On 10/11/2023 06:29, Christoph Hellwig wrote:
Yes.
As for splitting, it is not permitted for atomic writes and only a single
bio is permitted to be created per write. Are more integrity checks
required?
I'm more worried about the problem where we accidentally add a split.
The whole bio merge/split path is convoluted and we had plenty of
bugs in the past by not looking at all the correct flags or opcodes.
Yes, this is always a concern.
Some thoughts on things which could be done:
- For no merging, ensure request length is a power-of-2 when enqueuing
to block driver. This is simple but not watertight.
- Create a per-bio checksum when the bio is created for the atomic write
and ensure integrity when queuing to the block driver
- a new block layer datapath which ensures no merging or splitting, but
this seems a bit OTT
BTW, on topic of splitting, that NVMe virt boundary is a pain and I hope
that we could ignore/avoid it for atomic writes.
Thanks,
John