On Fri, Aug 31, 2018 at 08:28:13AM +0200, Christoph Hellwig wrote: > On Thu, Aug 30, 2018 at 11:28:49AM -0700, Darrick J. Wong wrote: > > I prefer to have FIBMAP return errors to *cough* encourage people to use > > FIEMAP. If code are going to abuse the FI[BE]MAP interface they could > > at least abuse the one that gives it enough context to avoid fs > > corruption. (A proper fs driver would be preferable, though very > > difficult). > > I think Carlos was looking into implementing the FIBMAP ioctl > using ->fiemap. In that case we could return sensible errors, > and centralize policy in a single place.. > So basically ioctl_fibmap() either prioritizes ->fiemap() or looks for some special combination of (fiemap && !bmap) to translate the call.. > > Granted, grub's blocklist code doesn't seem to check for shared blocks > > when it writes grubenv.... yuck, though TBH I don't have the eye budget > > to spend on digging through grub2. Frankly I think FIBMAP comes verrry > > close to "this API is unfixably stupid and shouldn't be enabled for new > > use cases and should go away some day". > > .. and that policy should be: always return an error for the slightest > unusual file layout (shared, encrypted, inline, etc). ... and then return some error if the associate extent is in some state that cannot be described by fibmap..? That sounds like a nice option to me. Carlos..? Maybe it's too late for this, but I think even dropping ->bmap completely for the time being on XFS reflink=1 filesystems is preferable to the current behavior where we return a perfectly valid result and pretend that somehow represents an error to userspace. The arguments for the current behavior essentially apply the "known fibmap usecase of direct block writes" as justification for implementing this policy in the kernel. In practice, the current behavior just trades off one problem (data corruption) for another where the end result is probably the same for that particular use case: the system doesn't boot. If we dropped bmap, then at least there's an obvious error and the user can decide whether to update to fiemap or disable reflink (as opposed to us having to continue to chase down these odd bootloader issues). Brian
