• Hugh Dickins's avatar
    tmpfs: quit when fallocate fills memory · 1aac1400
    Hugh Dickins authored
    As it stands, a large fallocate() on tmpfs is liable to fill memory with
    pages, freed on failure except when they run into swap, at which point
    they become fixed into the file despite the failure.  That feels quite
    wrong, to be consuming resources precisely when they're in short supply.
    
    Go the other way instead: shmem_fallocate() indicate the range it has
    fallocated to shmem_writepage(), keeping count of pages it's allocating;
    shmem_writepage() reactivate instead of swapping out pages fallocated by
    this syscall (but happily swap out those from earlier occasions), keeping
    count; shmem_fallocate() compare counts and give up once the reactivated
    pages have started to coming back to writepage (approximately: some zones
    would in fact recycle faster than others).
    
    This is a little unusual, but works well: although we could consider the
    failure to swap as a bug, and fix it later with SWAP_MAP_FALLOC handling
    added in swapfile.c and memcontrol.c, I doubt that we shall ever want to.
    
    (If there's no swap, an over-large fallocate() on tmpfs is limited in the
    same way as writing: stopped by rlimit, or by tmpfs mount size if that was
    set sensibly, or by __vm_enough_memory() heuristics if OVERCOMMIT_GUESS or
    OVERCOMMIT_NEVER.  If OVERCOMMIT_ALWAYS, then it is liable to OOM-kill
    others as writing would, but stops and frees if interrupted.)
    
    Now that everything is freed on failure, we can then skip updating ctime.
    Signed-off-by: default avatarHugh Dickins <hughd@google.com>
    Cc: Christoph Hellwig <hch@infradead.org>
    Cc: Cong Wang <amwang@redhat.com>
    Cc: Kay Sievers <kay@vrfy.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    1aac1400
shmem.c 75.4 KB