From: Christoph Hellwig <hch@lst.de>
To: Dave Chinner <david@fromorbit.com>
Cc: Christoph Hellwig <hch@lst.de>,
cem@kernel.org, linux-xfs@vger.kernel.org,
cen zhang <zzzccc427@gmail.com>,
lkmm@lists.linux.dev, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] xfs: mark the i_delayed_blks access in xfs_file_release as racy
Date: Wed, 14 May 2025 06:29:46 +0200 [thread overview]
Message-ID: <20250514042946.GA23355@lst.de> (raw)
In-Reply-To: <aCO7injOF7DFJGY9@dread.disaster.area>
On Wed, May 14, 2025 at 07:37:14AM +1000, Dave Chinner wrote:
> On Tue, May 13, 2025 at 07:26:14AM +0200, Christoph Hellwig wrote:
> > We don't bother with the ILOCK as this is best-effort and thus a racy
> > access is ok. Add a data_race() annotation to make that clear to
> > memory model verifiers.
>
> IMO, that's the thin edge of a wedge. There are dozens of places in
> XFS where we check variable values without holding the lock needed
> to serialise the read against modification.
Yes. And the linux kernel memory consistency model ask us to mark them,
see tools/memory-model/Documentation/access-marking.txt.
This fails painful at first, but I'd actually wish we'd have tools
enforcing this as strongly as possible as developers (well me at least)
seem to think a racy access is just fine more often than they should, and
needing an annotation and a comment is a pretty good way to sure that.
> Hence my question - are we now going to make it policy that every
> possible racy access must be marked with data_race() because there
> is some new bot that someone is running that will complain if we
> don't? Are you committing to playing whack-a-mole with the memory
> model verifiers to silence all the false positives from these
> known-to-be-safe access patterns?
It's not really a "new bot". It has been official memory consistency
policy for a while, but it just hasn't been well enforced. For new code
asking if the review is racy and needs a marking or use READ_ONCE() and
WRITE_ONCE() has been part of the usual review protocol. Reviewing old
code and fixing things we got wrong will take a while, but I'm actually
glad about more bots for that.
next prev parent reply other threads:[~2025-05-14 4:29 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <b0B7vqX5e__5JIDhxMANuyma5_RcE4wAhgR1-x-U6YY3qUy_mE220aCGAqsZ-LpEDc06cNfseqOGIgVw4BKmVg==@protonmail.internalid>
2025-05-13 5:26 ` [PATCH] xfs: mark the i_delayed_blks access in xfs_file_release as racy Christoph Hellwig
2025-05-13 8:56 ` Carlos Maiolino
2025-05-13 21:37 ` Dave Chinner
2025-05-14 4:29 ` Christoph Hellwig [this message]
2025-05-14 8:00 ` Carlos Maiolino
2025-05-14 13:04 ` Christoph Hellwig
2025-05-14 23:21 ` Dave Chinner
2025-05-16 6:34 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250514042946.GA23355@lst.de \
--to=hch@lst.de \
--cc=cem@kernel.org \
--cc=david@fromorbit.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=lkmm@lists.linux.dev \
--cc=zzzccc427@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.