On Thu, Nov 19, 2020 at 09:38:17AM +0200, Amir Goldstein wrote:
> On Wed, Nov 18, 2020 at 9:18 PM Omar Sandoval <osandov@xxxxxxxxxxx> wrote:
> >
> > From: Omar Sandoval <osandov@xxxxxx>
> >
> > Btrfs supports transparent compression: data written by the user can be
> > compressed when written to disk and decompressed when read back.
> > However, we'd like to add an interface to write pre-compressed data
> > directly to the filesystem, and the matching interface to read
> > compressed data without decompressing it. This adds support for
> > so-called "encoded I/O" via preadv2() and pwritev2().
> >
> > A new RWF_ENCODED flags indicates that a read or write is "encoded". If
> > this flag is set, iov[0].iov_base points to a struct encoded_iov which
> > is used for metadata: namely, the compression algorithm, unencoded
> > (i.e., decompressed) length, and what subrange of the unencoded data
> > should be used (needed for truncated or hole-punched extents and when
> > reading in the middle of an extent). For reads, the filesystem returns
> > this information; for writes, the caller provides it to the filesystem.
> > iov[0].iov_len must be set to sizeof(struct encoded_iov), which can be
> > used to extend the interface in the future a la copy_struct_from_user().
> > The remaining iovecs contain the encoded extent.
> >
> > This adds the VFS helpers for supporting encoded I/O and documentation
> > for filesystem support.
> >
> > Reviewed-by: Josef Bacik <josef@xxxxxxxxxxxxxx>
> > Signed-off-by: Omar Sandoval <osandov@xxxxxx>
> > ---
> > Documentation/filesystems/encoded_io.rst | 74 ++++++++++
> > Documentation/filesystems/index.rst | 1 +
> > fs/read_write.c | 167 +++++++++++++++++++++--
> > include/linux/fs.h | 11 ++
> > include/uapi/linux/fs.h | 41 +++++-
> > 5 files changed, 280 insertions(+), 14 deletions(-)
> > create mode 100644 Documentation/filesystems/encoded_io.rst
> >
> > diff --git a/Documentation/filesystems/encoded_io.rst b/Documentation/filesystems/encoded_io.rst
> > new file mode 100644
> > index 000000000000..50405276d866
> > --- /dev/null
> > +++ b/Documentation/filesystems/encoded_io.rst
> > @@ -0,0 +1,74 @@
> > +===========
> > +Encoded I/O
> > +===========
> > +
> > +Encoded I/O is a mechanism for reading and writing encoded (e.g., compressed
> > +and/or encrypted) data directly from/to the filesystem. The userspace interface
> > +is thoroughly described in the :manpage:`encoded_io(7)` man page; this document
> > +describes the requirements for filesystem support.
> > +
> > +First of all, a filesystem supporting encoded I/O must indicate this by setting
> > +the ``FMODE_ENCODED_IO`` flag in its ``file_open`` file operation::
> > +
Hi, Amir, I'm getting back to this now after the holidays.
> Should this be FMODE_ALLOW_ENCODED_IO?
> How come I see no checks for this flag in vfs code?
Thanks for catching that, apparently I dropped the check between v5 and
v6 when I was resolving a conflict with commit ce71bfea207b ("fs: align
IOCB_* flags with RWF_* flags"). I'll add it back for v7. (The flag
indicates support for encoded I/O, and it's checked at read/write time,
so I think FMODE_ENCODED_IO is still the best name for it.)
> You seem to only be checking the O_ flag.
> Do we really want to allow setting the O_ flag after open or should we
> deny that?
I believe the conclusion after the other thread was to give
O_ALLOW_ENCODED no special treatment, so yes, we should allow it.
> > + static int foo_file_open(struct inode *inode, struct file *filp)
> > + {
> > + ...
> > + filep->f_mode |= FMODE_ENCODED_IO;
> > + ...
> > + }
> > +
> > +Encoded I/O goes through ``read_iter`` and ``write_iter``, designated by the
> > +``IOCB_ENCODED`` flag in ``kiocb->ki_flags``.
