[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v6 3/5] 9pfs: add new function v9fs_co_readdir_many()
|
From: |
Greg Kurz |
|
Subject: |
Re: [PATCH v6 3/5] 9pfs: add new function v9fs_co_readdir_many() |
|
Date: |
Thu, 30 Apr 2020 15:30:49 +0200 |
On Thu, 30 Apr 2020 14:50:31 +0200
Christian Schoenebeck <address@hidden> wrote:
> On Donnerstag, 30. April 2020 13:42:35 CEST Greg Kurz wrote:
> > > +/*
> > > + * This is solely executed on a background IO thread.
> > > + *
> > > + * See v9fs_co_readdir_many() (as its only user) below for details.
> > > + */
> > > +static int do_readdir_many(V9fsPDU *pdu, V9fsFidState *fidp,
> > > + struct V9fsDirEnt **entries,
> > > + int32_t maxsize, bool dostat)
> > > +{
> > > + V9fsState *s = pdu->s;
> > > + V9fsString name;
> > > + int len, err = 0;
> > > + int32_t size = 0;
> > > + off_t saved_dir_pos;
> > > + struct dirent *dent;
> > > + struct V9fsDirEnt *e = NULL;
> > > + V9fsPath path;
> > > + struct stat stbuf;
> > >
> > > - errno = 0;
> > > - entry = s->ops->readdir(&s->ctx, &fidp->fs);
> > > - if (!entry && errno) {
> > > + *entries = NULL;
> > > + v9fs_path_init(&path);
> > > +
> > > + /*
> > > + * TODO: Here should be a warn_report_once() if lock failed.
> > > + *
> > > + * With a good 9p client we should not get into concurrency here,
> > > + * because a good client would not use the same fid for concurrent
> > > + * requests. We do the lock here for safety reasons though. However
> > > + * the client would then suffer performance issues, so better log
> > > that
> > > + * issue here.
> > > + */
> > > + v9fs_readdir_lock(&fidp->fs.dir);
> >
> > I agree that a client that issues concurrent readdir requests on the
> > same fid is probably asking for troubles, but this permitted by the
> > spec. Whether we should detect such conditions and warn or even fail
> > is discussion for another thread.
> >
> > The locking is only needed to avoid concurrent accesses to the dirent
> > structure returned by readdir(), otherwise we could return partially
> > overwritten file names to the client. It must be done for each individual
> > call to readdir(), but certainly not for multiple calls.
>
> Yeah, that would resolve this issue more appropriately for 9p2000.L, since
> Treaddir specifies an offset, but for 9p2000.u the result of a concurrent
> read
> on a directory (9p2000.u) would still be undefined.
>
The bad client behavior you want to tackle has nothing to do with
the locking itself. Since all the code in 9p.c runs serialized in
the context of the QEMU main loop, concurrent readdir requests could
easily be detected up-front with a simple flag in the fid structure.
> > As discussed privately, I'm working on a patch to better address the
> > locking and I'd really prefer to merge this before your series. Sorry
> > for the delay again. I'll try to post ASAP.
> >
> > Anyway, I have some more remarks.
> >
> > > +
> > > + /* save the directory position */
> > > + saved_dir_pos = s->ops->telldir(&s->ctx, &fidp->fs);
> > > + if (saved_dir_pos < 0) {
> > > + err = saved_dir_pos;
> > > + goto out;
> > > + }
> > > +
> > > + while (true) {
> > > + /* get directory entry from fs driver */
> > > + err = do_readdir(pdu, fidp, &dent);
> > > + if (err || !dent) {
> > > + break;
> > > + }
> > > +
> > > + /*
> > > + * stop this loop as soon as it would exceed the allowed maximum
> > > + * response message size for the directory entries collected so
> > > far, + * because anything beyond that size would need to be
> > > discarded by + * 9p controller (main thread / top half) anyway
> > > + */
> > > + v9fs_string_init(&name);
> > > + v9fs_string_sprintf(&name, "%s", dent->d_name);
> > > + len = v9fs_readdir_response_size(&name);
> > > + v9fs_string_free(&name);
> > > + if (size + len > maxsize) {
> > > + /* this is not an error case actually */
> > > + break;
> > > + }
> > > +
> > > + /* append next node to result chain */
> > > + if (!e) {
> > > + *entries = e = g_malloc0(sizeof(V9fsDirEnt));
> > > + } else {
> > > + e = e->next = g_malloc0(sizeof(V9fsDirEnt));
> > > + }
> > > + e->dent = g_malloc0(sizeof(struct dirent));
> >
> > So we're allocating a bunch of stuff here...
