Message ID | 20230502101934.24901-17-johannes.thumshirn@wdc.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | bio: check return values of bio_add_page | expand |
On Tue, 2 May 2023, Johannes Thumshirn wrote: > Check if adding pages to clone bio fails and if it does retry with > reclaim. This mirrors the behaviour of page allocation in > crypt_alloc_buffer(). > > This way we can mark bio_add_pages as __must_check. > > Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com> > Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com> > --- > drivers/md/dm-crypt.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c > index 8b47b913ee83..b234dc089cee 100644 > --- a/drivers/md/dm-crypt.c > +++ b/drivers/md/dm-crypt.c > @@ -1693,7 +1693,14 @@ static struct bio *crypt_alloc_buffer(struct dm_crypt_io *io, unsigned int size) > > len = (remaining_size > PAGE_SIZE) ? PAGE_SIZE : remaining_size; > > - bio_add_page(clone, page, len, 0); > + if (!bio_add_page(clone, page, len, 0)) { > + mempool_free(page, &cc->page_pool); > + crypt_free_buffer_pages(cc, clone); > + bio_put(clone); > + gfp_mask |= __GFP_DIRECT_RECLAIM; > + goto retry; > + > + } > > remaining_size -= len; > } Hi I nack this. This just adds code that can't ever be executed. dm-crypt already allocates enough entries in the vector (see "unsigned int nr_iovecs = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;"), so bio_add_page can't fail. If you want to add __must_check to bio_add_page, you should change the dm-crypt code to: if (!bio_add_page(clone, page, len, 0)) { WARN(1, "this can't happen"); return NULL; } and not write recovery code for a can't-happen case. Mikulas
On Tue, May 30 2023 at 11:13P -0400, Mikulas Patocka <mpatocka@redhat.com> wrote: > > > On Tue, 2 May 2023, Johannes Thumshirn wrote: > > > Check if adding pages to clone bio fails and if it does retry with > > reclaim. This mirrors the behaviour of page allocation in > > crypt_alloc_buffer(). > > > > This way we can mark bio_add_pages as __must_check. > > > > Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com> > > Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com> > > --- > > drivers/md/dm-crypt.c | 9 ++++++++- > > 1 file changed, 8 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c > > index 8b47b913ee83..b234dc089cee 100644 > > --- a/drivers/md/dm-crypt.c > > +++ b/drivers/md/dm-crypt.c > > @@ -1693,7 +1693,14 @@ static struct bio *crypt_alloc_buffer(struct dm_crypt_io *io, unsigned int size) > > > > len = (remaining_size > PAGE_SIZE) ? PAGE_SIZE : remaining_size; > > > > - bio_add_page(clone, page, len, 0); > > + if (!bio_add_page(clone, page, len, 0)) { > > + mempool_free(page, &cc->page_pool); > > + crypt_free_buffer_pages(cc, clone); > > + bio_put(clone); > > + gfp_mask |= __GFP_DIRECT_RECLAIM; > > + goto retry; > > + > > + } > > > > remaining_size -= len; > > } > > Hi > > I nack this. This just adds code that can't ever be executed. > > dm-crypt already allocates enough entries in the vector (see "unsigned int > nr_iovecs = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;"), so bio_add_page can't > fail. > > If you want to add __must_check to bio_add_page, you should change the > dm-crypt code to: > if (!bio_add_page(clone, page, len, 0)) { > WARN(1, "this can't happen"); > return NULL; > } > and not write recovery code for a can't-happen case. Thanks for the review Mikulas. But the proper way forward, in the context of this patchset, is to simply change bio_add_page() to __bio_add_page() Subject becomes: "dm crypt: use __bio_add_page to add single page to clone bio" And header can explain that "crypt_alloc_buffer() already allocates enough entries in the clone bio's vector, so bio_add_page can't fail". Mike
On Tue, 30 May 2023, Mike Snitzer wrote: > On Tue, May 30 2023 at 11:13P -0400, > Mikulas Patocka <mpatocka@redhat.com> wrote: > > > Hi > > > > I nack this. This just adds code that can't ever be executed. > > > > dm-crypt already allocates enough entries in the vector (see "unsigned int > > nr_iovecs = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;"), so bio_add_page can't > > fail. > > > > If you want to add __must_check to bio_add_page, you should change the > > dm-crypt code to: > > if (!bio_add_page(clone, page, len, 0)) { > > WARN(1, "this can't happen"); > > return NULL; > > } > > and not write recovery code for a can't-happen case. > > Thanks for the review Mikulas. But the proper way forward, in the > context of this patchset, is to simply change bio_add_page() to > __bio_add_page() > > Subject becomes: "dm crypt: use __bio_add_page to add single page to clone bio" > > And header can explain that "crypt_alloc_buffer() already allocates > enough entries in the clone bio's vector, so bio_add_page can't fail". > > Mike Yes, __bio_add_page would look nicer. But bio_add_page can merge adjacent pages into a single bvec entry and __bio_add_page can't (I don't know how often the merging happens or what is the performance implication of non-merging). I think that for the next merge window, we can apply this patch: https://listman.redhat.com/archives/dm-devel/2023-May/054046.html which makes this discussion irrelevant. (you can change bio_add_page to __bio_add_page in it) Mikukas
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 8b47b913ee83..b234dc089cee 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -1693,7 +1693,14 @@ static struct bio *crypt_alloc_buffer(struct dm_crypt_io *io, unsigned int size) len = (remaining_size > PAGE_SIZE) ? PAGE_SIZE : remaining_size; - bio_add_page(clone, page, len, 0); + if (!bio_add_page(clone, page, len, 0)) { + mempool_free(page, &cc->page_pool); + crypt_free_buffer_pages(cc, clone); + bio_put(clone); + gfp_mask |= __GFP_DIRECT_RECLAIM; + goto retry; + + } remaining_size -= len; }