From: Ric Wheeler <rwheeler@redhat.com>
To: Chris Mason <chris.mason@fusionio.com>,
"Theodore Ts'o" <tytso@mit.edu>,
Chris Mason <clmason@fusionio.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
Christoph Hellwig <hch@infradead.org>,
Martin Steigerwald <Martin@lichtvoll.de>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Dave Chinner <david@fromorbit.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH, 3.7-rc7, RESEND] fs: revert commit bbdd6808 to fallocate UAPI
Date: Fri, 07 Dec 2012 16:42:06 -0500 [thread overview]
Message-ID: <50C262AE.5060701@redhat.com> (raw)
In-Reply-To: <20121207210932.GA25713@shiny>
On 12/07/2012 04:09 PM, Chris Mason wrote:
> On Fri, Dec 07, 2012 at 01:43:25PM -0700, Theodore Ts'o wrote:
>> On Fri, Dec 07, 2012 at 02:03:06PM -0500, Chris Mason wrote:
>>> That's not what happened though, and the right way forward from here is
>>> to give the bit to the feature, maybe with a generic name like
>>> FALLOCATE_WITHOUT_BEING_HORRIBLY_SLOW.
>> I don't think that's a good idea, because the current name explicitly
>> calls out the fact that we are making a tradeoff between what
>> ***might*** be a security exposure in some cases (but which might be
>> perfectly fine in others) for performance. Using the generic name
>> would hide the fact that this tradeoff is being made, and the
>> arguments (which I've never seen backed up with a specific design) is
>> that it's possible to speed up random writes into preallocated space
>> on a flash device without making any kind of tradeoff that might imply
>> a security tradeoff.
> Grin, we're really good at debating names. But I do see what you mean.
> I'd hope that whatever generic facility we put in doesn't have the
> security implications.
I would suggest a name like "let me see other peoples data, pronto"
>> If indeed it is possible to speed up this particular workload without
>> making any kind of no-hide-stale tradeoff, then we won't need the bit
>> --- writes into fallocated space will just get faster, with or without
>> the bit
>>
>> I am sure it will be possible to do this in some cases (for example if
>> you have a device that supports persistent trim which can quickly
>> zeroize the blocks in question), but I would be very surprised if it's
>> possible to completely eliminate the performance degradation for all
>> devices and workloads. (Not all storage devices support persistent
>> trim, just for starters.)
> Persistent trim is what I had in mind, but there are other ideas that do
> imply a change in behavior as well. Can we safely assume this feature
> won't matter on spinning media? New features like persistent
> trim do make it much easier to solve securely, and using a bit for it
> means we can toss back an error to the app if the underlying storage
> isn't safe.
>
> If google wants to have a block device patch that pretends to persistent
> trim on devices that can't, great.
The other things that I think we should try would be to convert over larger
chunks as we discussed on the list back in the summer (just because the user
writes 4KB does not mean that we cannot flip over 1MB and zero that).
>
>> In answer's to Linus's question, the reason why people are
>> hyperventilating so badly about this is that in some circles,
>> revealing stale data is so horrible that anyone who even tries to
>> suggest this should be excommunicated. The mere existence of the
>> code, or that people are using it, horribly offends those people.
> So I've always said this was a real performance problem and that it
> isn't just limited to ext4. But can we please move past this part? I
> don't think it is completely accurate.
The thing that bothers me is that no one wants to use this "feature" to see the
stale data, just to benefit from a coincidental performance bump
Most features need to have a defined use case as opposed to a side effect as
their motivation.
Let's focus on fixing the performance in a way that would be useful to a broader
swath of users. To be clear, I certainly would never ship this in a distro I was
involved in.
