers. > > int thaw_bdev(struct block_device *bdev, struct super_block *sb) > { > int error = -EINVAL; > > mutex_lock(>bd_fsfreeze_mutex); > if (!bdev->bd_fsfreeze_count) > goto out; But this is precisely where we'd bail if we freeze sb by ioctl_fsfreeze() but try to thaw by thaw_bdev(). ioctl_fsfreeze() does not touch bd_fsfreeze_count... Honza -- Jan KaraSUSE Labs, CR
Re: [PATCH 03/11] fs: add frozen sb state helpers
On Tue, Apr 17, 2018 at 05:59:36PM -0700, Luis R. Rodriguez wrote: > On Thu, Dec 21, 2017 at 12:03:29PM +0100, Jan Kara wrote: > > Hello, > > > > I think I owe you a reply here... Sorry that it took so long. > > Took me just as long :) > > > On Fri 01-12-17 22:13:27, Luis R. Rodriguez wrote: > > > > > > I'll note that its still not perfectly clear if really the semantics > > > behind > > > freeze_bdev() match what I described above fully. That still needs to be > > > vetted for. For instance, does thaw_bdev() keep a superblock frozen if we > > > an ioctl initiated freeze had occurred before? If so then great. Otherwise > > > I think we'll need to distinguish the ioctl interface. Worst possible case > > > is that bdev semantics and in-kernel semantics differ somehow, then that > > > will really create a holy fucking mess. > > > > I believe nobody really thought about mixing those two interfaces to fs > > freezing and so the behavior is basically defined by the implementation. > > That is: > > > > freeze_bdev() on sb frozen by ioctl_fsfreeze() -> EBUSY > > freeze_bdev() on sb frozen by freeze_bdev() -> success > > ioctl_fsfreeze() on sb frozen by freeze_bdev() -> EBUSY > > ioctl_fsfreeze() on sb frozen by ioctl_fsfreeze() -> EBUSY > > > > thaw_bdev() on sb frozen by ioctl_fsfreeze() -> EINVAL > > Phew, so this is what we want for the in-kernel freezing so we're good > and *can* combine these then. I double checked, and I don't see where you get EINVAL for this case. We *do* keep the sb frozen though, which is good, and the worst fear I had was that we did not. However we return 0 if there was already a prior freeze_bdev() or ioctl_fsfreeze() other than the context that started the prior freeze (--bdev->bd_fsfreeze_count > 0). The -EINVAL is only returned currently if there were no freezers. int thaw_bdev(struct block_device *bdev, struct super_block *sb) { int error = -EINVAL; mutex_lock(>bd_fsfreeze_mutex); if (!bdev->bd_fsfreeze_count) goto out; error = 0; if (--bdev->bd_fsfreeze_count > 0) goto out; ... out: mutex_unlock(>bd_fsfreeze_mutex); return error; } Luis
Re: [PATCH 03/11] fs: add frozen sb state helpers
On Tue 17-04-18 17:59:36, Luis R. Rodriguez wrote: > On Thu, Dec 21, 2017 at 12:03:29PM +0100, Jan Kara wrote: > > On Fri 01-12-17 22:13:27, Luis R. Rodriguez wrote: > > > > > > I'll note that its still not perfectly clear if really the semantics > > > behind > > > freeze_bdev() match what I described above fully. That still needs to be > > > vetted for. For instance, does thaw_bdev() keep a superblock frozen if we > > > an ioctl initiated freeze had occurred before? If so then great. Otherwise > > > I think we'll need to distinguish the ioctl interface. Worst possible case > > > is that bdev semantics and in-kernel semantics differ somehow, then that > > > will really create a holy fucking mess. > > > > I believe nobody really thought about mixing those two interfaces to fs > > freezing and so the behavior is basically defined by the implementation. > > That is: > > > > freeze_bdev() on sb frozen by ioctl_fsfreeze() -> EBUSY > > Note below as well on your *future* freeze_super() implementation. > > > freeze_bdev() on sb frozen by freeze_bdev() -> success > > ioctl_fsfreeze() on sb frozen by freeze_bdev() -> EBUSY > > ioctl_fsfreeze() on sb frozen by ioctl_fsfreeze() -> EBUSY > > > > thaw_bdev() on sb frozen by ioctl_fsfreeze() -> EINVAL > > Phew, so this is what we want for the in-kernel freezing so we're good > and *can* combine these then. > > > ioctl_fsthaw() on sb frozen by freeze_bdev() -> success > > > > What I propose is the following API: > > > > freeze_super_excl() > > - freezes superblock, returns EBUSY if the superblock is already frozen > > (either by another freeze_super_excl() or by freeze_super()) > > freeze_super() > > - this function will make sure superblock is frozen when the function > > returns with success. > > That's straight forward. > > > It can be nested with other freeze_super() or > > freeze_super_excl() calls > > This is where it can get hairy. More below. > > > (this second part is different from how > > freeze_bdev() behaves currently but AFAICT this behavior is actually > > what all current users of freeze_bdev() really want - just make sure > > fs cannot be written to) > > If we can agree to this, then sure. However there are two types of > possible nested calls to consider, one where the sb was already frozen > by an IOCTL, and the other where it was initiated by either another > freeze_super_excl() or another freeze_super() call which is currently > being processed. For the first type, its easy to say the device is > already frozen as such return success. If the freezing is ongoing, > we may want to wait or not wait, and this will depend on our current > use cases for freeze_bdev(). A side note since I'm not sure I wrote this down in my previous email: I want ioctl_fsfreeze() directly use freeze_super_excl(). Now to your freeze in progress question: freeze_super_excl() can immediately return EBUSY when there's freezing in progress. OTOH freeze_super() always has to wait for the current freeze / thaw to finish and then do what's necessary. I don't see a use case where you'd like to have freeze_super() not wait. > As you noted above, freeze_bdev() currently returns EBUSY if we had > the sb already frozen by ioctl_fsfreeze(). It may be a welcomed > enhancement to correct the semantics first to address the first case, > but keep the EBUSY for the other case. A secondary patch could then > add a completion mechanism and let callers decide to either wait or not. > *Iff* the caller did not opt-in to wait we keep the EBUSY return. You're now speaking about steps to transition to the new API, right? I'd structure the transition as follows: 1) Move bdev->bd_fsfreeze_count to a superblock. 2) Make freeze_super() grab the counter as well, thaw_super() drops it and unfreezes the filesystem only if the counter dropped to zero. 3) Rename freeze_super() to freeze_super_excl(). 4) Only now I'd go for messing with freeze_bdev() as it now combines sanely with freeze_super_excl(). Probably I'd just implement new freeze_super() with the desired semantics (including waiting for ongoing operation to finish). 5) And then switch all users (there are 4 in the kernel) from freeze_bdev() to freeze_super() with the justification in each case why the new semantics is actually desirable. 6) Drop old freeze_bdev() - note that only one freeze_bdev() user (in drivers/md/dm.c) is actually interested in passing bdev, all the others are better off just passing in superblock to new freeze_super(). Anyway for that user in dm we might still provide a convenience wrapper to grab the superblock and call new freeze_super() on it. Honza -- Jan KaraSUSE Labs, CR
Re: [PATCH 03/11] fs: add frozen sb state helpers
On Thu, Dec 21, 2017 at 12:03:29PM +0100, Jan Kara wrote: > Hello, > > I think I owe you a reply here... Sorry that it took so long. Took me just as long :) > On Fri 01-12-17 22:13:27, Luis R. Rodriguez wrote: > > > > I'll note that its still not perfectly clear if really the semantics behind > > freeze_bdev() match what I described above fully. That still needs to be > > vetted for. For instance, does thaw_bdev() keep a superblock frozen if we > > an ioctl initiated freeze had occurred before? If so then great. Otherwise > > I think we'll need to distinguish the ioctl interface. Worst possible case > > is that bdev semantics and in-kernel semantics differ somehow, then that > > will really create a holy fucking mess. > > I believe nobody really thought about mixing those two interfaces to fs > freezing and so the behavior is basically defined by the implementation. > That is: > > freeze_bdev() on sb frozen by ioctl_fsfreeze() -> EBUSY Note below as well on your *future* freeze_super() implementation. > freeze_bdev() on sb frozen by freeze_bdev() -> success > ioctl_fsfreeze() on sb frozen by freeze_bdev() -> EBUSY > ioctl_fsfreeze() on sb frozen by ioctl_fsfreeze() -> EBUSY > > thaw_bdev() on sb frozen by ioctl_fsfreeze() -> EINVAL Phew, so this is what we want for the in-kernel freezing so we're good and *can* combine these then. > ioctl_fsthaw() on sb frozen by freeze_bdev() -> success > > What I propose is the following API: > > freeze_super_excl() > - freezes superblock, returns EBUSY if the superblock is already frozen > (either by another freeze_super_excl() or by freeze_super()) > freeze_super() > - this function will make sure superblock is frozen when the function > returns with success. That's straight forward. > It can be nested with other freeze_super() or > freeze_super_excl() calls This is where it can get hairy. More below. > (this second part is different from how > freeze_bdev() behaves currently but AFAICT this behavior is actually > what all current users of freeze_bdev() really want - just make sure > fs cannot be written to) If we can agree to this, then sure. However there are two types of possible nested calls to consider, one where the sb was already frozen by an IOCTL, and the other where it was initiated by either another freeze_super_excl() or another freeze_super() call which is currently being processed. For the first type, its easy to say the device is already frozen as such return success. If the freezing is ongoing, we may want to wait or not wait, and this will depend on our current use cases for freeze_bdev(). As you noted above, freeze_bdev() currently returns EBUSY if we had the sb already frozen by ioctl_fsfreeze(). It may be a welcomed enhancement to correct the semantics first to address the first case, but keep the EBUSY for the other case. A secondary patch could then add a completion mechanism and let callers decide to either wait or not. *Iff* the caller did not opt-in to wait we keep the EBUSY return. Seem reasonable? I'll address the rest of the mail later. Luis
Re: [PATCH 03/11] fs: add frozen sb state helpers
Hello, I think I owe you a reply here... Sorry that it took so long. On Fri 01-12-17 22:13:27, Luis R. Rodriguez wrote: > On Fri, Dec 01, 2017 at 12:47:24PM +0100, Jan Kara wrote: > > On Thu 30-11-17 20:05:48, Luis R. Rodriguez wrote: > > > > In fact, what might be a cleaner solution is to introduce a > > > > 'freeze_count' > > > > for superblock freezing (we already do have this for block devices). > > > > Then > > > > you don't need to differentiate these two cases - but you'd still need > > > > to > > > > properly handle cleanup if freezing of all superblocks fails in the > > > > middle. > > > > So I'm not 100% this works out nicely in the end. But it's certainly > > > > worth > > > > a consideration. > > > > > > Ah, there are three important reasons for doing it the way I did it which > > > are > > > easy to miss, unless you read the commit log message very carefully. > > > > > > 0) The ioctl interface causes a failure to be sent back to userspace if > > > you issue two consecutive freezes, or two thaws. Ie, once a filesystem is > > > frozen, a secondary call will result in an error. Likewise for thaw. > > > > Yep. But also note that there's *another* interface to filesystem freezing > > which behaves differently - freeze_bdev() (used internally by dm). That > > interface uses the counter and freezing of already frozen device succeeds. > > Ah... so freeze_bdev() semantics matches the same semantics I was looking > for. > > > IOW it is a mess. > > To say the least. > > > We cannot change the behavior of the ioctl but we could > > still provide an in-kernel interface to freeze_super() with the same > > semantics as freeze_bdev() which might be easier to use by suspend - maybe > > we could call it 'exclusive' (for the current freeze_super() semantics) and > > 'non-exclusive' (for the freeze_bdev() semantics) since this is very much > > like O_EXCL open of block devices... > > Sure, now typically I see we make exclusive calls with the postfix _excl() so > I take it you'd be OK in renaming freeze_super() freeze_super_excl() > eventually > then? In principle yes but let's leave the naming disputes to a later time when it is clear what API do we actually want to provide. > I totally missed freeze_bdev() otherwise I think I would have picked up on the > shared semantics stuff and I would have just made a helper out of what > freeze_bdev() uses, and then have both in-kernel and freeze_bdev() use it. > > I'll note that its still not perfectly clear if really the semantics behind > freeze_bdev() match what I described above fully. That still needs to be > vetted for. For instance, does thaw_bdev() keep a superblock frozen if we > an ioctl initiated freeze had occurred before? If so then great. Otherwise > I think we'll need to distinguish the ioctl interface. Worst possible case > is that bdev semantics and in-kernel semantics differ somehow, then that > will really create a holy fucking mess. I believe nobody really thought about mixing those two interfaces to fs freezing and so the behavior is basically defined by the implementation. That is: freeze_bdev() on sb frozen by ioctl_fsfreeze() -> EBUSY freeze_bdev() on sb frozen by freeze_bdev() -> success ioctl_fsfreeze() on sb frozen by freeze_bdev() -> EBUSY ioctl_fsfreeze() on sb frozen by ioctl_fsfreeze() -> EBUSY thaw_bdev() on sb frozen by ioctl_fsfreeze() -> EINVAL ioctl_fsthaw() on sb frozen by freeze_bdev() -> success What I propose is the following API: freeze_super_excl() - freezes superblock, returns EBUSY if the superblock is already frozen (either by another freeze_super_excl() or by freeze_super()) freeze_super() - this function will make sure superblock is frozen when the function returns with success. It can be nested with other freeze_super() or freeze_super_excl() calls (this second part is different from how freeze_bdev() behaves currently but AFAICT this behavior is actually what all current users of freeze_bdev() really want - just make sure fs cannot be written to) thaw_super() - counterpart to freeze_super(), would fail with EINVAL if we were to drop the last "freeze reference" but sb was actually frozen with freeze_super_excl() thaw_super_excl() - counterpart to freeze_super_excl(). Fails with EINVAL if sb was not frozen with freeze_super_excl() (this is different to current behavior but I don't believe anyone relies on this and doing otherwise is asking for data corruption). I'd implement it by a freeze counter in the superblock (similar to what we currently have in bdev) where every call to freeze_super() or freeze_super_excl() would add one. Additionally we'd have a flag in the superblock whether the first freeze (it could not be any other since those would fail with EBUSY) came from freeze_super_excl(). Then we could make ioctl interface use the _excl() variant of the freezing API, freeze_bdev() would use the non-exclusive variant (we could drop the freeze
Re: [PATCH 03/11] fs: add frozen sb state helpers
On Fri, Dec 01, 2017 at 12:47:24PM +0100, Jan Kara wrote: > On Thu 30-11-17 20:05:48, Luis R. Rodriguez wrote: > > On Thu, Nov 30, 2017 at 06:13:10PM +0100, Jan Kara wrote: > > > ... I dislike the _by_user() suffix as there may be different places that > > > call freeze_super() (e.g. device mapper does this during some operations). > > > Clearly we need to distinguish "by system suspend" and "the other" cases. > > > So please make this clear in the naming. > > > > Ah. How about sb_frozen_by_cb() ? > > And what does 'cb' stand for? :) Callback. But let me think about bdev usage a bit and we can worry about the bikeshedding later. > > > In fact, what might be a cleaner solution is to introduce a 'freeze_count' > > > for superblock freezing (we already do have this for block devices). Then > > > you don't need to differentiate these two cases - but you'd still need to > > > properly handle cleanup if freezing of all superblocks fails in the > > > middle. > > > So I'm not 100% this works out nicely in the end. But it's certainly worth > > > a consideration. > > > > Ah, there are three important reasons for doing it the way I did it which > > are > > easy to miss, unless you read the commit log message very carefully. > > > > 0) The ioctl interface causes a failure to be sent back to userspace if > > you issue two consecutive freezes, or two thaws. Ie, once a filesystem is > > frozen, a secondary call will result in an error. Likewise for thaw. > > Yep. But also note that there's *another* interface to filesystem freezing > which behaves differently - freeze_bdev() (used internally by dm). That > interface uses the counter and freezing of already frozen device succeeds. Ah... so freeze_bdev() semantics matches the same semantics I was looking for. > IOW it is a mess. To say the least. > We cannot change the behavior of the ioctl but we could > still provide an in-kernel interface to freeze_super() with the same > semantics as freeze_bdev() which might be easier to use by suspend - maybe > we could call it 'exclusive' (for the current freeze_super() semantics) and > 'non-exclusive' (for the freeze_bdev() semantics) since this is very much > like O_EXCL open of block devices... Sure, now typically I see we make exclusive calls with the postfix _excl() so I take it you'd be OK in renaming freeze_super() freeze_super_excl() eventually then? I totally missed freeze_bdev() otherwise I think I would have picked up on the shared semantics stuff and I would have just made a helper out of what freeze_bdev() uses, and then have both in-kernel and freeze_bdev() use it. I'll note that its still not perfectly clear if really the semantics behind freeze_bdev() match what I described above fully. That still needs to be vetted for. For instance, does thaw_bdev() keep a superblock frozen if we an ioctl initiated freeze had occurred before? If so then great. Otherwise I think we'll need to distinguish the ioctl interface. Worst possible case is that bdev semantics and in-kernel semantics