> > +
> > +Reads
> > +=====
> > +
> > +Encoded ``read_iter`` should:
> > +
> > +1. Call ``generic_encoded_read_checks()`` to validate the file and buffers
> > + provided by userspace.
> > +2. Initialize the ``encoded_iov`` appropriately.
> > +3. Copy it to the user with ``copy_encoded_iov_to_iter()``.
> > +4. Copy the encoded data to the user.
> > +5. Advance ``kiocb->ki_pos`` by ``encoded_iov->len``.
> > +6. Return the size of the encoded data read, not including the ``encoded_iov``.
> > +
> > +There are a few details to be aware of:
> > +
> > +* Encoded ``read_iter`` should support reading unencoded data if the extent is
> > + not encoded.
> > +* If the buffers provided by the user are not large enough to contain an entire
> > + encoded extent, then ``read_iter`` should return ``-ENOBUFS``. This is to
> > + avoid confusing userspace with truncated data that cannot be properly
> > + decoded.
> > +* Reads in the middle of an encoded extent can be returned by setting
> > + ``encoded_iov->unencoded_offset`` to non-zero.
> > +* Truncated unencoded data (e.g., because the file does not end on a block
> > + boundary) may be returned by setting ``encoded_iov->len`` to a value smaller
> > + value than ``encoded_iov->unencoded_len - encoded_iov->unencoded_offset``.
> > +
> > +Writes
> > +======
> > +
> > +Encoded ``write_iter`` should (in addition to the usual accounting/checks done
> > +by ``write_iter``):
> > +
> > +1. Call ``copy_encoded_iov_from_iter()`` to get and validate the
> > + ``encoded_iov``.
> > +2. Call ``generic_encoded_write_checks()`` instead of
> > + ``generic_write_checks()``.
> > +3. Check that the provided encoding in ``encoded_iov`` is supported.
> > +4. Advance ``kiocb->ki_pos`` by ``encoded_iov->len``.
> > +5. Return the size of the encoded data written.
> > +
> > +Again, there are a few details:
> > +
> > +* Encoded ``write_iter`` doesn't need to support writing unencoded data.
> > +* ``write_iter`` should either write all of the encoded data or none of it; it
> > + must not do partial writes.
> > +* ``write_iter`` doesn't need to validate the encoded data; a subsequent read
> > + may return, e.g., ``-EIO`` if the data is not valid.
> > +* The user may lie about the unencoded size of the data; a subsequent read
> > + should truncate or zero-extend the unencoded data rather than returning an
> > + error.
> > +* Be careful of page cache coherency.
> > diff --git a/Documentation/filesystems/index.rst b/Documentation/filesystems/index.rst
> > index 98f59a864242..6d9e3ff0a455 100644
> > --- a/Documentation/filesystems/index.rst
> > +++ b/Documentation/filesystems/index.rst
> > @@ -53,6 +53,7 @@ filesystem implementations.
> > journalling
> > fscrypt
> > fsverity
> > + encoded_io
> >
> > Filesystems
> > ===========
> > diff --git a/fs/read_write.c b/fs/read_write.c
> > index 75f764b43418..e2ad418d2987 100644
> > --- a/fs/read_write.c
> > +++ b/fs/read_write.c
> > @@ -1625,24 +1625,15 @@ int generic_write_check_limits(struct file *file, loff_t pos, loff_t *count)
> > return 0;
> > }
> >
> > -/*
> > - * Performs necessary checks before doing a write
> > - *
> > - * Can adjust writing position or amount of bytes to write.
> > - * Returns appropriate error code that caller should return or
> > - * zero in case that write should be allowed.
> > - */
> > -ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from)
> > +static int generic_write_checks_common(struct kiocb *iocb, loff_t *count)
> > {
> > struct file *file = iocb->ki_filp;
> > struct inode *inode = file->f_mapping->host;
> > - loff_t count;
> > - int ret;
> >
> > if (IS_SWAPFILE(inode))
> > return -ETXTBSY;
> >
> > - if (!iov_iter_count(from))
> > + if (!*count)
> > return 0;
> >
> > /* FIXME: this is for backwards compatibility with 2.4 */
> > @@ -1652,8 +1643,22 @@ ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from)
> > if ((iocb->ki_flags & IOCB_NOWAIT) && !(iocb->ki_flags & IOCB_DIRECT))
> > return -EINVAL;
> >
> > - count = iov_iter_count(from);
> > - ret = generic_write_check_limits(file, iocb->ki_pos, &count);
> > + return generic_write_check_limits(iocb->ki_filp, iocb->ki_pos, count);
> > +}
> > +
> > +/*
> > + * Performs necessary checks before doing a write
> > + *
> > + * Can adjust writing position or amount of bytes to write.
