Re: [PATCH 2/5] revoke: core code

From: Andrew Morton
Date: Fri Mar 16 2007 - 07:27:13 EST

Next message: Andi Kleen: "Re: [PATCH] i386: Simplify smp_call_function*() by using common implementation"
Previous message: Max Kellermann: "[BUG 2.6.21-rc3-git9] SATA NCQ failure with Samsum HD401LJ"
In reply to: Pekka Enberg: "Re: [PATCH 2/5] revoke: core code"
Next in thread: Pekka J Enberg: "Re: [PATCH 2/5] revoke: core code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 16 Mar 2007 08:44:46 +0200 "Pekka Enberg" <penberg@xxxxxxxxxxxxxx> wrote:

> On 3/16/07, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> > Why is this code using invalidate_inode_pages2()? That function keeps on
> > breaking, has ill-defined semantics and will probably change in the future.
> >
> > Exactly what semantics are you looking for here, and why?
>
> What the comment says "make pending reads fail." When revoking an
> inode, we need to make sure there are no pending I/O that will
> complete after revocation and thus leak information.

hm, let's define "pending".

I assume that any future callers to sys_read() will reliably do the right
thing at this stage, so we are concerned with threads which are presently
partway through a read from this inode?

If that's not accurate then please describe with some detail exactly what
semantics you're looking for here.

If it _is_ accurate then hm, tricky. It all rather depends upon how the
relevant filesystem implements reading (and writing?). Which is why you
made it a file_operation, fair enough.

But even for ext2 and ext3 (please keep ext4 in sync with ext3 changes,
btw), if some process is partway through a big page_cache_readahead()
operation then a concurrent invalidate_inode_pages2() call won't worry it
at all: the pagecache will be reinstantiated and do_generic_mapping_read()
will proceed to copy that pagecache out to the user after the revoke() has
returned. I think.

I'm afraid I havent paid any attention to this revoke proposal before, I
don't understand the usecases nor the implementation details so things
which are implicitly-obvious-to-you must be explained to me. But others
will benefit from that explanation too ;) What, exactly, are we trying to do
with the already-opened files and the currently-in-progress syscalls?

(A concurrent direct-io read might be a problem too?)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [PATCH] i386: Simplify smp_call_function*() by using common implementation"
Previous message: Max Kellermann: "[BUG 2.6.21-rc3-git9] SATA NCQ failure with Samsum HD401LJ"
In reply to: Pekka Enberg: "Re: [PATCH 2/5] revoke: core code"
Next in thread: Pekka J Enberg: "Re: [PATCH 2/5] revoke: core code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]