On Fri, Aug 28, 2020 at 03:25:46PM +0100, Matthew Wilcox wrote:
> If I understand truncate of a shmem THP correctly ...
>
> Let's suppose the file has a single 2MB page at index 0, and is being
> truncated down to 7 bytes in size.
>
> shmem_setattr()
> i_size_write(7);
> shmem_truncate_range(7, -1);
> shmem_undo_range(7, -1)
> start = 1;
> page = &head[1];
> shmem_punch_compound();
> split_huge_page()
> end = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE); # == 1
> __split_huge_page(..., 1, ...);
> __delete_from_page_cache(&head[1], ...);
> truncate_inode_page(page);
> delete_from_page_cache(page)
> __delete_from_page_cache(&head[1])
>
> I think the solution is to call truncate_inode_page() from within
> shmem_punch_compound() if we don't call split_huge_page(). I came across
> this while reusing all this infrastructure for the XFS THP patchset,
> so I'm not in a great position to test this patch.
Oh, this works for truncate, but not hole-punch. __split_huge_page()
won't call __delete_from_page_cache() for pages below the end of the
file. So maybe this instead?
It's a bit cheesy ... maybe split_huge_page() could return 1 to indicate
that it actually disposed of the page passed in?
+++ b/mm/shmem.c
@@ -827,7 +827,7 @@ static bool shmem_punch_compound(struct page *page, pgoff_t start, pgoff_t end)
return true;
/* Try to split huge page, so we can truly punch the hole or truncate */
- return split_huge_page(page) >= 0;
+ return split_huge_page(page) >= 0 && end < -1;
}
/*
