From: Dave Chinner <david@fromorbit.com>
To: Christoph Hellwig <hch@lst.de>
Cc: cem@kernel.org, linux-xfs@vger.kernel.org,
cen zhang <zzzccc427@gmail.com>
Subject: Re: [PATCH] xfs: mark the i_delayed_blks access in xfs_file_release as racy
Date: Wed, 14 May 2025 07:37:14 +1000 [thread overview]
Message-ID: <aCO7injOF7DFJGY9@dread.disaster.area> (raw)
In-Reply-To: <20250513052614.753577-1-hch@lst.de>
On Tue, May 13, 2025 at 07:26:14AM +0200, Christoph Hellwig wrote:
> We don't bother with the ILOCK as this is best-effort and thus a racy
> access is ok. Add a data_race() annotation to make that clear to
> memory model verifiers.
IMO, that's the thin edge of a wedge. There are dozens of places in
XFS where we check variable values without holding the lock needed
to serialise the read against modification.
For example, i_delayed_blks updates are protected by the ILOCK, so
there's a data race if we read it without the ILOCK held. We do
this in:
xfs_file_release() - the one this patch addresses
xfs_getbmap() - unlocked access for data fork
xfs_can_free_eofblocks() - checked twice without locking
xfs_inodegc_set_reclaimable() - unlocked, but debug
xfs_inode_has_filedata() - unlocked via xfs_inactive()
xfs_vn_getattr() - unlocked
xfs_qm_dqusage_adjust() - unlocked ASSERT
And that's just this one variable in the inode - there are lots of
others we check without bothering to lock the inode.
e.g. pretty much everythign that xfs_vn_getattr() reads is a data
race because "unlocked racy access" is the way stat is designed to
work on Linux.
Hence my question - are we now going to make it policy that every
possible racy access must be marked with data_race() because there
is some new bot that someone is running that will complain if we
don't? Are you committing to playing whack-a-mole with the memory
model verifiers to silence all the false positives from these
known-to-be-safe access patterns?
-Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2025-05-13 21:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <b0B7vqX5e__5JIDhxMANuyma5_RcE4wAhgR1-x-U6YY3qUy_mE220aCGAqsZ-LpEDc06cNfseqOGIgVw4BKmVg==@protonmail.internalid>
2025-05-13 5:26 ` [PATCH] xfs: mark the i_delayed_blks access in xfs_file_release as racy Christoph Hellwig
2025-05-13 8:56 ` Carlos Maiolino
2025-05-13 21:37 ` Dave Chinner [this message]
2025-05-14 4:29 ` Christoph Hellwig
2025-05-14 8:00 ` Carlos Maiolino
2025-05-14 13:04 ` Christoph Hellwig
2025-05-14 23:21 ` Dave Chinner
2025-05-16 6:34 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aCO7injOF7DFJGY9@dread.disaster.area \
--to=david@fromorbit.com \
--cc=cem@kernel.org \
--cc=hch@lst.de \
--cc=linux-xfs@vger.kernel.org \
--cc=zzzccc427@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.