> > + * Returns appropriate error code that caller should return or
> > + * zero in case that write should be allowed.
> > + */
> > +ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from)
> > +{
> > + loff_t count = iov_iter_count(from);
> > + int ret;
> > +
> > + ret = generic_write_checks_common(iocb, &count);
> > if (ret)
> > return ret;
> >
> > @@ -1684,3 +1689,139 @@ int generic_file_rw_checks(struct file *file_in, struct file *file_out)
> >
> > return 0;
> > }
> > +
> > +/**
> > + * generic_encoded_write_checks() - check an encoded write
> > + * @iocb: I/O context.
> > + * @encoded: Encoding metadata.
> > + *
> > + * This should be called by RWF_ENCODED write implementations rather than
> > + * generic_write_checks(). Unlike generic_write_checks(), it returns -EFBIG
> > + * instead of adjusting the size of the write.
> > + *
> > + * Return: 0 on success, -errno on error.
> > + */
> > +int generic_encoded_write_checks(struct kiocb *iocb,
> > + const struct encoded_iov *encoded)
> > +{
> > + loff_t count = encoded->len;
> > + int ret;
> > +
> > + if (!(iocb->ki_filp->f_flags & O_ALLOW_ENCODED))
> > + return -EPERM;
> > +
> > + ret = generic_write_checks_common(iocb, &count);
> > + if (ret)
> > + return ret;
> > +
> > + if (count != encoded->len) {
> > + /*
> > + * The write got truncated by generic_write_checks_common(). We
> > + * can't do a partial encoded write.
> > + */
> > + return -EFBIG;
> > + }
> > + return 0;
> > +}
> > +EXPORT_SYMBOL(generic_encoded_write_checks);
> > +
> > +/**
> > + * copy_encoded_iov_from_iter() - copy a &struct encoded_iov from userspace
> > + * @encoded: Returned encoding metadata.
> > + * @from: Source iterator.
> > + *
> > + * This copies in the &struct encoded_iov and does some basic sanity checks.
> > + * This should always be used rather than a plain copy_from_iter(), as it does
> > + * the proper handling for backward- and forward-compatibility.
> > + *
> > + * Return: 0 on success, -EFAULT if access to userspace failed, -E2BIG if the
> > + * copied structure contained non-zero fields that this kernel doesn't
> > + * support, -EINVAL if the copied structure was invalid.
> > + */
> > +int copy_encoded_iov_from_iter(struct encoded_iov *encoded,
> > + struct iov_iter *from)
> > +{
> > + size_t usize;
> > + int ret;
> > +
> > + usize = iov_iter_single_seg_count(from);
> > + if (usize > PAGE_SIZE)
> > + return -E2BIG;
> > + if (usize < ENCODED_IOV_SIZE_VER0)
> > + return -EINVAL;
> > + ret = copy_struct_from_iter(encoded, sizeof(*encoded), from, usize);
> > + if (ret)
> > + return ret;
> > +
> > + if (encoded->compression == ENCODED_IOV_COMPRESSION_NONE &&
> > + encoded->encryption == ENCODED_IOV_ENCRYPTION_NONE)
> > + return -EINVAL;
> > + if (encoded->compression > ENCODED_IOV_COMPRESSION_TYPES ||
> > + encoded->encryption > ENCODED_IOV_ENCRYPTION_TYPES)
> > + return -EINVAL;
> > + if (encoded->unencoded_offset > encoded->unencoded_len)
> > + return -EINVAL;
> > + if (encoded->len > encoded->unencoded_len - encoded->unencoded_offset)
> > + return -EINVAL;
> > + return 0;
> > +}
> > +EXPORT_SYMBOL(copy_encoded_iov_from_iter);
> > +
> > +/**
> > + * generic_encoded_read_checks() - sanity check an RWF_ENCODED read
> > + * @iocb: I/O context.