differ somehow, then that will really create a holy fucking mess. > > 1) The new iterate supers stuff I added bail on the first error and return > > that > > error. If we kept the ioctl() interface error scheme we'd be erroring out > > if on suspend if userspace had already frozen a filesystem. Clearly that'd > > be silly so we need to distinguish between the automatic kernel freezing > > and the old userspace ioctl initiated interface, so that we can keep the > > old behaviour but allow in-kernel auto freeze on suspend to work properly. > > This would work fine with the non-exclusive semantics I believe. Groovy. > > 2) If we fail to suspend we need to then thaw up all filesystems. The order > > in which we try to freeze is in reverse order on the super_block list. If we > > fail though we iterate in proper order on the super_block list and thaw. If > > you had two filesystems this means that if a failure happened on freezing > > the first filesystem, we'd first thaw the other filesystem -- and because of > > 0) if we don't distinguish between the ioctl interface or auto freezing, > > we'd > > also fail on thaw'ing given the other superblock wouldn't have been frozen. > > > > So we need to keep two separate approaches. The count stuff would not > > suffice > > to distinguish origin of source for freeze call. > > > > Come to think of it, I think I forgot to avoid thaw if the freeze was ioctl > > initiated.. > > > > thaw_unlocked(bool cb_call) > > { > > if (sb_frozen_by_cb(sb) && !cb_call) > > return 0; /* skip as the user wanted to keep this fs frozen */ > > ... > > } > > > > Even though the kernel auto call is new I think we need to keep ioctl > > initiated > > frozen filesystems frozen to not break old userspace assumptions. > > > > So, keeping all this in mind, does a count method still suffice? > > The count method would need a different error recovery method - i.e. if you > fail freezing filesystems
Re: [PATCH 03/11] fs: add frozen sb state helpers
On Thu 30-11-17 20:05:48, Luis R. Rodriguez wrote: > On Thu, Nov 30, 2017 at 06:13:10PM +0100, Jan Kara wrote: > > ... I dislike the _by_user() suffix as there may be different places that > > call freeze_super() (e.g. device mapper does this during some operations). > > Clearly we need to distinguish "by system suspend" and "the other" cases. > > So please make this clear in the naming. > > Ah. How about sb_frozen_by_cb() ? And what does 'cb' stand for? :) > > In fact, what might be a cleaner solution is to introduce a 'freeze_count' > > for superblock freezing (we already do have this for block devices). Then > > you don't need to differentiate these two cases - but you'd still need to > > properly handle cleanup if freezing of all superblocks fails in the middle. > > So I'm not 100% this works out nicely in the end. But it's certainly worth > > a consideration. > > Ah, there are three important reasons for doing it the way I did it which are > easy to miss, unless you read the commit log message very carefully. > > 0) The ioctl interface causes a failure to be sent back to userspace if > you issue two consecutive freezes, or two thaws. Ie, once a filesystem is > frozen, a secondary call will result in an error. Likewise for thaw. Yep. But also note that there's *another* interface to filesystem freezing which behaves differently - freeze_bdev() (used internally by dm). That interface uses the counter and freezing of already frozen device succeeds. IOW it is a mess. We cannot change the behavior of the ioctl but we could still provide an in-kernel interface to freeze_super() with the same semantics as freeze_bdev() which might be easier to use by suspend - maybe we could call it 'exclusive' (for the current freeze_super() semantics) and 'non-exclusive' (for the freeze_bdev() semantics) since this is very much like O_EXCL open of block devices... > 1) The new iterate supers stuff I added bail on the first error and return > that > error. If we kept the ioctl() interface error scheme we'd be erroring out > if on suspend if userspace had already frozen a filesystem. Clearly that'd > be silly so we need to distinguish between the automatic kernel freezing > and the old userspace ioctl initiated interface, so that we can keep the > old behaviour but allow in-kernel auto freeze on suspend to work properly. This would work fine with the non-exclusive semantics I believe. > 2) If we fail to suspend we need to then thaw up all filesystems. The order > in which we try to freeze is in reverse order on the super_block list. If we > fail though we iterate in proper