From: Christian Brauner <brauner@kernel.org>
To: Jan Kara <jack@suse.cz>
Cc: lsf-pc@lists.linux-foundation.org, linux-fsdevel@vger.kernel.org,
linux-mm@kvack.org, linux-btrfs@vger.kernel.org,
linux-block@vger.kernel.org,
Matthew Wilcox <willy@infradead.org>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [LSF/MM/BPF TOPIC] Dropping page cache of individual fs
Date: Wed, 17 Jan 2024 13:53:20 +0100 [thread overview]
Message-ID: <20240117-tupfen-unqualifiziert-173af9bc68c8@brauner> (raw)
In-Reply-To: <20240116114519.jcktectmk2thgagw@quack3>
On Tue, Jan 16, 2024 at 12:45:19PM +0100, Jan Kara wrote:
> On Tue 16-01-24 11:50:32, Christian Brauner wrote:
>
> <snip the usecase details>
>
> > My initial reaction is to give userspace an API to drop the page cache
> > of a specific filesystem which may have additional uses. I initially had
> > started drafting an ioctl() and then got swayed towards a
> > posix_fadvise() flag. I found out that this was already proposed a few
> > years ago but got rejected as it was suspected this might just be
> > someone toying around without a real world use-case. I think this here
> > might qualify as a real-world use-case.
> >
> > This may at least help securing users with a regular dm-crypt setup
> > where dm-crypt is the top layer. Users that stack additional layers on
> > top of dm-crypt may still leak plaintext of course if they introduce
> > additional caching. But that's on them.
>
> Well, your usecase has one substantial difference from drop_caches. You
> actually *require* pages to be evicted from the page cache for security
> purposes. And giving any kind of guarantees is going to be tough. Think for
> example when someone grabs page cache folio reference through vmsplice(2),
> then you initiate your dmSuspend and want to evict page cache. What are you
> going to do? You cannot free the folio while the refcount is elevated, you
> could possibly detach it from the page cache so it isn't at least visible
> but that has side effects too - after you resume the folio would remain
> detached so it will not see changes happening to the file anymore. So IMHO
> the only thing you could do without problematic side-effects is report
> error. Which would be user unfriendly and could be actually surprisingly
> frequent due to trasient folio references taken by various code paths.
I wonder though, if you start suspending userspace and the filesystem
how likely are you to encounter these transient errors?
>
> Sure we could report error only if the page has pincount elevated, not only
> refcount, but it needs some serious thinking how this would interact.
>
> Also what is going to be the interaction with mlock(2)?
>
> Overall this doesn't seem like "just tweak drop_caches a bit" kind of
> work...
So when I talked to the Gnome people they were interested in an optimal
or a best-effort solution. So returning an error might actually be useful.
I'm specifically put this here because my knowledge of the page cache
isn't sufficient to make a judgement what guarantees are and aren't
feasible. So I'm grateful for any insight here.
next prev parent reply other threads:[~2024-01-17 12:53 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-16 10:50 Christian Brauner
2024-01-16 11:45 ` Jan Kara
2024-01-17 12:53 ` Christian Brauner [this message]
2024-01-17 14:35 ` Jan Kara
2024-01-17 14:52 ` Matthew Wilcox
2024-01-17 20:51 ` Phillip Susi
2024-01-17 20:58 ` Matthew Wilcox
2024-01-18 14:26 ` Christian Brauner
2024-01-30 0:13 ` Adrian Vovk
2024-02-15 13:57 ` Jan Kara
2024-02-15 19:46 ` Adrian Vovk
2024-02-15 23:17 ` Dave Chinner
[not found] ` <10c3b162-265b-442b-80e9-8563c0168a8b@gmail.com>
2024-02-16 20:38 ` init_on_alloc digression: " John Hubbard
2024-02-16 21:11 ` Adrian Vovk
2024-02-16 21:19 ` John Hubbard
2024-01-16 15:25 ` James Bottomley
2024-01-16 15:40 ` Matthew Wilcox
2024-01-16 15:54 ` James Bottomley
2024-01-16 20:56 ` Dave Chinner
2024-01-17 6:17 ` Theodore Ts'o
2024-01-30 1:14 ` Adrian Vovk
2024-01-17 13:19 ` Christian Brauner
2024-01-17 22:26 ` Dave Chinner
2024-01-18 14:09 ` Christian Brauner
2024-02-05 17:39 ` Russell Haley
2024-02-17 4:04 ` Kent Overstreet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240117-tupfen-unqualifiziert-173af9bc68c8@brauner \
--to=brauner@kernel.org \
--cc=hch@infradead.org \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lsf-pc@lists.linux-foundation.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox