On Thu, Mar 02, 2017 at 11:35:20AM +0100, Michal Hocko wrote: > On Thu 02-03-17 19:04:48, Tetsuo Handa wrote: > [...] > > So, commit 5d17a73a2ebeb8d1("vmalloc: back off when the current task is > > killed") implemented __GFP_KILLABLE flag and automatically applied that > > flag. As a result, those who are not ready to fail upon SIGKILL are > > confused. ;-) > > You are right! The function is documented it might fail but the code > doesn't really allow that. This seems like a bug to me. What do you > think about the following? > --- > From d02cb0285d8ce3344fd64dc7e2912e9a04bef80d Mon Sep 17 00:00:00 2001 > From: Michal Hocko <mhocko@xxxxxxxx> > Date: Thu, 2 Mar 2017 11:31:11 +0100 > Subject: [PATCH] xfs: allow kmem_zalloc_greedy to fail > > Even though kmem_zalloc_greedy is documented it might fail the current > code doesn't really implement this properly and loops on the smallest > allowed size for ever. This is a problem because vzalloc might fail > permanently. Since 5d17a73a2ebe ("vmalloc: back off when the current > task is killed") such a failure is much more probable than it used to > be. Fix this by bailing out if the minimum size request failed. > > This has been noticed by a hung generic/269 xfstest by Xiong Zhou. > > Reported-by: Xiong Zhou <xzhou@xxxxxxxxxx> > Analyzed-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: Michal Hocko <mhocko@xxxxxxxx> > --- > fs/xfs/kmem.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/fs/xfs/kmem.c b/fs/xfs/kmem.c > index 339c696bbc01..ee95f5c6db45 100644 > --- a/fs/xfs/kmem.c > +++ b/fs/xfs/kmem.c > @@ -34,6 +34,8 @@ kmem_zalloc_greedy(size_t *size, size_t minsize, size_t maxsize) > size_t kmsize = maxsize; > > while (!(ptr = vzalloc(kmsize))) { > + if (kmsize == minsize) > + break; > if ((kmsize >>= 1) <= minsize) > kmsize = minsize; > } More consistent with the rest of the kmem code might be to accept a flags argument and do something like this based on KM_MAYFAIL. The one current caller looks like it would pass it, but I suppose we'd still need a mechanism to break out should a new caller not pass that flag. Would a fatal_signal_pending() check in the loop as well allow us to break out in the scenario that is reproduced here? Brian > -- > 2.11.0 > > -- > Michal Hocko > SUSE Labs > > -- > To unsubscribe, send a message with 'unsubscribe linux-mm' in > the body to majordomo@xxxxxxxxx. For more info on Linux MM, > see: http://www.linux-mm.org/ . > Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a> -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>