• Jason Wang's avatar
    vduse: avoid using __GFP_NOFAIL · 955abe0a
    Jason Wang authored
    Patch series "mm/vdpa: correct misuse of non-direct-reclaim __GFP_NOFAIL
    and improve related doc and warn", v4.
    
    __GFP_NOFAIL carries the semantics of never failing, so its callers do not
    check the return value:
    
      %__GFP_NOFAIL: The VM implementation _must_ retry infinitely: the caller
      cannot handle allocation failures. The allocation could block
      indefinitely but will never return with failure. Testing for
      failure is pointless.
    
    However, __GFP_NOFAIL can sometimes fail if it exceeds size limits or is
    used with GFP_ATOMIC/GFP_NOWAIT in a non-sleepable context.  This patchset
    handles illegal using __GFP_NOFAIL together with GFP_ATOMIC lacking
    __GFP_DIRECT_RECLAIM(without this, we can't do anything to reclaim memory
    to satisfy the nofail requirement) and improve related document and
    warnings.
    
    The proper size limits for __GFP_NOFAIL will be handled separately after
    more discussions.
    
    
    This patch (of 3):
    
    mm doesn't support non-blockable __GFP_NOFAIL allocation.  Because
    persisting in providing __GFP_NOFAIL services for non-block users who
    cannot perform direct memory reclaim may only result in an endless busy
    loop.
    
    Therefore, in such cases, the current mm-core may directly return a NULL
    pointer:
    
    static inline struct page *
    __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order,
                                                    struct alloc_context *ac)
    {
            ...
            if (gfp_mask & __GFP_NOFAIL) {
                    /*
                     * All existing users of the __GFP_NOFAIL are blockable, so warn
                     * of any new users that actually require GFP_NOWAIT
                     */
                    if (WARN_ON_ONCE_GFP(!can_direct_reclaim, gfp_mask))
                            goto fail;
                    ...
            }
            ...
    fail:
            warn_alloc(gfp_mask, ac->nodemask,
                            "page allocation failure: order:%u", order);
    got_pg:
            return page;
    }
    
    Unfortuantely, vpda does that nofail allocation under non-sleepable lock. 
    A possible way to fix that is to move the pages allocation out of the lock
    into the caller, but having to allocate a huge number of pages and
    auxiliary page array seems to be problematic as well per Tetsuon: " You
    should implement proper error handling instead of using __GFP_NOFAIL if
    count can become large."
    
    So I chose another way, which does not release kernel bounce pages when
    user tries to register userspace bounce pages.  Then we can avoid
    allocating in paths where failure is not expected.(e.g in the release). 
    We pay this for more memory usage as we don't release kernel bounce pages
    but further optimizations could be done on top.
    
    [v-songbaohua@oppo.com: Refine the changelog]
    Link: https://lkml.kernel.org/r/20240830202823.21478-1-21cnbao@gmail.com
    Link: https://lkml.kernel.org/r/20240830202823.21478-2-21cnbao@gmail.com
    Fixes: 6c77ed22 ("vduse: Support using userspace pages as bounce buffer")
    Signed-off-by: default avatarBarry Song <v-songbaohua@oppo.com>
    Reviewed-by: default avatarXie Yongji <xieyongji@bytedance.com>
    Tested-by: default avatarXie Yongji <xieyongji@bytedance.com>
    Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
    Cc: Christoph Hellwig <hch@infradead.org>
    Cc: Christoph Lameter <cl@linux.com>
    Cc: David Hildenbrand <david@redhat.com>
    Cc: David Rientjes <rientjes@google.com>
    Cc: Hailong.Liu <hailong.liu@oppo.com>
    Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
    Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Michal Hocko <mhocko@suse.com>
    Cc: Pekka Enberg <penberg@kernel.org>
    Cc: Roman Gushchin <roman.gushchin@linux.dev>
    Cc: Uladzislau Rezki (Sony) <urezki@gmail.com>
    Cc: Vlastimil Babka <vbabka@suse.cz>
    Cc: Yafang Shao <laoar.shao@gmail.com>
    Cc: Christoph Hellwig <hch@lst.de>
    Cc: Davidlohr Bueso <dave@stgolabs.net>
    Cc: "Eugenio Pérez" <eperezma@redhat.com>
    Cc: Kees Cook <kees@kernel.org>
    Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
    Cc: Maxime Coquelin <maxime.coquelin@redhat.com>
    Cc: "Michael S. Tsirkin" <mst@redhat.com>
    Cc: Xuan Zhuo <xuanzhuo@linux.alibaba.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    955abe0a
iova_domain.c 15.6 KB