[2/5] mm: Document __GFP_NOFAIL must be blockable

Message ID	20240724085544.299090-3-21cnbao@gmail.com (mailing list archive)
State	New
Headers	show Return-Path: <owner-linux-mm@kvack.org> From: Barry Song <21cnbao@gmail.com> To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: 42.hyeyoo@gmail.com, cl@linux.com, hch@infradead.org, iamjoonsoo.kim@lge.com, lstoakes@gmail.com, mhocko@suse.com, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, urezki@gmail.com, v-songbaohua@oppo.com, vbabka@suse.cz, virtualization@lists.linux.dev, hailong.liu@oppo.com, torvalds@linux-foundation.org Subject: [PATCH 2/5] mm: Document __GFP_NOFAIL must be blockable Date: Wed, 24 Jul 2024 20:55:41 +1200 Message-Id: <20240724085544.299090-3-21cnbao@gmail.com> In-Reply-To: <20240724085544.299090-1-21cnbao@gmail.com> References: <20240724085544.299090-1-21cnbao@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	mm: clarify nofail memory allocation \| expand [0/5] mm: clarify nofail memory allocation [RFC,1/5] vpda: try to fix the potential crash due to misusing __GFP_NOFAIL [2/5] mm: Document __GFP_NOFAIL must be blockable [3/5] mm: BUG_ON to avoid NULL deference while __GFP_NOFAIL fails [4/5] mm: Introduce GFP_NOFAIL with the inclusion of __GFP_RECLAIM [RFC,5/5] non-mm: discourage the usage of __GFP_NOFAIL and encourage GFP_NOFAIL

Message ID

20240724085544.299090-3-21cnbao@gmail.com (mailing list archive)

State

New

Headers

From: Barry Song <21cnbao@gmail.com>
To: akpm@linux-foundation.org,
	linux-mm@kvack.org
Cc: 42.hyeyoo@gmail.com,
	cl@linux.com,
	hch@infradead.org,
	iamjoonsoo.kim@lge.com,
	lstoakes@gmail.com,
	mhocko@suse.com,
	penberg@kernel.org,
	rientjes@google.com,
	roman.gushchin@linux.dev,
	urezki@gmail.com,
	v-songbaohua@oppo.com,
	vbabka@suse.cz,
	virtualization@lists.linux.dev,
	hailong.liu@oppo.com,
	torvalds@linux-foundation.org
Subject: [PATCH 2/5] mm: Document __GFP_NOFAIL must be blockable
Date: Wed, 24 Jul 2024 20:55:41 +1200
Message-Id: <20240724085544.299090-3-21cnbao@gmail.com>
In-Reply-To: <20240724085544.299090-1-21cnbao@gmail.com>
References: <20240724085544.299090-1-21cnbao@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

mm: clarify nofail memory allocation | expand

Commit Message

Barry Song July 24, 2024, 8:55 a.m. UTC

From: Barry Song <v-songbaohua@oppo.com>

Non-blocking allocation with __GFP_NOFAIL is not supported and may
still result in NULL pointers (if we don't return NULL, we result
in busy-loop within non-sleepable contexts):

static inline struct page *
__alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order,
						struct alloc_context *ac)
{
	...
	/*
	 * Make sure that __GFP_NOFAIL request doesn't leak out and make sure
	 * we always retry
	 */
	if (gfp_mask & __GFP_NOFAIL) {
		/*
		 * All existing users of the __GFP_NOFAIL are blockable, so warn
		 * of any new users that actually require GFP_NOWAIT
		 */
		if (WARN_ON_ONCE_GFP(!can_direct_reclaim, gfp_mask))
			goto fail;
		...
	}
	...
fail:
	warn_alloc(gfp_mask, ac->nodemask,
			"page allocation failure: order:%u", order);
got_pg:
	return page;
}

Highlight this in the documentation of __GFP_NOFAIL so that non-mm
subsystems can reject any illegal usage of __GFP_NOFAIL with
GFP_ATOMIC, GFP_NOWAIT, etc.

Signed-off-by: Barry Song <v-songbaohua@oppo.com>
---
 include/linux/gfp_types.h | 2 ++
 1 file changed, 2 insertions(+)

