From: Andrew Morton <akpm@linux-foundation.org>
To: "Pekka Enberg" <penberg@cs.helsinki.fi>
Cc: linux-kernel@vger.kernel.org, hch@infradead.org,
alan@lxorguk.ukuu.org.uk
Subject: Re: [PATCH 2/5] revoke: core code
Date: Fri, 16 Mar 2007 03:26:24 -0800 [thread overview]
Message-ID: <20070316032624.c6db84fc.akpm@linux-foundation.org> (raw)
In-Reply-To: <84144f020703152344u588da670ge14c1ec5797c2b86@mail.gmail.com>
On Fri, 16 Mar 2007 08:44:46 +0200 "Pekka Enberg" <penberg@cs.helsinki.fi> wrote:
> On 3/16/07, Andrew Morton <akpm@linux-foundation.org> wrote:
> > Why is this code using invalidate_inode_pages2()? That function keeps on
> > breaking, has ill-defined semantics and will probably change in the future.
> >
> > Exactly what semantics are you looking for here, and why?
>
> What the comment says "make pending reads fail." When revoking an
> inode, we need to make sure there are no pending I/O that will
> complete after revocation and thus leak information.
hm, let's define "pending".
I assume that any future callers to sys_read() will reliably do the right
thing at this stage, so we are concerned with threads which are presently
partway through a read from this inode?
If that's not accurate then please describe with some detail exactly what
semantics you're looking for here.
If it _is_ accurate then hm, tricky. It all rather depends upon how the
relevant filesystem implements reading (and writing?). Which is why you
made it a file_operation, fair enough.
But even for ext2 and ext3 (please keep ext4 in sync with ext3 changes,
btw), if some process is partway through a big page_cache_readahead()
operation then a concurrent invalidate_inode_pages2() call won't worry it
at all: the pagecache will be reinstantiated and do_generic_mapping_read()
will proceed to copy that pagecache out to the user after the revoke() has
returned. I think.
I'm afraid I havent paid any attention to this revoke proposal before, I
don't understand the usecases nor the implementation details so things
which are implicitly-obvious-to-you must be explained to me. But others
will benefit from that explanation too ;) What, exactly, are we trying to do
with the already-opened files and the currently-in-progress syscalls?
(A concurrent direct-io read might be a problem too?)
next prev parent reply other threads:[~2007-03-16 11:26 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-11 11:30 [PATCH 2/5] revoke: core code Pekka J Enberg
2007-03-16 1:34 ` Andrew Morton
2007-03-16 6:44 ` Pekka Enberg
2007-03-16 11:26 ` Andrew Morton [this message]
2007-03-16 11:44 ` Pekka J Enberg
2007-03-16 12:26 ` Andrew Morton
2007-03-16 14:45 ` Pekka J Enberg
2007-03-16 14:58 ` Alan Cox
2007-03-16 14:27 ` Pekka Enberg
2007-03-16 14:46 ` Pekka Enberg
2007-03-16 14:30 ` Pekka Enberg
2007-03-16 20:37 ` Pekka Enberg
2007-03-16 20:54 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070316032624.c6db84fc.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=penberg@cs.helsinki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox