Re: [PATCH v2] ext4: check folio uptodate state in ext4_page_mkwrite()

public inbox for linux-ext4@vger.kernel.org
 help / color / mirror / Atom feed

From: Matthew Wilcox <willy@infradead.org>
To: Theodore Tso <tytso@mit.edu>
Cc: Deepanshu Kartikey <kartikey406@gmail.com>,
	Zhang Yi <yi.zhang@huaweicloud.com>,
	linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+b0a0670332b6b3230a0a@syzkaller.appspotmail.com,
	adilger.kernel@dilger.ca, djwong@kernel.org
Subject: Re: [PATCH v2] ext4: check folio uptodate state in ext4_page_mkwrite()
Date: Fri, 5 Dec 2025 03:33:22 +0000	[thread overview]
Message-ID: <aTJSglQznqeph5lM@casper.infradead.org> (raw)
In-Reply-To: <20251205021818.GF71988@macsyma.lan>

On Thu, Dec 04, 2025 at 09:18:18PM -0500, Theodore Tso wrote:
> On Thu, Dec 04, 2025 at 03:24:50PM +0530, Deepanshu Kartikey wrote:
> > Based on Matthew's earlier feedback that we need to "prevent !uptodate
> > folios from being referenced by the page tables," I believe the
> > correct fix is not in ext4_page_mkwrite() at all, but rather in
> > mpage_release_unused_pages().
> > 
> > When we invalidate folios due to writeback failure, we should also
> > unmap them from page tables....
> 
> Hmm.... if the page is mmap'ed into the user process, on a writeback
> failure, the page contents will suddenly and without any warning,
> *disappear*.

It sounds like I was confused -- I thought the folios being invalidated 
in mpage_release_unused_pages() belonged to the block device, but from 
what you're saying, they belong to a user-visible file?

Once we hit a writeback error (whether we're in a "device gave EIO" or
"filesystem is corrupted" situation), we're firmly outside what POSIX 
speaks to, and so all that matters is quality of implementation.

Now, is the folio necessarily dirty at this point?  I guess so if we're
in the writeback path.  Darrick got rid of similar code in iomap a few 
years ago; see commit e9c3a8e820ed.  So it'd probably be good to have
ext4 behave the same way.

> So the other option is we could simply *not* invalidate the folio, but
> instead leave the folio dirty.  In some cases, where a particular
> block group is corrupted, if we retry the block allocation, the
> corrupted block group will be busied out, and so when the write back
> is retried, it's possible that the data will be actually be persisted.
> 
> We do need to make sure the right thing we unmount the filesystem,
> since at that point, we have no choice but the invalidate the page and
> the data will get lost when the file system is unmounted.  So it's a
> more complicated approach.  But if this is happening when the file
> system is corrupted, especially if it was maliciously corrupted, all
> bets are off anyway, so maybe it's not worth the complexity.

I'm generally in favour of doing anything we can to write dirty user
data back to storage ;-)  Of course if the storage is throwing a wobbly,
that's beyond our abilities.

next prev parent reply	other threads:[~2025-12-05  3:33 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-22  1:57 [PATCH v2] ext4: check folio uptodate state in ext4_page_mkwrite() Deepanshu Kartikey
2025-11-30  2:06 ` Deepanshu Kartikey
2025-12-02 12:24   ` Zhang Yi
2025-12-03  1:37     ` Deepanshu Kartikey
2025-12-03  6:52       ` Zhang Yi
2025-12-03  7:43         ` Deepanshu Kartikey
2025-12-03 15:46           ` Theodore Tso
2025-12-03 17:04             ` Deepanshu Kartikey
2025-12-03 18:40             ` Theodore Tso
2025-12-03 21:35             ` Matthew Wilcox
2025-12-03 22:33               ` Theodore Tso
2025-12-04  9:54                 ` Deepanshu Kartikey
2025-12-05  2:18                   ` Theodore Tso
2025-12-05  3:31                     ` Deepanshu Kartikey
2025-12-05  3:33                     ` Matthew Wilcox [this message]
2025-12-05 13:37                       ` Theodore Tso
2025-12-05 14:28                         ` Deepanshu Kartikey
2026-01-05  2:08                           ` Deepanshu Kartikey
2025-12-03 21:54             ` Matthew Wilcox

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aTJSglQznqeph5lM@casper.infradead.org \
    --to=willy@infradead.org \
    --cc=adilger.kernel@dilger.ca \
    --cc=djwong@kernel.org \
    --cc=kartikey406@gmail.com \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzbot+b0a0670332b6b3230a0a@syzkaller.appspotmail.com \
    --cc=tytso@mit.edu \
    --cc=yi.zhang@huaweicloud.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox