On Thu, Nov 24, 2022 at 10:47:55AM +0900, Damien Le Moal wrote:
> On 11/24/22 10:32, Damien Le Moal wrote:
> > On 11/23/22 14:58, Nitesh Shetty wrote:
> >> copy_file_range is implemented using copy offload,
> >> copy offloading to device is always enabled.
> >> To disable copy offloading mount with "no_copy_offload" mount option.
> >
> > And were is the code that handle this option ?
> >
> >> At present copy offload is only used, if the source and destination files
> >> are on same block device, otherwise copy file range is completed by
> >> generic copy file range.
> >>
> >> copy file range implemented as following:
> >> - write pending writes on the src and dest files
> >> - drop page cache for dest file if its conv zone
> >> - copy the range using offload
> >> - update dest file info
> >>
> >> For all failure cases we fallback to generic file copy range
> >
> > For all cases ? That would be weird. What would be the point of trying to
> > copy again if e.g. the dest zone has gone offline or read only ?
> >
> >> At present this implementation does not support conv aggregation
> >
> > Please check this commit message overall: the grammar and punctuation
> > could really be improved.
> >
> >>
> >> Signed-off-by: Nitesh Shetty <nj.shetty@xxxxxxxxxxx>
> >> Signed-off-by: Anuj Gupta <anuj20.g@xxxxxxxxxxx>
> >> ---
> >> fs/zonefs/super.c | 179 ++++++++++++++++++++++++++++++++++++++++++++++
> >> 1 file changed, 179 insertions(+)
> >>
> >> diff --git a/fs/zonefs/super.c b/fs/zonefs/super.c
> >> index abc9a85106f2..15613433d4ae 100644
> >> --- a/fs/zonefs/super.c
> >> +++ b/fs/zonefs/super.c
> >> @@ -1223,6 +1223,183 @@ static int zonefs_file_release(struct inode *inode, struct file *file)
> >> return 0;
> >> }
> >>
> >> +static int zonefs_is_file_copy_offset_ok(struct inode *src_inode,
> >> + struct inode *dst_inode, loff_t src_off, loff_t dst_off,
> >> + size_t *len)
> >> +{
> >> + loff_t size, endoff;
> >> + struct zonefs_inode_info *dst_zi = ZONEFS_I(dst_inode);
> >> +
> >> + inode_lock(src_inode);
> >> + size = i_size_read(src_inode);
> >> + inode_unlock(src_inode);
> >> + /* Don't copy beyond source file EOF. */
> >> + if (src_off < size) {
> >> + if (src_off + *len > size)
> >> + *len = (size - (src_off + *len));
> >> + } else
> >> + *len = 0;
> >
> > Missing curly brackets for the else.
> >
> >> +
> >> + mutex_lock(&dst_zi->i_truncate_mutex);
> >> + if (dst_zi->i_ztype == ZONEFS_ZTYPE_SEQ) {
> >> + if (*len > dst_zi->i_max_size - dst_zi->i_wpoffset)
> >> + *len -= dst_zi->i_max_size - dst_zi->i_wpoffset;
> >> +
> >> + if (dst_off != dst_zi->i_wpoffset)
> >> + goto err;
> >> + }
> >> + mutex_unlock(&dst_zi->i_truncate_mutex);
> >> +
> >> + endoff = dst_off + *len;
> >> + inode_lock(dst_inode);
> >> + if (endoff > dst_zi->i_max_size ||
> >> + inode_newsize_ok(dst_inode, endoff)) {
> >> + inode_unlock(dst_inode);
> >> + goto err;
> >
> > And here truncate mutex is not locked, but goto err will unlock it. This
> > is broken...
> >
> >> + }
> >> + inode_unlock(dst_inode);
> >
> > ...The locking is completely broken in this function anyway. You take the
> > lock, look at something, then release the lock. Then what if a write or a
> > trunctate comes in when the inode is not locked ? This is completely
> > broken. The inode should be locked with no dio pending when this function
> > is called. This is only to check if everything is ok. This has no business
> > playing with the inode and truncate locks.
> >
> >> +
> >> + return 0;
> >> +err:
> >> + mutex_unlock(&dst_zi->i_truncate_mutex);
> >> + return -EINVAL;
> >> +}
> >> +
> >> +static ssize_t zonefs_issue_copy(struct zonefs_inode_info *src_zi,
> >> + loff_t src_off, struct zonefs_inode_info *dst_zi,
> >> + loff_t dst_off, size_t len)
> >> +{
> >> + struct block_device *src_bdev = src_zi->i_vnode.i_sb->s_bdev;
> >> + struct block_device *dst_bdev = dst_zi->i_vnode.i_sb->s_bdev;
> >> + struct range_entry *rlist = NULL;
> >> + int ret = len;
> >> +
> >> + rlist = kmalloc(sizeof(*rlist), GFP_KERNEL);
> >
> > GFP_NOIO ?