> > + * @iter: Destination iterator for read.
> > + *
> > + * This should always be called by RWF_ENCODED read implementations before
> > + * returning any data.
> > + *
> > + * Return: Number of bytes available to return encoded data in @iter on success,
> > + * -EPERM if the file was not opened with O_ALLOW_ENCODED, -EINVAL if
> > + * the size of the &struct encoded_iov iovec is invalid.
> > + */
> > +ssize_t generic_encoded_read_checks(struct kiocb *iocb, struct iov_iter *iter)
> > +{
> > + size_t usize;
> > +
> > + if (!(iocb->ki_filp->f_flags & O_ALLOW_ENCODED))
> > + return -EPERM;
> > + usize = iov_iter_single_seg_count(iter);
> > + if (usize > PAGE_SIZE || usize < ENCODED_IOV_SIZE_VER0)
> > + return -EINVAL;
> > + return iov_iter_count(iter) - usize;
> > +}
> > +EXPORT_SYMBOL(generic_encoded_read_checks);
> > +
> > +/**
> > + * copy_encoded_iov_to_iter() - copy a &struct encoded_iov to userspace
> > + * @encoded: Encoding metadata to return.
> > + * @to: Destination iterator.
> > + *
> > + * This should always be used by RWF_ENCODED read implementations rather than a
> > + * plain copy_to_iter(), as it does the proper handling for backward- and
> > + * forward-compatibility. The iterator must be sanity-checked with
> > + * generic_encoded_read_checks() before this is called.
> > + *
> > + * Return: 0 on success, -EFAULT if access to userspace failed, -E2BIG if there
> > + * were non-zero fields in @encoded that the user buffer could not
> > + * accommodate.
> > + */
> > +int copy_encoded_iov_to_iter(const struct encoded_iov *encoded,
> > + struct iov_iter *to)
> > +{
> > + size_t ksize = sizeof(*encoded);
> > + size_t usize = iov_iter_single_seg_count(to);
> > + size_t size = min(ksize, usize);
> > +
> > + /* We already sanity-checked usize in generic_encoded_read_checks(). */
> > +
> > + if (usize < ksize &&
> > + memchr_inv((char *)encoded + usize, 0, ksize - usize))
> > + return -E2BIG;
> > + if (copy_to_iter(encoded, size, to) != size ||
> > + (usize > ksize &&
> > + iov_iter_zero(usize - ksize, to) != usize - ksize))
> > + return -EFAULT;
> > + return 0;
> > +}
> > +EXPORT_SYMBOL(copy_encoded_iov_to_iter);
> > diff --git a/include/linux/fs.h b/include/linux/fs.h
> > index 8667d0cdc71e..67810bf6fb1c 100644
> > --- a/include/linux/fs.h
> > +++ b/include/linux/fs.h
> > @@ -178,6 +178,9 @@ typedef int (dio_iodone_t)(struct kiocb *iocb, loff_t offset,
> > /* File supports async buffered reads */
> > #define FMODE_BUF_RASYNC ((__force fmode_t)0x40000000)
> >
> > +/* File supports encoded IO */
> > +#define FMODE_ENCODED_IO ((__force fmode_t)0x80000000)
> > +
> > /*
> > * Attribute flags. These should be or-ed together to figure out what
> > * has been changed!