> >
> > > + memcpy(e->dent, dent, sizeof(struct dirent));
> > > +
> > > + /* perform a full stat() for directory entry if requested by
> > > caller */ + if (dostat) {
> > > + err = s->ops->name_to_path(
> > > + &s->ctx, &fidp->path, dent->d_name, &path
> > > + );
> > > + if (err < 0) {
> > >
> > > err = -errno;
> > >
> > > - } else {
> > > - *dent = entry;
> > > - err = 0;
> > > + break;
> >
> > ... but we're erroring out there and it seems that we're leaking
> > all the entries that have been allocated so far.
>
> No, they are not leaking actually.
>
> You are right that they are not deallocated in do_readdir_many(), but that's
> intentional: in the new implementation of v9fs_do_readdir() you see that
> v9fs_free_dirents(entries) is *always* called at the very end of the
> function,
> no matter if success or any error. That's one of the measures to simplify
> overall code as much as possible.
>
Hmm... I still don't quite like the idea of having an erroring function
asking for extra cleanup. I suggest you come up with an idem-potent version
of v9fs_free_dirents(), move it to codir.c (I also prefer locality of calls
to g_malloc and g_free in the same unit), make it extern and call it
both on the error path of v9fs_co_readdir_many() and in v9fs_do_readdir().
> As you might have noticed, the previous/current v9fs_do_readdir()
> implementation had quite a bunch of individual error pathes, which is quite
> error prone or at least makes it difficult to maintain. So I think it makes
> sense to strip unnecessary branches as much as possible.
>
> > Also I have the impression that all the if (dostat) { } block could
> > be done before chaining a new entry.
>
> Yes, you could move it forward, but what would you buy from that?
>
It just seems a better practice to do the things that can fail up front.
> I think you mean the case when there's an error inside the if (dostat) {}
> block: The comments on struct V9fsDirEnt already suggest that the "st" member
> is optional and may be NULL. So if there's an error inside if (dostat) {}
> then caller still has a valid "dent" field at least and it's up to caller
> whether or not it's a problem for its purpose that "st" is empty. For that
> reason I would not move the block forward.
>
Hrm... the comment is:
/*
* optional (may be NULL): A full stat of each directory entry is just
* done if explicitly told to fs driver.
*/
I don't read that it is optional for the fs driver to populate "st"
if this was required by the caller. Also, looking at the next patch
I see that the condition for calling stat() is V9FS_REMAP_INODES and
the code explicitly requires "st" to be available in this case.
> Best regards,
> Christian Schoenebeck
>
>
Cheers,
--
Greg
- [PATCH v6 0/5] 9pfs: readdir optimization, Christian Schoenebeck, 2020/04/19
- [PATCH v6 2/5] 9pfs: make v9fs_readdir_response_size() public, Christian Schoenebeck, 2020/04/19
- [PATCH v6 1/5] tests/virtio-9p: added split readdir tests, Christian Schoenebeck, 2020/04/19
- [PATCH v6 5/5] 9pfs: clarify latency of v9fs_co_run_in_worker(), Christian Schoenebeck, 2020/04/19
- [PATCH v6 4/5] 9pfs: T_readdir latency optimization, Christian Schoenebeck, 2020/04/19
- [PATCH v6 3/5] 9pfs: add new function v9fs_co_readdir_many(), Christian Schoenebeck, 2020/04/19