From: Dave Chinner <david@fromorbit.com>
To: Pingfan Liu <kernelfans@gmail.com>
Cc: linux-xfs@vger.kernel.org,
"Darrick J. Wong" <darrick.wong@oracle.com>,
Brian Foster <bfoster@redhat.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] xfs/log: protect the logging content under xc_ctx_lock
Date: Fri, 1 Nov 2019 08:40:31 +1100 [thread overview]
Message-ID: <20191031214031.GV4614@dread.disaster.area> (raw)
In-Reply-To: <1572442631-4472-1-git-send-email-kernelfans@gmail.com>
On Wed, Oct 30, 2019 at 09:37:11PM +0800, Pingfan Liu wrote:
> xc_cil_lock is not enough to protect the integrity of a trans logging.
> Taking the scenario:
> cpuA cpuB cpuC
>
> xlog_cil_insert_format_items()
>
> spin_lock(&cil->xc_cil_lock)
> link transA's items to xc_cil,
> including item1
> spin_unlock(&cil->xc_cil_lock)
> xlog_cil_push() fetches transA's item under xc_cil_lock
> issue transB, modify item1
> xlog_write(), but now, item1 contains content from transB and we have a broken transA
TL;DR: 1. log vectors. 2. CIL context lock exclusion.
When CPU A formats the item during commit, it copies all the changes
into a list of log vectors, and that is attached to the log item
and the item is added to the CIL. The item is then unlocked. This is
done with the CIL context lock held excluding CIL pushes.
When CPU C pushes on the CIL, it detatches the -log vectors- from
the log item and removes the item from the CIL. This is done hold
the CIL context lock, excluding transaction commits from modifying
the CIL log vector list. It then formats the -log vectors- into the
journal by passing them to xlog_write(). It does not use log items
for this, and because the log vector list has been isolated and is
now private to the push context, we don't need to hold any locks
anymore to call xlog_write....
When CPU B modifies item1, it modifies the item and logs the new
changes to the log item. It does not modify the log vector that
might be attached to the log item from a previous change. The log
vector is only updated during transaction commit, so the changes
being made in transaction on CPU B are private to that transaction
until they are committed, formatted into log vectors and inserted
into the CIL under the CIL context lock.
> Survive this race issue by putting under the protection of xc_ctx_lock.
> Meanwhile the xc_cil_lock can be dropped as xc_ctx_lock does it against
> xlog_cil_insert_items()
>
> Signed-off-by: Pingfan Liu <kernelfans@gmail.com>
> Cc: "Darrick J. Wong" <darrick.wong@oracle.com>
> Cc: Brian Foster <bfoster@redhat.com>
> To: linux-xfs@vger.kernel.org
> Cc: linux-fsdevel@vger.kernel.org
> ---
> fs/xfs/xfs_log_cil.c | 35 +++++++++++++++++++----------------
> 1 file changed, 19 insertions(+), 16 deletions(-)
>
> diff --git a/fs/xfs/xfs_log_cil.c b/fs/xfs/xfs_log_cil.c
> index 004af09..f8df3b5 100644
> --- a/fs/xfs/xfs_log_cil.c
> +++ b/fs/xfs/xfs_log_cil.c
> @@ -723,22 +723,6 @@ xlog_cil_push(
> */
> lv = NULL;
> num_iovecs = 0;
> - spin_lock(&cil->xc_cil_lock);
> - while (!list_empty(&cil->xc_cil)) {
> - struct xfs_log_item *item;
> -
> - item = list_first_entry(&cil->xc_cil,
> - struct xfs_log_item, li_cil);
> - list_del_init(&item->li_cil);
> - if (!ctx->lv_chain)
> - ctx->lv_chain = item->li_lv;
> - else
> - lv->lv_next = item->li_lv;
> - lv = item->li_lv;
> - item->li_lv = NULL;
> - num_iovecs += lv->lv_niovecs;
> - }
> - spin_unlock(&cil->xc_cil_lock);
>
> /*
> * initialise the new context and attach it to the CIL. Then attach
> @@ -783,6 +767,25 @@ xlog_cil_push(
> up_write(&cil->xc_ctx_lock);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
We don't hold the CIL context lock anymore....
>
> /*
> + * cil->xc_cil_lock around this loop can be dropped, since xc_ctx_lock
> + * protects us against xlog_cil_insert_items().
> + */
> + while (!list_empty(&cil->xc_cil)) {
> + struct xfs_log_item *item;
> +
> + item = list_first_entry(&cil->xc_cil,
> + struct xfs_log_item, li_cil);
> + list_del_init(&item->li_cil);
> + if (!ctx->lv_chain)
> + ctx->lv_chain = item->li_lv;
> + else
> + lv->lv_next = item->li_lv;
> + lv = item->li_lv;
> + item->li_lv = NULL;
> + num_iovecs += lv->lv_niovecs;
> + }
So this is completely unserialised now. i.e. even if there was a
problem like you suggest, this modification doesn't do what you say
it does.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2019-10-31 21:40 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-30 6:29 [PATCH] xfs/log: protect xc_cil in xlog_cil_push() Pingfan Liu
2019-10-30 12:53 ` Brian Foster
2019-10-30 13:33 ` Pingfan Liu
2019-10-30 13:37 ` [PATCH] xfs/log: protect the logging content under xc_ctx_lock Pingfan Liu
2019-10-30 16:48 ` Darrick J. Wong
2019-10-31 3:48 ` Pingfan Liu
2019-10-31 11:36 ` Brian Foster
2019-11-01 4:02 ` Pingfan Liu
2019-10-31 21:40 ` Dave Chinner [this message]
2019-11-01 3:39 ` Pingfan Liu
2019-10-31 21:25 ` [PATCH] xfs/log: protect xc_cil in xlog_cil_push() Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191031214031.GV4614@dread.disaster.area \
--to=david@fromorbit.com \
--cc=bfoster@redhat.com \
--cc=darrick.wong@oracle.com \
--cc=kernelfans@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.