> > @@ -308,6 +311,7 @@ enum rw_hint {
> > #define IOCB_SYNC (__force int) RWF_SYNC
> > #define IOCB_NOWAIT (__force int) RWF_NOWAIT
> > #define IOCB_APPEND (__force int) RWF_APPEND
> > +#define IOCB_ENCODED (__force int) RWF_ENCODED
> >
> > /* non-RWF related bits - start at 16 */
> > #define IOCB_EVENTFD (1 << 16)
> > @@ -2964,6 +2968,13 @@ extern int generic_file_readonly_mmap(struct file *, struct vm_area_struct *);
> > extern ssize_t generic_write_checks(struct kiocb *, struct iov_iter *);
> > extern int generic_write_check_limits(struct file *file, loff_t pos,
> > loff_t *count);
> > +struct encoded_iov;
> > +extern int generic_encoded_write_checks(struct kiocb *,
> > + const struct encoded_iov *);
> > +extern int copy_encoded_iov_from_iter(struct encoded_iov *, struct iov_iter *);
> > +extern ssize_t generic_encoded_read_checks(struct kiocb *, struct iov_iter *);
> > +extern int copy_encoded_iov_to_iter(const struct encoded_iov *,
> > + struct iov_iter *);
> > extern int generic_file_rw_checks(struct file *file_in, struct file *file_out);
> > extern ssize_t generic_file_buffered_read(struct kiocb *iocb,
> > struct iov_iter *to, ssize_t already_read);
> > diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
> > index f44eb0a04afd..95493420117a 100644
> > --- a/include/uapi/linux/fs.h
> > +++ b/include/uapi/linux/fs.h
> > @@ -279,6 +279,42 @@ struct fsxattr {
> > SYNC_FILE_RANGE_WAIT_BEFORE | \
> > SYNC_FILE_RANGE_WAIT_AFTER)
> >
> > +enum {
> > + ENCODED_IOV_COMPRESSION_NONE,
> > +#define ENCODED_IOV_COMPRESSION_NONE ENCODED_IOV_COMPRESSION_NONE
> > + ENCODED_IOV_COMPRESSION_BTRFS_ZLIB,
> > +#define ENCODED_IOV_COMPRESSION_BTRFS_ZLIB ENCODED_IOV_COMPRESSION_BTRFS_ZLIB
> > + ENCODED_IOV_COMPRESSION_BTRFS_ZSTD,
> > +#define ENCODED_IOV_COMPRESSION_BTRFS_ZSTD ENCODED_IOV_COMPRESSION_BTRFS_ZSTD
> > + ENCODED_IOV_COMPRESSION_BTRFS_LZO_4K,
> > +#define ENCODED_IOV_COMPRESSION_BTRFS_LZO_4K ENCODED_IOV_COMPRESSION_BTRFS_LZO_4K
> > + ENCODED_IOV_COMPRESSION_BTRFS_LZO_8K,
> > +#define ENCODED_IOV_COMPRESSION_BTRFS_LZO_8K ENCODED_IOV_COMPRESSION_BTRFS_LZO_8K
> > + ENCODED_IOV_COMPRESSION_BTRFS_LZO_16K,
> > +#define ENCODED_IOV_COMPRESSION_BTRFS_LZO_16K ENCODED_IOV_COMPRESSION_BTRFS_LZO_16K
> > + ENCODED_IOV_COMPRESSION_BTRFS_LZO_32K,
> > +#define ENCODED_IOV_COMPRESSION_BTRFS_LZO_32K ENCODED_IOV_COMPRESSION_BTRFS_LZO_32K
> > + ENCODED_IOV_COMPRESSION_BTRFS_LZO_64K,
> > +#define ENCODED_IOV_COMPRESSION_BTRFS_LZO_64K ENCODED_IOV_COMPRESSION_BTRFS_LZO_64K
> > + ENCODED_IOV_COMPRESSION_TYPES = ENCODED_IOV_COMPRESSION_BTRFS_LZO_64K,
> > +};
> > +
>
> I am not a fan of this trick.
> There is no shortage of enums in uapi headers, but I think that if we want
> to set values in stone, the values should be set explicitly and not
> auto assigned
> by compiler.
>
> If anybody ever adds a line, say ENCODED_IOV_COMPRESSION_BTRFS_ZLIB_V2
> in the middle of the enum list, it won't be obvious that it's a uapi breakage.
>
> In principle, we could have partitioned the encoding types by domains
> (e.g. btrfs),
> and the btrfs specific encodings would have been a part of a btrfs
> header, but it's
> not that important.
>
> However, please move all encoded_io stuff to a new uapi header and do
> not include it
> from fs.h to avoid having to compile most filesystems every time a new
> btrfs private encoding
> type is added.
Fine with me, I'll make these #define's and move them to their own
header.
Thanks,
Omar