order on the super_block list and thaw. If > you had two filesystems this means that if a failure happened on freezing > the first filesystem, we'd first thaw the other filesystem -- and because of > 0) if we don't distinguish between the ioctl interface or auto freezing, we'd > also fail on thaw'ing given the other superblock wouldn't have been frozen. > > So we need to keep two separate approaches. The count stuff would not suffice > to distinguish origin of source for freeze call. > > Come to think of it, I think I forgot to avoid thaw if the freeze was ioctl > initiated.. > > thaw_unlocked(bool cb_call) > { > if (sb_frozen_by_cb(sb) && !cb_call) > return 0; /* skip as the user wanted to keep this fs frozen */ > ... > } > > Even though the kernel auto call is new I think we need to keep ioctl > initiated > frozen filesystems frozen to not break old userspace assumptions. > > So, keeping all this in mind, does a count method still suffice? The count method would need a different error recovery method - i.e. if you fail freezing filesystems somewhere in the middle of iteration through superblock list, you'd need to iterate from that point on to the superblock where you've started. This is somewhat more complicated than your approach but it seems cleaner to me: 1) Function freezing all superblocks either succeeds and all superblocks are frozen or fails and no superblocks are (additionally) frozen. 2) It is not that normal users + one special user (who owns the "flag" in the superblock in form of a special freeze state) setup. We'd simply have exclusive and non-exclusive users of superblock freezing and there can be arbitrary numbers of them. Honza -- Jan KaraSUSE Labs, CR
Re: [PATCH 03/11] fs: add frozen sb state helpers
On Thu, Nov 30, 2017 at 06:13:10PM +0100, Jan Kara wrote: > ... I dislike the _by_user() suffix as there may be different places that > call freeze_super() (e.g. device mapper does this during some operations). > Clearly we need to distinguish "by system suspend" and "the other" cases. > So please make this clear in the naming. Ah. How about sb_frozen_by_cb() ? > In fact, what might be a cleaner solution is to introduce a 'freeze_count' > for superblock freezing (we already do have this for block devices). Then > you don't need to differentiate these two cases - but you'd still need to > properly handle cleanup if freezing of all superblocks fails in the middle. > So I'm not 100% this works out nicely in the end. But it's certainly worth > a consideration. Ah, there are three important reasons for doing it the way I did it which are easy to miss, unless you read the commit log message very carefully. 0) The ioctl interface causes a failure to be sent back to userspace if you issue two consecutive freezes, or two thaws. Ie, once a filesystem is frozen, a secondary call will result in an error. Likewise for thaw. 1) The new iterate supers stuff I added bail on the first error and return that error. If we kept the ioctl() interface error scheme we'd be erroring out if on suspend if userspace had already frozen a filesystem. Clearly that'd be silly so we need to distinguish between the automatic kernel freezing and the old userspace ioctl initiated interface, so that we can keep the old behaviour but allow in-kernel auto freeze on suspend to work properly. 2) If we fail to suspend we need to then thaw up all filesystems. The order in which we try to freeze is in reverse order on the super_block list. If we fail though we iterate in proper order on the super_block list and thaw. If you had two filesystems this means that if a failure happened on freezing the first filesystem, we'd first thaw the other filesystem -- and because of 0) if we don't distinguish between the ioctl interface or auto freezing, we'd also fail on thaw'ing given the other superblock wouldn't have been frozen. So we need to keep two separate approaches. The count stuff would not suffice to distinguish origin of source for freeze call. Come to think of it, I think I forgot to avoid thaw if the freeze was ioctl initiated.. thaw_unlocked(bool cb_call) { if (sb_frozen_by_cb(sb) && !cb_call) return 0; /* skip as the user wanted to keep this fs frozen */ ... } Even though the kernel auto call is new I think we need to keep ioctl initiated frozen filesystems frozen to not break old userspace assumptions. So, keeping all this in mind, does a count method still suffice? Luis
Re: [PATCH 03/11] fs: add frozen sb state helpers