Comments

Michal Hocko July 24, 2024, 11:58 a.m. UTC | #1

On Wed 24-07-24 20:55:41, Barry Song wrote:
> From: Barry Song <v-songbaohua@oppo.com>
> 
> Non-blocking allocation with __GFP_NOFAIL is not supported and may
> still result in NULL pointers (if we don't return NULL, we result
> in busy-loop within non-sleepable contexts):
> 
> static inline struct page *
> __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order,
> 						struct alloc_context *ac)
> {
> 	...
> 	/*
> 	 * Make sure that __GFP_NOFAIL request doesn't leak out and make sure
> 	 * we always retry
> 	 */
> 	if (gfp_mask & __GFP_NOFAIL) {
> 		/*
> 		 * All existing users of the __GFP_NOFAIL are blockable, so warn
> 		 * of any new users that actually require GFP_NOWAIT
> 		 */
> 		if (WARN_ON_ONCE_GFP(!can_direct_reclaim, gfp_mask))
> 			goto fail;
> 		...
> 	}
> 	...
> fail:
> 	warn_alloc(gfp_mask, ac->nodemask,
> 			"page allocation failure: order:%u", order);
> got_pg:
> 	return page;
> }
> 
> Highlight this in the documentation of __GFP_NOFAIL so that non-mm
> subsystems can reject any illegal usage of __GFP_NOFAIL with
> GFP_ATOMIC, GFP_NOWAIT, etc.
> 
> Signed-off-by: Barry Song <v-songbaohua@oppo.com>

Acked-by: Michal Hocko <mhocko@suse.com>

> ---
>  include/linux/gfp_types.h | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/include/linux/gfp_types.h b/include/linux/gfp_types.h
> index 313be4ad79fd..0dad2c7914be 100644
> --- a/include/linux/gfp_types.h
> +++ b/include/linux/gfp_types.h
> @@ -246,6 +246,8 @@ enum {
>   * cannot handle allocation failures. The allocation could block
>   * indefinitely but will never return with failure. Testing for
>   * failure is pointless.
> + * It _must_ be blockable and used together with __GFP_DIRECT_RECLAIM.
> + * It should _never_ be used in non-sleepable contexts.
>   * New users should be evaluated carefully (and the flag should be
>   * used only when there is no reasonable failure policy) but it is
>   * definitely preferable to use the flag rather than opencode endless
> -- 
> 2.34.1

Do you think the following addendum should be folded in just for
completness?

diff --git a/include/linux/gfp_types.h b/include/linux/gfp_types.h
index 313be4ad79fd..d024cfd1af8e 100644
--- a/include/linux/gfp_types.h
+++ b/include/linux/gfp_types.h
@@ -215,7 +215,8 @@ enum {
  * the caller still has to check for failures) while costly requests try to be
  * not disruptive and back off even without invoking the OOM killer.
  * The following three modifiers might be used to override some of these
- * implicit rules.
+ * implicit rules. Please note that all of them must be used along with
+ * %__GFP_DIRECT_RECLAIM flag.
  *
  * %__GFP_NORETRY: The VM implementation will try only very lightweight
  * memory direct reclaim to get some memory under memory pressure (thus

Davidlohr Bueso Aug. 3, 2024, 11:09 p.m. UTC | #2

On Wed, 24 Jul 2024, Barry Song wrote:\n
>From: Barry Song <v-songbaohua@oppo.com>
>
>Non-blocking allocation with __GFP_NOFAIL is not supported and may
>still result in NULL pointers (if we don't return NULL, we result
>in busy-loop within non-sleepable contexts):
>
>static inline struct page *
>__alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order,
>						struct alloc_context *ac)
>{
>	...
>	/*
>	 * Make sure that __GFP_NOFAIL request doesn't leak out and make sure
>	 * we always retry
>	 */
>	if (gfp_mask & __GFP_NOFAIL) {
>		/*
>		 * All existing users of the __GFP_NOFAIL are blockable, so warn
>		 * of any new users that actually require GFP_NOWAIT
>		 */
>		if (WARN_ON_ONCE_GFP(!can_direct_reclaim, gfp_mask))
>			goto fail;
>		...
>	}
>	...
>fail:
>	warn_alloc(gfp_mask, ac->nodemask,
>			"page allocation failure: order:%u", order);
>got_pg:
>	return page;
>}
>
>Highlight this in the documentation of __GFP_NOFAIL so that non-mm
>subsystems can reject any illegal usage of __GFP_NOFAIL with
>GFP_ATOMIC, GFP_NOWAIT, etc.
>

Acked-by: Davidlohr Bueso <dave@stgolabs.net>

diff --git a/include/linux/gfp_types.h b/include/linux/gfp_types.h
index 313be4ad79fd..0dad2c7914be 100644
--- a/include/linux/gfp_types.h
+++ b/include/linux/gfp_types.h
@@ -246,6 +246,8 @@  enum {
  * cannot handle allocation failures. The allocation could block
  * indefinitely but will never return with failure. Testing for
  * failure is pointless.
+ * It _must_ be blockable and used together with __GFP_DIRECT_RECLAIM.
+ * It should _never_ be used in non-sleepable contexts.
  * New users should be evaluated carefully (and the flag should be
  * used only when there is no reasonable failure policy) but it is
  * definitely preferable to use the flag rather than opencode endless

[2/5] mm: Document __GFP_NOFAIL must be blockable

Commit Message

Comments

Patch