With or without the bit, we need to fix this properly if it is a meaningful
workload.
ric
next prev parent reply other threads:[~2012-12-07 21:42 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-19 23:04 [PATCH] fs: revert commit bbdd6808 to fallocate UAPI Dave Chinner
2012-11-20 16:36 ` Christoph Hellwig
2012-11-26 0:28 ` [PATCH, 3.7-rc7, RESEND] " Dave Chinner
2012-11-26 2:55 ` Theodore Ts'o
2012-11-26 6:14 ` Tao Ma
2012-11-26 9:12 ` Dave Chinner
2012-12-05 10:48 ` Martin Steigerwald
2012-12-05 15:45 ` Linus Torvalds
2012-12-05 16:18 ` Martin Steigerwald
2012-12-05 16:33 ` Theodore Ts'o
2012-12-05 17:24 ` Martin Steigerwald
2012-12-05 17:34 ` Theodore Ts'o
2012-12-05 17:55 ` Martin Steigerwald
2012-12-06 0:42 ` Dave Chinner
2012-12-06 9:24 ` Martin Steigerwald
2012-12-05 18:25 ` Linus Torvalds
2012-12-06 1:14 ` Dave Chinner
2012-12-06 3:03 ` Linus Torvalds
2012-12-06 9:37 ` Martin Steigerwald
2012-12-07 1:08 ` Ingo Molnar
2012-12-07 2:40 ` Dave Chinner
2012-12-07 10:24 ` Martin Steigerwald
2012-12-06 12:06 ` Christoph Hellwig
2012-12-06 16:50 ` Theodore Ts'o
2012-12-07 1:57 ` Dave Chinner
2012-12-06 12:05 ` Christoph Hellwig
2012-12-07 1:16 ` Ingo Molnar
2012-12-07 3:19 ` Dave Chinner
2012-12-07 17:36 ` Ric Wheeler
2012-12-07 18:18 ` Linus Torvalds
2012-12-07 19:03 ` Chris Mason
2012-12-07 20:43 ` Theodore Ts'o
2012-12-07 21:09 ` Chris Mason
2012-12-07 21:27 ` Theodore Ts'o
2012-12-07 21:43 ` Chris Mason
2012-12-07 21:49 ` Ric Wheeler
2012-12-07 21:57 ` Chris Mason
2012-12-07 22:51 ` Eric Sandeen
2012-12-07 22:52 ` Eric Sandeen
2012-12-07 21:42 ` Ric Wheeler [this message]
2012-12-07 21:57 ` Theodore Ts'o
2012-12-07 22:02 ` Ric Wheeler
2012-12-08 0:39 ` Dave Chinner
2012-12-08 2:52 ` Joel Becker
2012-12-08 4:04 ` Dave Chinner
2012-12-08 0:17 ` Dave Chinner
2012-12-08 1:39 ` Chris Mason
2012-12-10 16:02 ` Chris Mason
2012-12-10 17:37 ` Theodore Ts'o
2012-12-10 18:05 ` Steven Whitehouse
2012-12-10 18:13 ` Theodore Ts'o
2012-12-10 18:20 ` Theodore Ts'o
2012-12-11 12:16 ` Steven Whitehouse
2012-12-11 22:09 ` Dave Chinner
2012-12-10 18:52 ` Ric Wheeler
2012-12-11 0:52 ` Dave Chinner
2012-12-07 19:30 ` Steven Rostedt
2012-12-07 21:14 ` Theodore Ts'o
2012-12-07 21:47 ` Ric Wheeler
2012-12-07 23:25 ` Howard Chu
2012-12-08 0:50 ` Dave Chinner
2012-12-08 13:52 ` Howard Chu
2012-12-08 14:02 ` Ric Wheeler
2012-12-07 22:01 ` Eric Sandeen
2012-12-09 21:37 ` Ric Wheeler
2012-11-26 11:53 ` Alan Cox
2012-11-26 14:43 ` Theodore Ts'o
2012-11-26 21:12 ` Dave Chinner
2012-11-27 13:44 ` Martin Steigerwald
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50C262AE.5060701@redhat.com \
--to=rwheeler@redhat.com \
--cc=Martin@lichtvoll.de \
--cc=chris.mason@fusionio.com \
--cc=clmason@fusionio.com \
--cc=david@fromorbit.com \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).