> >
> >> + if (!rlist)
> >> + return -ENOMEM;
> >> +
> >> + rlist[0].dst = (dst_zi->i_zsector << SECTOR_SHIFT) + dst_off;
> >> + rlist[0].src = (src_zi->i_zsector << SECTOR_SHIFT) + src_off;
> >> + rlist[0].len = len;
> >> + rlist[0].comp_len = 0;
> >> + ret = blkdev_issue_copy(src_bdev, dst_bdev, rlist, 1, NULL, NULL,
> >> + GFP_KERNEL);
> >> + if (rlist[0].comp_len > 0)
> >> + ret = rlist[0].comp_len;
> >> + kfree(rlist);
> >> +
> >> + return ret;
> >> +}
> >> +
> >> +/* Returns length of possible copy, else returns error */
> >> +static ssize_t zonefs_copy_file_checks(struct file *src_file, loff_t src_off,
> >> + struct file *dst_file, loff_t dst_off,
> >> + size_t *len, unsigned int flags)
> >> +{
> >> + struct inode *src_inode = file_inode(src_file);
> >> + struct inode *dst_inode = file_inode(dst_file);
> >> + struct zonefs_inode_info *src_zi = ZONEFS_I(src_inode);
> >> + struct zonefs_inode_info *dst_zi = ZONEFS_I(dst_inode);
> >> + ssize_t ret;
> >> +
> >> + if (src_inode->i_sb != dst_inode->i_sb)
> >> + return -EXDEV;
> >> +
> >> + /* Start by sync'ing the source and destination files for conv zones */
> >> + if (src_zi->i_ztype == ZONEFS_ZTYPE_CNV) {
> >> + ret = file_write_and_wait_range(src_file, src_off,
> >> + (src_off + *len));
> >> + if (ret < 0)
> >> + goto io_error;
> >> + }
> >> + inode_dio_wait(src_inode);
> >
> > That is not a "check". So having this in a function called
> > zonefs_copy_file_checks() is a little strange.
> >
> >> +
> >> + /* Start by sync'ing the source and destination files ifor conv zones */
> >
> > Same comment repeated, with typos.
> >
> >> + if (dst_zi->i_ztype == ZONEFS_ZTYPE_CNV) {
> >> + ret = file_write_and_wait_range(dst_file, dst_off,
> >> + (dst_off + *len));
> >> + if (ret < 0)
> >> + goto io_error;
> >> + }
> >> + inode_dio_wait(dst_inode);
> >> +
> >> + /* Drop dst file cached pages for a conv zone*/
> >> + if (dst_zi->i_ztype == ZONEFS_ZTYPE_CNV) {
> >> + ret = invalidate_inode_pages2_range(dst_inode->i_mapping,
> >> + dst_off >> PAGE_SHIFT,
> >> + (dst_off + *len) >> PAGE_SHIFT);
> >> + if (ret < 0)
> >> + goto io_error;
> >> + }
> >> +
> >> + ret = zonefs_is_file_copy_offset_ok(src_inode, dst_inode, src_off,
> >> + dst_off, len);
> >> + if (ret < 0)
> >
> > if (ret)
> >
> >> + return ret;
> >> +
> >> + return *len;
> >> +
> >> +io_error:
> >> + zonefs_io_error(dst_inode, true);
> >> + return ret;
> >> +}
> >> +
> >> +static ssize_t zonefs_copy_file(struct file *src_file, loff_t src_off,
> >> + struct file *dst_file, loff_t dst_off,
> >> + size_t len, unsigned int flags)
> >> +{
> >> + struct inode *src_inode = file_inode(src_file);
> >> + struct inode *dst_inode = file_inode(dst_file);
> >> + struct zonefs_inode_info *src_zi = ZONEFS_I(src_inode);
> >> + struct zonefs_inode_info *dst_zi = ZONEFS_I(dst_inode);
> >> + ssize_t ret = 0, bytes;
> >> +
> >> + inode_lock(src_inode);
> >> + inode_lock(dst_inode);
> >
> > So you did zonefs_copy_file_checks() outside of these locks, which mean
> > that everything about the source and destination files may have changed.
> > This does not work.
>
> I forgot to mention that locking 2 inodes blindly like this can leads to
> deadlocks if another process tries a copy range from dst to src at the
> same time (lock order is reversed and so can deadlock).
>
> >
> >> + bytes = zonefs_issue_copy(src_zi, src_off, dst_zi, dst_off, len);
> >> + if (bytes < 0)
> >> + goto unlock_exit;
> >> +
> >> + ret += bytes;
> >> +
> >> + file_update_time(dst_file);
> >> + mutex_lock(&dst_zi->i_truncate_mutex);
> >> + zonefs_update_stats(dst_inode, dst_off + bytes);
> >> + zonefs_i_size_write(dst_inode, dst_off + bytes);
> >> + dst_zi->i_wpoffset += bytes;
> >
> > This is wierd. iszie for dst will be dst_zi->i_wpoffset. So please do:
> >
> > dst_zi->i_wpoffset += bytes;
> > zonefs_i_size_write(dst_inode, dst_zi->i_wpoffset);
> >
> >> + mutex_unlock(&dst_zi->i_truncate_mutex);
> >
> > And you are not taking care of the accounting for active zones here. If
> > the copy made the dst zone full, it is not active anymore. You need to
> > call zonefs_account_active();
> >
> >> + /* if we still have some bytes left, do splice copy */
> >> + if (bytes && (bytes < len)) {
> >> + bytes = do_splice_direct(src_file, &src_off, dst_file,
> >> + &dst_off, len, flags);
> >
> > No way.
> >
> >> + if (bytes > 0)
> >> + ret += bytes;
> >> + }
> >> +unlock_exit:
> >> + if (ret < 0)
> >> + zonefs_io_error(dst_inode, true);
> >
> > How can you be sure that you even did an IO when you get an error ?
> > zonefs_issue_copy() may have failed on its kmalloc() and no IO was done.
> >
> >> + inode_unlock(src_inode);
> >> + inode_unlock(dst_inode);
> >> + return ret;
> >> +}
> >> +
> >> +static ssize_t zonefs_copy_file_range(struct file *src_file, loff_t src_off,
> >> + struct file *dst_file, loff_t dst_off,
> >> + size_t len, unsigned int flags)
> >> +{
> >> + ssize_t ret = -EIO;
> >
> > This does not need to be initialized.
> >
> >> +
> >> + ret = zonefs_copy_file_checks(src_file, src_off, dst_file, dst_off,
> >> + &len, flags);
> >
> > These checks need to be done for the generic implementation too, no ? Why
> > would checking this automatically trigger the offload ? What if the device
> > does not support offloading ?
> >
> >> + if (ret > 0)
> >> + ret = zonefs_copy_file(src_file, src_off, dst_file, dst_off,
> >> + len, flags);
> >
> > return here, then no need for the else. But see above. This seems all
> > broken to me.
> >
> >> + else if (ret < 0 && ret == -EXDEV)
> >> + ret = generic_copy_file_range(src_file, src_off, dst_file,
> >> + dst_off, len, flags);
> >> + return ret;
> >> +}
> >> +
> >> static const struct file_operations zonefs_file_operations = {
> >> .open = zonefs_file_open,
> >> .release = zonefs_file_release,
> >> @@ -1234,6 +1411,7 @@ static const struct file_operations zonefs_file_operations = {
> >> .splice_read = generic_file_splice_read,
> >> .splice_write = iter_file_splice_write,
> >> .iopoll = iocb_bio_iopoll,
> >> + .copy_file_range = zonefs_copy_file_range,
> >> };
> >>
> >> static struct kmem_cache *zonefs_inode_cachep;
> >> @@ -1804,6 +1982,7 @@ static int zonefs_fill_super(struct super_block *sb, void *data, int silent)
> >> atomic_set(&sbi->s_active_seq_files, 0);
> >> sbi->s_max_active_seq_files = bdev_max_active_zones(sb->s_bdev);
> >>
> >> + /* set copy support by default */
> >
> > What is this comment supposed to be for ?
> >
> >> ret = zonefs_read_super(sb);
> >> if (ret)
> >> return ret;
> >
>
> --
> Damien Le Moal
> Western Digital Research
>
>
Acked. I do see a gap in current zonefs cfr implementation. I will drop this
implementation for next version. Once we finalize on block copy offload
implementation, will re-pick this and send with above reviews fixed.
Thank you,
Nitesh
