On 3/17/20 4:47 AM, Pingfan Liu wrote:
FOLL_LONGTERM is a special case of FOLL_PIN. It suggests a pin which is going to be given to hardware and can't move. It would truncate CMA permanently and should be excluded. In gup slow path, slow path, where
s/slow path, slow path/slow path/
__gup_longterm_locked->check_and_migrate_cma_pages() handles FOLL_LONGTERM, but in fast path, there lacks such a check, which means a possible leak of CMA page to longterm pinned. Place a check in try_grab_compound_head() in the fast path to fix the leak, and if FOLL_LONGTERM happens on CMA, it will fall back to slow path to migrate the page. Some note about the check: Huge page's subpages have the same migrate type due to either allocation from a free_list[] or alloc_contig_range() with param MIGRATE_MOVABLE. So it is enough to check on a single subpage by is_migrate_cma_page(subpage) Signed-off-by: Pingfan Liu <kernelfans@xxxxxxxxx> Cc: Ira Weiny <ira.weiny@xxxxxxxxx> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Cc: Mike Rapoport <rppt@xxxxxxxxxxxxx> Cc: Dan Williams <dan.j.williams@xxxxxxxxx> Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx> Cc: John Hubbard <jhubbard@xxxxxxxxxx> Cc: "Aneesh Kumar K.V" <aneesh.kumar@xxxxxxxxxxxxx> Cc: Christoph Hellwig <hch@xxxxxxxxxxxxx> Cc: Shuah Khan <shuah@xxxxxxxxxx> Cc: Jason Gunthorpe <jgg@xxxxxxxx> To: linux-mm@xxxxxxxxx Cc: linux-kernel@xxxxxxxxxxxxxxx --- v6 -> v7: fix coding style issue mm/gup.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/mm/gup.c b/mm/gup.c index 9df77b1..0a536d7 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -89,6 +89,15 @@ static __maybe_unused struct page *try_grab_compound_head(struct page *page, int orig_refs = refs; /* + * Huge page's subpages have the same migrate type due to either + * allocation from a free_list[] or alloc_contig_range() with + * param MIGRATE_MOVABLE. So it is enough to check on a subpage. + */
Urggh, this comment is fine in the commit description, but at this location in the code it is completely incomprehensible! Instead of an extremely far-removed tidbit about interactions between CMA and huge pages, this comment should be explaining why we bail out early in the specific case of FOLL_PIN + FOLL_LONGTERM. And we don't bail out for FOLL_GET + FOLL_LONGTERM... I'm expect it is something like: /* * We can't do FOLL_LONGTERM + FOLL_PIN with CMA in the gup fast * path, so fail and let the caller fall back to the slow path. */ ...approximately. Right?
+ if (unlikely(flags & FOLL_LONGTERM) && + is_migrate_cma_page(page)) + return NULL; + + /* * When pinning a compound page of order > 1 (which is what * hpage_pincount_available() checks for), use an exact count to * track it, via hpage_pincount_add/_sub(). -- 2.7.5
thanks, -- John Hubbard NVIDIA