On Wed 29-11-17 15:23:48, Luis R. Rodriguez wrote: > The question of whether or not a superblock is frozen needs to be > augmented in the future to account for differences between a user > initiated freeze and a kernel initiated freeze done automatically > on behalf of the kernel. > > Provide helpers so that these can be used instead so that we don't > have to expand checks later in these same call sites as we expand > the definition of a frozen superblock. > > Signed-off-by: Luis R. RodriguezSo helpers are fine but... > +/** > + * sb_is_frozen_by_user - is superblock frozen by a user call > + * @sb: the super to check > + * > + * Returns true if the super freeze was initiated by userspace, for instance, > + * an ioctl call. > + */ > +static inline bool sb_is_frozen_by_user(struct super_block *sb) > +{ > + return sb->s_writers.frozen == SB_FREEZE_COMPLETE; > +} ... I dislike the _by_user() suffix as there may be different places that call freeze_super() (e.g. device mapper does this during some operations). Clearly we need to distinguish "by system suspend" and "the other" cases. So please make this clear in the naming. In fact, what might be a cleaner solution is to introduce a 'freeze_count' for superblock freezing (we already do have this for block devices). Then you don't need to differentiate these two cases - but you'd still need to properly handle cleanup if freezing of all superblocks fails in the middle. So I'm not 100% this works out nicely in the end. But it's certainly worth a consideration. Honza -- Jan Kara SUSE Labs, CR
[PATCH 03/11] fs: add frozen sb state helpers
The question of whether or not a superblock is frozen needs to be augmented in the future to account for differences between a user initiated freeze and a kernel initiated freeze done automatically on behalf of the kernel. Provide helpers so that these can be used instead so that we don't have to expand checks later in these same call sites as we expand the definition of a frozen superblock. Signed-off-by: Luis R. Rodriguez--- fs/ext4/ext4_jbd2.c | 2 +- fs/super.c | 4 ++-- fs/xfs/xfs_trans.c | 2 +- include/linux/fs.h | 33 + 4 files changed, 37 insertions(+), 4 deletions(-) diff --git a/fs/ext4/ext4_jbd2.c b/fs/ext4/ext4_jbd2.c index 2d593201cf7a..090b8cd4551a 100644 --- a/fs/ext4/ext4_jbd2.c +++ b/fs/ext4/ext4_jbd2.c @@ -50,7 +50,7 @@ static int ext4_journal_check_start(struct super_block *sb) if (sb_rdonly(sb)) return -EROFS; - WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE); + WARN_ON(sb_is_frozen(sb)); journal = EXT4_SB(sb)->s_journal; /* * Special case here: if the journal has aborted behind our diff --git a/fs/super.c b/fs/super.c index cecc279beecd..e8f5a7139b8f 100644 --- a/fs/super.c +++ b/fs/super.c @@ -1392,7 +1392,7 @@ static int freeze_locked_super(struct super_block *sb) { int ret; - if (sb->s_writers.frozen != SB_UNFROZEN) + if (!sb_is_unfrozen(sb)) return -EBUSY; if (!(sb->s_flags & SB_BORN)) @@ -1498,7 +1498,7 @@ static int thaw_locked_super(struct super_block *sb) { int error; - if (sb->s_writers.frozen != SB_FREEZE_COMPLETE) + if (!sb_is_frozen(sb)) return -EINVAL; if (sb_rdonly(sb)) { diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c index a87f657f59c9..b1180c26d902 100644 --- a/fs/xfs/xfs_trans.c +++ b/fs/xfs/xfs_trans.c @@ -241,7 +241,7 @@ xfs_trans_alloc( if (!(flags & XFS_TRANS_NO_WRITECOUNT)) sb_start_intwrite(mp->m_super); - WARN_ON(mp->m_super->s_writers.frozen == SB_FREEZE_COMPLETE); + WARN_ON(sb_is_frozen(mp->m_super)); atomic_inc(>m_active_trans); tp = kmem_zone_zalloc(xfs_trans_zone, diff --git a/include/linux/fs.h b/include/linux/fs.h index 511fbaabf624..1e10239c1d3b 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1589,6 +1589,39 @@ static inline void sb_start_intwrite(struct super_block *sb) __sb_start_write(sb, SB_FREEZE_FS, true); } +/** + * sb_is_frozen_by_user - is superblock frozen by a user call + * @sb: the super to check + * + * Returns true if the super freeze was initiated by userspace, for instance, + * an ioctl call. + */ +static inline bool sb_is_frozen_by_user(struct super_block *sb) +{ + return sb->s_writers.frozen == SB_FREEZE_COMPLETE; +} + +/** + * sb_is_frozen - is superblock frozen + * @sb: the super to check + * + * Returns true if the super is frozen. + */ +static inline bool sb_is_frozen(struct super_block *sb) +{ + return sb_is_frozen_by_user(sb); +} + +/** + * sb_is_unfrozen - is superblock unfrozen + * @sb: the super to check + * + * Returns true if the super is unfrozen. + */ +static inline bool sb_is_unfrozen(struct super_block *sb) +{ + return sb->s_writers.frozen == SB_UNFROZEN; +} extern bool inode_owner_or_capable(const struct inode *inode); -- 2.15.0