[v4,15/17] xfs: Check for -ENOATTR or -EEXIST

Message ID	20191107012801.22863-16-allison.henderson@oracle.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <SRS0=aC/G=Y7=vger.kernel.org=linux-xfs-owner@kernel.org> From: Allison Collins <allison.henderson@oracle.com> To: linux-xfs@vger.kernel.org Subject: [PATCH v4 15/17] xfs: Check for -ENOATTR or -EEXIST Date: Wed, 6 Nov 2019 18:27:59 -0700 Message-Id: <20191107012801.22863-16-allison.henderson@oracle.com> In-Reply-To: <20191107012801.22863-1-allison.henderson@oracle.com> References: <20191107012801.22863-1-allison.henderson@oracle.com> Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk
Series	xfs: Delay Ready Attributes \| expand [v4,00/17] xfs: Delay Ready Attributes [v4,01/17] xfs: Remove all strlen in all xfs_attr_* functions for attr names. [v4,02/17] xfs: Replace attribute parameters with struct xfs_name [v4,03/17] xfs: Embed struct xfs_name in xfs_da_args [v4,04/17] xfs: Add xfs_dabuf defines [v4,05/17] xfs: Add xfs_has_attr and subroutines [v4,06/17] xfs: Factor out new helper functions xfs_attr_rmtval_set [v4,07/17] xfs: Factor up trans handling in xfs_attr3_leaf_flipflags [v4,08/17] xfs: Factor out xfs_attr_leaf_addname helper [v4,09/17] xfs: Factor up commit from xfs_attr_try_sf_addname [v4,10/17] xfs: Factor up trans roll from xfs_attr3_leaf_setflag [v4,11/17] xfs: Add xfs_attr3_leaf helper functions [v4,12/17] xfs: Factor out xfs_attr_rmtval_invalidate [v4,13/17] xfs: Factor up trans roll in xfs_attr3_leaf_clearflag [v4,14/17] xfs: Add delay context to xfs_da_args [v4,15/17] xfs: Check for -ENOATTR or -EEXIST [v4,16/17] xfs: Add delay ready attr remove routines [v4,17/17] xfs: Add delay ready attr set routines

Allison Henderson Nov. 7, 2019, 1:27 a.m. UTC

Delayed operations cannot return error codes.  So we must check for
these conditions first before starting set or remove operations

Signed-off-by: Allison Collins <allison.henderson@oracle.com>
---
 fs/xfs/libxfs/xfs_attr.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

Darrick J. Wong Nov. 8, 2019, 9:28 p.m. UTC | #1

On Wed, Nov 06, 2019 at 06:27:59PM -0700, Allison Collins wrote:
> Delayed operations cannot return error codes.  So we must check for
> these conditions first before starting set or remove operations
> 
> Signed-off-by: Allison Collins <allison.henderson@oracle.com>
> ---
>  fs/xfs/libxfs/xfs_attr.c | 25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
> 
> diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c
> index 5dcb19f..626d4a98 100644
> --- a/fs/xfs/libxfs/xfs_attr.c
> +++ b/fs/xfs/libxfs/xfs_attr.c
> @@ -458,6 +458,27 @@ xfs_attr_set(
>  		goto out_trans_cancel;
>  
>  	xfs_trans_ijoin(args.trans, dp, 0);
> +
> +	error = xfs_has_attr(&args);
> +	if (error == -EEXIST) {
> +		if (name->type & ATTR_CREATE)
> +			goto out_trans_cancel;
> +		else
> +			name->type |= ATTR_REPLACE;
> +	}
> +
> +	if (error == -ENOATTR && (name->type & ATTR_REPLACE))
> +		goto out_trans_cancel;
> +
> +	if (name->type & ATTR_REPLACE) {
> +		name->type &= ~ATTR_REPLACE;
> +		error = xfs_attr_remove_args(&args);
> +		if (error)
> +			goto out_trans_cancel;
> +
> +		name->type |= ATTR_CREATE;

I thought _set_args already handled the remove part of replacing an
attr?  And I thought that it did this with an atomic rename?  Won't this
break the atomicity of attr replacement?

