On 09/15/2014 09:15 AM, Dave Chinner wrote: > On Sun, Sep 14, 2014 at 03:25:45PM +0300, Boaz Harrosh wrote: <> > > Well, that's one way of working around the immediate issue, but I > don't think it solves the whole problem. e.g. what do you do with the > bit of the partial write that failed? We may have allocated space > for it but not written data to it, so to simply fail exposes stale > data in the file(*). > I'm confused. From what you said and what I read of the dax_do_io code the only possible error is ENOSPC from getblock. (since ->direct_access() and memcopy cannot fail.) Is it possible to fail with ENOSPC and still allocate an unwritten block? > Hence it's not clear to me that simply returning the short write is > a valid solution for DAX-enabled filesystems. I think that the > above - initially, at least - is much better than falling back to > buffered IO but filesystems are going to have to be updated to work > correctly without that fallback. > The way I read dax_do_io it will call getblock, write or zero it and continue to the next one only after that. If not we should establish an handshake that will at least zero out any error blocks, and or d-allocates them. But can you see such code path in dax_do_io? >> Yes I agree this is a very bad data corruption bug. I also think >> that the read path should not be allowed to fall back to buffered >> IO just the same for the same reason. We must not allow any real >> data in page_cache for a DAX file. > > Right, I didn't check the read path for the same issue as XFS won't > return a short read on direct IO unless the read spans EOF. And in > that case it won't ever do buffered reads. ;) > Right read is less problematic. I guess. But we should not attempt a buffered read anyway. > Cheers, > Dave. > > (*) XFS avoids this problem by always using unwritten extents for > direct IO allocation, but I'm pretty sure that ext4 doesn't do this. > Using unwritten extents means that we don't expose stale data in the > event we don't end up writing to the allocated space. > If only we had an xfstest for this ? Thanks Boaz -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>