On Mon, Jan 21, 2019 at 10:55:36AM -0500, Jerome Glisse wrote: > On Mon, Jan 21, 2019 at 03:57:01PM +0800, Peter Xu wrote: > > The idea comes from a discussion between Linus and Andrea [1]. > > > > Before this patch we only allow a page fault to retry once. We achieved > > this by clearing the FAULT_FLAG_ALLOW_RETRY flag when doing > > handle_mm_fault() the second time. This was majorly used to avoid > > unexpected starvation of the system by looping over forever to handle > > the page fault on a single page. However that should hardly happen, and > > after all for each code path to return a VM_FAULT_RETRY we'll first wait > > for a condition (during which time we should possibly yield the cpu) to > > happen before VM_FAULT_RETRY is really returned. > > > > This patch removes the restriction by keeping the FAULT_FLAG_ALLOW_RETRY > > flag when we receive VM_FAULT_RETRY. It means that the page fault > > handler now can retry the page fault for multiple times if necessary > > without the need to generate another page fault event. Meanwhile we > > still keep the FAULT_FLAG_TRIED flag so page fault handler can still > > identify whether a page fault is the first attempt or not. > > So there is nothing protecting starvation after this patch ? AFAICT. > Do we sufficient proof that we never have a scenario where one process > might starve fault another ? > > For instance some page locking could starve one process. Hi, Jerome, Do you mean lock_page()? AFAIU lock_page() will only yield the process itself until the lock is released, so IMHO it's not really starving the process but a natural behavior. After all the process may not continue without handling the page fault correctly. Or when you say "starvation" do you mean that we might return VM_FAULT_RETRY from handle_mm_fault() continuously so we'll looping over and over inside the page fault handler? Thanks, > > > > > > GUP code is not touched yet and will be covered in follow up patch. > > > > This will be a nice enhancement for current code at the same time a > > supporting material for the future userfaultfd-writeprotect work since > > in that work there will always be an explicit userfault writeprotect > > retry for protected pages, and if that cannot resolve the page > > fault (e.g., when userfaultfd-writeprotect is used in conjunction with > > shared memory) then we'll possibly need a 3rd retry of the page fault. > > It might also benefit other potential users who will have similar > > requirement like userfault write-protection. > > > > Please read the thread below for more information. > > > > [1] https://lkml.org/lkml/2017/11/2/833 > > > > Suggested-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > > Suggested-by: Andrea Arcangeli <aarcange@xxxxxxxxxx> > > Signed-off-by: Peter Xu <peterx@xxxxxxxxxx> > > --- Regards, -- Peter Xu