--D

> +	}
> +
>  	error = xfs_attr_set_args(&args);
>  	if (error)
>  		goto out_trans_cancel;
> @@ -543,6 +564,10 @@ xfs_attr_remove(
>  	 */
>  	xfs_trans_ijoin(args.trans, dp, 0);
>  
> +	error = xfs_has_attr(&args);
> +	if (error == -ENOATTR)
> +		goto out;
> +
>  	error = xfs_attr_remove_args(&args);
>  	if (error)
>  		goto out;
> -- 
> 2.7.4
>

Allison Henderson Nov. 8, 2019, 9:42 p.m. UTC | #2

On 11/8/19 2:28 PM, Darrick J. Wong wrote:
> On Wed, Nov 06, 2019 at 06:27:59PM -0700, Allison Collins wrote:
>> Delayed operations cannot return error codes.  So we must check for
>> these conditions first before starting set or remove operations
>>
>> Signed-off-by: Allison Collins <allison.henderson@oracle.com>
>> ---
>>   fs/xfs/libxfs/xfs_attr.c | 25 +++++++++++++++++++++++++
>>   1 file changed, 25 insertions(+)
>>
>> diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c
>> index 5dcb19f..626d4a98 100644
>> --- a/fs/xfs/libxfs/xfs_attr.c
>> +++ b/fs/xfs/libxfs/xfs_attr.c
>> @@ -458,6 +458,27 @@ xfs_attr_set(
>>   		goto out_trans_cancel;
>>   
>>   	xfs_trans_ijoin(args.trans, dp, 0);
>> +
>> +	error = xfs_has_attr(&args);
>> +	if (error == -EEXIST) {
>> +		if (name->type & ATTR_CREATE)
>> +			goto out_trans_cancel;
>> +		else
>> +			name->type |= ATTR_REPLACE;
>> +	}
>> +
>> +	if (error == -ENOATTR && (name->type & ATTR_REPLACE))
>> +		goto out_trans_cancel;
>> +
>> +	if (name->type & ATTR_REPLACE) {
>> +		name->type &= ~ATTR_REPLACE;
>> +		error = xfs_attr_remove_args(&args);
>> +		if (error)
>> +			goto out_trans_cancel;
>> +
>> +		name->type |= ATTR_CREATE;
> 
> I thought _set_args already handled the remove part of replacing an
> attr?  
No, IIRC in one of the other reviews we decided to break the rename into 
a set and then a remove.  That way the error handling moves up here 
instead of trying to deal with it in the middle of the delayed operation

And I thought that it did this with an atomic rename?  Won't this
> break the atomicity of attr replacement?
Hmm, think this worked for delayed operations, but not anymore since 
we're going back to supporting both delayed and inline in one code path. 
  I think what this means is that the flip flag has to get moved in 
here, right?  We flip on the incomplete flag before the remove and then 
set it when the rename is done?

> 
> --D
> 
>> +	}
>> +
>>   	error = xfs_attr_set_args(&args);
>>   	if (error)
>>   		goto out_trans_cancel;
>> @@ -543,6 +564,10 @@ xfs_attr_remove(
>>   	 */
>>   	xfs_trans_ijoin(args.trans, dp, 0);
>>   
>> +	error = xfs_has_attr(&args);
>> +	if (error == -ENOATTR)
>> +		goto out;
>> +
>>   	error = xfs_attr_remove_args(&args);
>>   	if (error)
>>   		goto out;
>> -- 
>> 2.7.4
>>

Darrick J. Wong Nov. 8, 2019, 9:51 p.m. UTC | #3

On Fri, Nov 08, 2019 at 02:42:52PM -0700, Allison Collins wrote:
> On 11/8/19 2:28 PM, Darrick J. Wong wrote:
> > On Wed, Nov 06, 2019 at 06:27:59PM -0700, Allison Collins wrote:
> > > Delayed operations cannot return error codes.  So we must check for
> > > these conditions first before starting set or remove operations
> > > 
> > > Signed-off-by: Allison Collins <allison.henderson@oracle.com>
> > > ---
> > >   fs/xfs/libxfs/xfs_attr.c | 25 +++++++++++++++++++++++++
> > >   1 file changed, 25 insertions(+)
> > > 
> > > diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c
> > > index 5dcb19f..626d4a98 100644
> > > --- a/fs/xfs/libxfs/xfs_attr.c
> > > +++ b/fs/xfs/libxfs/xfs_attr.c
> > > @@ -458,6 +458,27 @@ xfs_attr_set(
> > >   		goto out_trans_cancel;
> > >   	xfs_trans_ijoin(args.trans, dp, 0);
> > > +
> > > +	error = xfs_has_attr(&args);
> > > +	if (error == -EEXIST) {
> > > +		if (name->type & ATTR_CREATE)
> > > +			goto out_trans_cancel;
> > > +		else
> > > +			name->type |= ATTR_REPLACE;
> > > +	}
> > > +
> > > +	if (error == -ENOATTR && (name->type & ATTR_REPLACE))
> > > +		goto out_trans_cancel;
> > > +
> > > +	if (name->type & ATTR_REPLACE) {
> > > +		name->type &= ~ATTR_REPLACE;
> > > +		error = xfs_attr_remove_args(&args);
> > > +		if (error)
> > > +			goto out_trans_cancel;
> > > +
> > > +		name->type |= ATTR_CREATE;
> > 
> > I thought _set_args already handled the remove part of replacing an
> > attr?
> No, IIRC in one of the other reviews we decided to break the rename into a
> set and then a remove.

But this looks like we remove the old attr before setting the new one,
which means that if we crash right here we'll come back up with no attr
at all.  The INCOMPLETE flag flipping trick only works for ATTR_REPLACE
if you add the new attr before removing the old one.

(Or am I misreading something here?)

> That way the error handling moves up here instead of
> trying to deal with it in the middle of the delayed operation

Sounds good.

> > And I thought that it did this with an atomic rename?  Won't this
> > break the atomicity of attr replacement?

> Hmm, think this worked for delayed operations, but not anymore since we're
> going back to supporting both delayed and inline in one code path.  I think
> what this means is that the flip flag has to get moved in here, right?  We
> flip on the incomplete flag before the remove and then set it when the
> rename is done?

Yeah.

--D

> 
> > 
> > --D
> > 
> > > +	}
> > > +
> > >   	error = xfs_attr_set_args(&args);
> > >   	if (error)
> > >   		goto out_trans_cancel;
> > > @@ -543,6 +564,10 @@ xfs_attr_remove(
> > >   	 */
> > >   	xfs_trans_ijoin(args.trans, dp, 0);
> > > +	error = xfs_has_attr(&args);
> > > +	if (error == -ENOATTR)
> > > +		goto out;
> > > +
> > >   	error = xfs_attr_remove_args(&args);
> > >   	if (error)
> > >   		goto out;
> > > -- 
> > > 2.7.4
> > >

Brian Foster Nov. 11, 2019, 6:24 p.m. UTC | #4

On Wed, Nov 06, 2019 at 06:27:59PM -0700, Allison Collins wrote:
> Delayed operations cannot return error codes.  So we must check for
> these conditions first before starting set or remove operations
> 
> Signed-off-by: Allison Collins <allison.henderson@oracle.com>
> ---
>  fs/xfs/libxfs/xfs_attr.c | 25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
> 
> diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c
> index 5dcb19f..626d4a98 100644
> --- a/fs/xfs/libxfs/xfs_attr.c
> +++ b/fs/xfs/libxfs/xfs_attr.c
> @@ -458,6 +458,27 @@ xfs_attr_set(
>  		goto out_trans_cancel;
>  
>  	xfs_trans_ijoin(args.trans, dp, 0);
> +
> +	error = xfs_has_attr(&args);
> +	if (error == -EEXIST) {
> +		if (name->type & ATTR_CREATE)
> +			goto out_trans_cancel;
> +		else
> +			name->type |= ATTR_REPLACE;
> +	}
> +
> +	if (error == -ENOATTR && (name->type & ATTR_REPLACE))
> +		goto out_trans_cancel;
> +
> +	if (name->type & ATTR_REPLACE) {
> +		name->type &= ~ATTR_REPLACE;
> +		error = xfs_attr_remove_args(&args);
> +		if (error)
> +			goto out_trans_cancel;
> +
> +		name->type |= ATTR_CREATE;
> +	}
> +

I see Darrick already commented on this.. I think the behavior of the
existing rename code is to essentially create the new xattr with the
INCOMPLETE flag set so we can roll transactions, etc. without any
observable behavior to userspace. Once the new xattr is fully in place,
the rename is performed atomically from the userspace perspective by
flipping the INCOMPLETE flag from the newly constructed xattr to the old
one and we can then remove the old xattr from there.

>  	error = xfs_attr_set_args(&args);
>  	if (error)
>  		goto out_trans_cancel;
> @@ -543,6 +564,10 @@ xfs_attr_remove(
>  	 */
>  	xfs_trans_ijoin(args.trans, dp, 0);
>  
> +	error = xfs_has_attr(&args);
> +	if (error == -ENOATTR)
> +		goto out;
> +

Wouldn't we want to return any error that might occur here (except
-EEXIST), not just -ENOATTR if there's actually no xattr?

Brian

>  	error = xfs_attr_remove_args(&args);
>  	if (error)
>  		goto out;
> -- 
> 2.7.4
>

Allison Henderson Nov. 12, 2019, 12:33 a.m. UTC | #5

On 11/11/19 11:24 AM, Brian Foster wrote:
> On Wed, Nov 06, 2019 at 06:27:59PM -0700, Allison Collins wrote:
>> Delayed operations cannot return error codes.  So we must check for
>> these conditions first before starting set or remove operations
>>
>> Signed-off-by: Allison Collins <allison.henderson@oracle.com>
>> ---
>>   fs/xfs/libxfs/xfs_attr.c | 25 +++++++++++++++++++++++++
>>   1 file changed, 25 insertions(+)
>>
>> diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c
>> index 5dcb19f..626d4a98 100644
>> --- a/fs/xfs/libxfs/xfs_attr.c
>> +++ b/fs/xfs/libxfs/xfs_attr.c
>> @@ -458,6 +458,27 @@ xfs_attr_set(
>>   		goto out_trans_cancel;
>>   
>>   	xfs_trans_ijoin(args.trans, dp, 0);
>> +
>> +	error = xfs_has_attr(&args);
>> +	if (error == -EEXIST) {
>> +		if (name->type & ATTR_CREATE)
>> +			goto out_trans_cancel;
>> +		else
>> +			name->type |= ATTR_REPLACE;
>> +	}
>> +
>> +	if (error == -ENOATTR && (name->type & ATTR_REPLACE))
>> +		goto out_trans_cancel;
>> +
>> +	if (name->type & ATTR_REPLACE) {
>> +		name->type &= ~ATTR_REPLACE;
>> +		error = xfs_attr_remove_args(&args);
>> +		if (error)
>> +			goto out_trans_cancel;
>> +
>> +		name->type |= ATTR_CREATE;
>> +	}
>> +
> 
> I see Darrick already commented on this.. I think the behavior of the
> existing rename code is to essentially create the new xattr with the
> INCOMPLETE flag set so we can roll transactions, etc. without any
> observable behavior to userspace. Once the new xattr is fully in place,
> the rename is performed atomically from the userspace perspective by
> flipping the INCOMPLETE flag from the newly constructed xattr to the old
> one and we can then remove the old xattr from there.
Yes, I will add this logic in the next revision

> 
>>   	error = xfs_attr_set_args(&args);
>>   	if (error)
>>   		goto out_trans_cancel;
>> @@ -543,6 +564,10 @@ xfs_attr_remove(
>>   	 */
>>   	xfs_trans_ijoin(args.trans, dp, 0);
>>   
>> +	error = xfs_has_attr(&args);
>> +	if (error == -ENOATTR)
>> +		goto out;
>> +
> 
> Wouldn't we want to return any error that might occur here (except
> -EEXIST), not just -ENOATTR if there's actually no xattr?
> 
> Brian

Ok, I will change this to (error != -EEXIST)
Thanks for the reviews!

Allison


> 
>>   	error = xfs_attr_remove_args(&args);
>>   	if (error)
>>   		goto out;
>> -- 
>> 2.7.4
>>
>

[v4,15/17] xfs: Check for -ENOATTR or -EEXIST

Commit Message

Comments

Patch